diff options
author | Bjørn Christian Seime <bjorncs@vespa.ai> | 2024-06-05 09:06:29 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@vespa.ai> | 2024-06-05 09:06:29 +0200 |
commit | 24eaf25b84dee5db85aba118dc0dbb5c9327a684 (patch) | |
tree | c8c85fecc1abd6af9352b2f9b335b96ae654861d | |
parent | efac4184dd2dd247f4b1c750c9ef9f9a99eff62c (diff) |
Control content logging through feature flag
5 files changed, 19 insertions, 3 deletions
diff --git a/config-model-api/abi-spec.json b/config-model-api/abi-spec.json index 1aaaf64852a..5833662ff66 100644 --- a/config-model-api/abi-spec.json +++ b/config-model-api/abi-spec.json @@ -1388,7 +1388,8 @@ "public java.util.Optional cloudAccount()", "public boolean allowUserFilters()", "public java.time.Duration endpointConnectionTtl()", - "public java.util.List dataplaneTokens()" + "public java.util.List dataplaneTokens()", + "public java.util.List requestPrefixForLoggingContent()" ], "fields" : [ ] }, diff --git a/config-model-api/src/main/java/com/yahoo/config/model/api/ModelContext.java b/config-model-api/src/main/java/com/yahoo/config/model/api/ModelContext.java index 89041ce8242..b4c101600da 100644 --- a/config-model-api/src/main/java/com/yahoo/config/model/api/ModelContext.java +++ b/config-model-api/src/main/java/com/yahoo/config/model/api/ModelContext.java @@ -174,6 +174,8 @@ public interface ModelContext { default List<DataplaneToken> dataplaneTokens() { return List.of(); } + default List<String> requestPrefixForLoggingContent() { return List.of(); } + } @Retention(RetentionPolicy.RUNTIME) diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java b/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java index 5f824950ecd..571b1c67960 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java @@ -28,6 +28,7 @@ public class HostedSslConnectorFactory extends ConnectorFactory { private final List<String> remoteAddressHeaders; private final List<String> remotePortHeaders; private final Set<String> knownServerNames; + private final Set<String> requestPrefixForLoggingContent; public static Builder builder(String name, int listenPort) { return new Builder(name, listenPort); } @@ -40,6 +41,7 @@ public class HostedSslConnectorFactory extends ConnectorFactory { this.remoteAddressHeaders = List.copyOf(builder.remoteAddressHeaders); this.remotePortHeaders = List.copyOf(builder.remotePortHeaders); this.knownServerNames = Collections.unmodifiableSet(new TreeSet<>(builder.knownServerNames)); + this.requestPrefixForLoggingContent = Collections.unmodifiableSet(new TreeSet<>(builder.requestPrefixForLoggingContent)); } private static SslProvider createSslProvider(Builder builder) { @@ -73,7 +75,8 @@ public class HostedSslConnectorFactory extends ConnectorFactory { .maxConnectionLife(endpointConnectionTtl != null ? endpointConnectionTtl.toSeconds() : 0) .accessLog(new ConnectorConfig.AccessLog.Builder() .remoteAddressHeaders(remoteAddressHeaders) - .remotePortHeaders(remotePortHeaders)) + .remotePortHeaders(remotePortHeaders) + .contentPathPrefixes(requestPrefixForLoggingContent)) .serverName.known(knownServerNames); } @@ -93,6 +96,7 @@ public class HostedSslConnectorFactory extends ConnectorFactory { String tlsCaCertificatesPath; boolean tokenEndpoint; Set<String> knownServerNames = Set.of(); + Set<String> requestPrefixForLoggingContent = Set.of(); private Builder(String name, int port) { this.name = name; this.port = port; } public Builder clientAuth(SslClientAuth auth) { clientAuth = auth; return this; } @@ -106,6 +110,7 @@ public class HostedSslConnectorFactory extends ConnectorFactory { public Builder remoteAddressHeader(String header) { this.remoteAddressHeaders.add(header); return this; } public Builder remotePortHeader(String header) { this.remotePortHeaders.add(header); return this; } public Builder knownServerNames(Set<String> knownServerNames) { this.knownServerNames = Set.copyOf(knownServerNames); return this; } + public Builder requestPrefixForLoggingContent(Collection<String> v) { this.requestPrefixForLoggingContent = Set.copyOf(v); return this; } public HostedSslConnectorFactory build() { return new HostedSslConnectorFactory(this); } } } diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java b/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java index 4983b36bee1..d3f5407b0f9 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java @@ -607,7 +607,8 @@ public class ContainerModelBuilder extends ConfigModelBuilder<ContainerModel> { var builder = HostedSslConnectorFactory.builder(serverName, getMtlsDataplanePort(state)) .proxyProtocol(state.zone().cloud().useProxyProtocol()) .tlsCiphersOverride(state.getProperties().tlsCiphersOverride()) - .endpointConnectionTtl(state.getProperties().endpointConnectionTtl()); + .endpointConnectionTtl(state.getProperties().endpointConnectionTtl()) + .requestPrefixForLoggingContent(state.getProperties().requestPrefixForLoggingContent()); var endpointCert = state.endpointCertificateSecrets().orElse(null); if (endpointCert != null) { builder.endpointCertificate(endpointCert); @@ -670,6 +671,7 @@ public class ContainerModelBuilder extends ConfigModelBuilder<ContainerModel> { .remotePortHeader("X-Forwarded-Port") .clientAuth(SslClientAuth.NEED) .knownServerNames(tokenEndpoints) + .requestPrefixForLoggingContent(state.getProperties().requestPrefixForLoggingContent()) .build(); server.addConnector(connector); diff --git a/flags/src/main/java/com/yahoo/vespa/flags/PermanentFlags.java b/flags/src/main/java/com/yahoo/vespa/flags/PermanentFlags.java index 52fb3854324..fb807d186eb 100644 --- a/flags/src/main/java/com/yahoo/vespa/flags/PermanentFlags.java +++ b/flags/src/main/java/com/yahoo/vespa/flags/PermanentFlags.java @@ -455,6 +455,12 @@ public class PermanentFlags { HOSTNAME ); + public static final UnboundListFlag<String> LOG_REQUEST_CONTENT = defineListFlag( + "log-request-content", List.of(), String.class, + "Include request content in access log for paths starting with any of these prefixes", + "Takes effect on next redeployment", + INSTANCE_ID); + private PermanentFlags() {} private static UnboundBooleanFlag defineFeatureFlag( |