feat: configurable health endpoints access logging (#1934)

This PR introduces a new boolean configuration parameter that allows turning off logging of health endpoints requests in the access log. The implementation is basically a rip-off from Ory Hydra and the configuration parameter is the same: ``` serve.public.request_log.disable_for_health serve.admin.request_log.disable_for_health ``` The default value is _false_. Co-authored-by: hackerman <[email protected]>
ory · Nov 8, 2021 · 1301f68 · 1301f68
1 parent cf1714d
commit 1301f68
Show file tree

Hide file tree

Showing 3 changed files with 50 additions and 2 deletions.
diff --git a/cmd/daemon/serve.go b/cmd/daemon/serve.go
@@ -82,7 +82,14 @@ func ServePublic(r driver.Registry, wg *sync.WaitGroup, cmd *cobra.Command, args
 	for _, mw := range modifiers.mwf {
 		n.UseFunc(mw)
 	}
-	n.Use(reqlog.NewMiddlewareFromLogger(l, "public#"+c.SelfPublicURL(nil).String()))
+	publicLogger := reqlog.NewMiddlewareFromLogger(
+		l,
+		"public#"+c.SelfPublicURL(nil).String(),
+	)
+	if r.Config(ctx).DisablePublicHealthRequestLog() {
+		publicLogger.ExcludePaths(healthx.AliveCheckPath, healthx.ReadyCheckPath)
+	}
+	n.Use(publicLogger)
 	n.Use(sqa(ctx, cmd, r))
 	n.Use(r.PrometheusManager())
 
@@ -147,7 +154,14 @@ func ServeAdmin(r driver.Registry, wg *sync.WaitGroup, cmd *cobra.Command, args
 	for _, mw := range modifiers.mwf {
 		n.UseFunc(mw)
 	}
-	n.Use(reqlog.NewMiddlewareFromLogger(l, "admin#"+c.SelfPublicURL(nil).String()))
+	adminLogger := reqlog.NewMiddlewareFromLogger(
+		l,
+		"admin#"+c.SelfPublicURL(nil).String(),
+	)
+	if r.Config(ctx).DisableAdminHealthRequestLog() {
+		adminLogger.ExcludePaths(healthx.AliveCheckPath, healthx.ReadyCheckPath)
+	}
+	n.Use(adminLogger)
 	n.Use(sqa(ctx, cmd, r))
 	n.Use(r.PrometheusManager())
 

diff --git a/driver/config/config.go b/driver/config/config.go
@@ -64,6 +64,7 @@ const (
 	ViperKeySecretsDefault                                   = "secrets.default"
 	ViperKeySecretsCookie                                    = "secrets.cookie"
 	ViperKeySecretsCipher                                    = "secrets.cipher"
+	ViperKeyDisablePublicHealthRequestLog                    = "serve.public.request_log.disable_for_health"
 	ViperKeyPublicBaseURL                                    = "serve.public.base_url"
 	ViperKeyPublicDomainAliases                              = "serve.public.domain_aliases"
 	ViperKeyPublicPort                                       = "serve.public.port"
@@ -75,6 +76,7 @@ const (
 	ViperKeyPublicTLSKeyBase64                               = "serve.public.tls.key.base64"
 	ViperKeyPublicTLSCertPath                                = "serve.public.tls.cert.path"
 	ViperKeyPublicTLSKeyPath                                 = "serve.public.tls.key.path"
+	ViperKeyDisableAdminHealthRequestLog                     = "serve.admin.request_log.disable_for_health"
 	ViperKeyAdminBaseURL                                     = "serve.admin.base_url"
 	ViperKeyAdminPort                                        = "serve.admin.port"
 	ViperKeyAdminHost                                        = "serve.admin.host"
@@ -697,6 +699,10 @@ func (p *Config) baseURL(keyURL, keyHost, keyPort string, defaultPort int) *url.
 	return p.guessBaseURL(keyHost, keyPort, defaultPort)
 }
 
+func (p *Config) DisablePublicHealthRequestLog() bool {
+	return p.p.Bool(ViperKeyDisablePublicHealthRequestLog)
+}
+
 type DomainAlias struct {
 	BasePath    string `json:"base_path"`
 	Scheme      string `json:"scheme"`
@@ -749,6 +755,10 @@ func (p *Config) SelfPublicURL(r *http.Request) *url.URL {
 	return primary
 }
 
+func (p *Config) DisableAdminHealthRequestLog() bool {
+	return p.p.Bool(ViperKeyDisableAdminHealthRequestLog)
+}
+
 func (p *Config) SelfAdminURL() *url.URL {
 	return p.baseURL(ViperKeyAdminBaseURL, ViperKeyAdminHost, ViperKeyAdminPort, 4434)
 }

diff --git a/embedx/config.schema.json b/embedx/config.schema.json
@@ -1350,6 +1350,18 @@
         "admin": {
           "type": "object",
           "properties": {
+            "request_log": {
+              "type": "object",
+              "properties": {
+                "disable_for_health": {
+                  "title": "Disable health endpoints request logging",
+                  "description": "Disable request logging for /health/alive and /health/ready endpoints",
+                  "type": "boolean",
+                  "default": false
+                }
+              },
+              "additionalProperties": false
+            },
             "base_url": {
               "title": "Admin Base URL",
               "description": "The URL where the admin endpoint is exposed at.",
@@ -1388,6 +1400,18 @@
         "public": {
           "type": "object",
           "properties": {
+            "request_log": {
+              "type": "object",
+              "properties": {
+                "disable_for_health": {
+                  "title": "Disable health endpoints request logging",
+                  "description": "Disable request logging for /health/alive and /health/ready endpoints",
+                  "type": "boolean",
+                  "default": false
+                }
+              },
+              "additionalProperties": false
+            },
             "cors": {
               "type": "object",
               "additionalProperties": false,