Control content logging through feature flag

author: Bjørn Christian Seime <bjorncs@vespa.ai> 2024-06-05 09:06:29 +0200
committer: Bjørn Christian Seime <bjorncs@vespa.ai> 2024-06-05 09:06:29 +0200
commit: 24eaf25b84dee5db85aba118dc0dbb5c9327a684 (patch)
tree: c8c85fecc1abd6af9352b2f9b335b96ae654861d
parent: efac4184dd2dd247f4b1c750c9ef9f9a99eff62c (diff)
5 files changed, 19 insertions, 3 deletions
diff --git a/config-model-api/abi-spec.json b/config-model-api/abi-spec.json
index 1aaaf64852a..5833662ff66 100644
--- a/config-model-api/abi-spec.json
+++ b/config-model-api/abi-spec.json
@@ -1388,7 +1388,8 @@
       "public java.util.Optional cloudAccount()",
       "public boolean allowUserFilters()",
       "public java.time.Duration endpointConnectionTtl()",
-      "public java.util.List dataplaneTokens()"
+      "public java.util.List dataplaneTokens()",
+      "public java.util.List requestPrefixForLoggingContent()"
     ],
     "fields" : [ ]
   },
diff --git a/config-model-api/src/main/java/com/yahoo/config/model/api/ModelContext.java b/config-model-api/src/main/java/com/yahoo/config/model/api/ModelContext.java
index 89041ce8242..b4c101600da 100644
--- a/config-model-api/src/main/java/com/yahoo/config/model/api/ModelContext.java
+++ b/config-model-api/src/main/java/com/yahoo/config/model/api/ModelContext.java
@@ -174,6 +174,8 @@ public interface ModelContext {
 
         default List<DataplaneToken> dataplaneTokens() { return List.of(); }
 
+        default List<String> requestPrefixForLoggingContent() { return List.of(); }
+
     }
 
     @Retention(RetentionPolicy.RUNTIME)
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java b/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java
index 5f824950ecd..571b1c67960 100644
--- a/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java
+++ b/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java
@@ -28,6 +28,7 @@ public class HostedSslConnectorFactory extends ConnectorFactory {
     private final List<String> remoteAddressHeaders;
     private final List<String> remotePortHeaders;
     private final Set<String> knownServerNames;
+    private final Set<String> requestPrefixForLoggingContent;
 
     public static Builder builder(String name, int listenPort) { return new Builder(name, listenPort); }
 
@@ -40,6 +41,7 @@ public class HostedSslConnectorFactory extends ConnectorFactory {
         this.remoteAddressHeaders = List.copyOf(builder.remoteAddressHeaders);
         this.remotePortHeaders = List.copyOf(builder.remotePortHeaders);
         this.knownServerNames = Collections.unmodifiableSet(new TreeSet<>(builder.knownServerNames));
+        this.requestPrefixForLoggingContent = Collections.unmodifiableSet(new TreeSet<>(builder.requestPrefixForLoggingContent));
     }
 
     private static SslProvider createSslProvider(Builder builder) {
@@ -73,7 +75,8 @@ public class HostedSslConnectorFactory extends ConnectorFactory {
                 .maxConnectionLife(endpointConnectionTtl != null ? endpointConnectionTtl.toSeconds() : 0)
                 .accessLog(new ConnectorConfig.AccessLog.Builder()
                                   .remoteAddressHeaders(remoteAddressHeaders)
-                                  .remotePortHeaders(remotePortHeaders))
+                                  .remotePortHeaders(remotePortHeaders)
+                                  .contentPathPrefixes(requestPrefixForLoggingContent))
                 .serverName.known(knownServerNames);
 
     }
@@ -93,6 +96,7 @@ public class HostedSslConnectorFactory extends ConnectorFactory {
         String tlsCaCertificatesPath;
         boolean tokenEndpoint;
         Set<String> knownServerNames = Set.of();
+        Set<String> requestPrefixForLoggingContent = Set.of();
 
         private Builder(String name, int port) { this.name = name; this.port = port; }
         public Builder clientAuth(SslClientAuth auth) { clientAuth = auth; return this; }
@@ -106,6 +110,7 @@ public class HostedSslConnectorFactory extends ConnectorFactory {
         public Builder remoteAddressHeader(String header) { this.remoteAddressHeaders.add(header); return this; }
         public Builder remotePortHeader(String header) { this.remotePortHeaders.add(header); return this; }
         public Builder knownServerNames(Set<String> knownServerNames) { this.knownServerNames = Set.copyOf(knownServerNames); return this; }
+        public Builder requestPrefixForLoggingContent(Collection<String> v) { this.requestPrefixForLoggingContent = Set.copyOf(v); return this; }
         public HostedSslConnectorFactory build() { return new HostedSslConnectorFactory(this); }
     }
 }
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java b/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java
index 4983b36bee1..d3f5407b0f9 100644
--- a/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java
+++ b/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java
@@ -607,7 +607,8 @@ public class ContainerModelBuilder extends ConfigModelBuilder<ContainerModel> {
         var builder = HostedSslConnectorFactory.builder(serverName, getMtlsDataplanePort(state))
                 .proxyProtocol(state.zone().cloud().useProxyProtocol())
                 .tlsCiphersOverride(state.getProperties().tlsCiphersOverride())
-                .endpointConnectionTtl(state.getProperties().endpointConnectionTtl());
+                .endpointConnectionTtl(state.getProperties().endpointConnectionTtl())
+                .requestPrefixForLoggingContent(state.getProperties().requestPrefixForLoggingContent());
         var endpointCert = state.endpointCertificateSecrets().orElse(null);
         if (endpointCert != null) {
             builder.endpointCertificate(endpointCert);
@@ -670,6 +671,7 @@ public class ContainerModelBuilder extends ConfigModelBuilder<ContainerModel> {
                 .remotePortHeader("X-Forwarded-Port")
                 .clientAuth(SslClientAuth.NEED)
                 .knownServerNames(tokenEndpoints)
+                .requestPrefixForLoggingContent(state.getProperties().requestPrefixForLoggingContent())
                 .build();
         server.addConnector(connector);
 
diff --git a/flags/src/main/java/com/yahoo/vespa/flags/PermanentFlags.java b/flags/src/main/java/com/yahoo/vespa/flags/PermanentFlags.java
index 52fb3854324..fb807d186eb 100644
--- a/flags/src/main/java/com/yahoo/vespa/flags/PermanentFlags.java
+++ b/flags/src/main/java/com/yahoo/vespa/flags/PermanentFlags.java
@@ -455,6 +455,12 @@ public class PermanentFlags {
             HOSTNAME
     );
 
+    public static final UnboundListFlag<String> LOG_REQUEST_CONTENT = defineListFlag(
+            "log-request-content", List.of(), String.class,
+            "Include request content in access log for paths starting with any of these prefixes",
+            "Takes effect on next redeployment",
+            INSTANCE_ID);
+
     private PermanentFlags() {}
 
     private static UnboundBooleanFlag defineFeatureFlag(
author	Bjørn Christian Seime <bjorncs@vespa.ai>	2024-06-05 09:06:29 +0200
committer	Bjørn Christian Seime <bjorncs@vespa.ai>	2024-06-05 09:06:29 +0200
commit	24eaf25b84dee5db85aba118dc0dbb5c9327a684 (patch)
tree	c8c85fecc1abd6af9352b2f9b335b96ae654861d
parent	efac4184dd2dd247f4b1c750c9ef9f9a99eff62c (diff)