envoy: add separate proxy log level option (#689)

2025-08-06 10:21:05 +02:00 · 2020-05-11 18:00:11 -06:00 · 2020-05-11 18:00:11 -06:00 · 352c2b851b
commit 352c2b851b
parent af649d3eb0
7 changed files with 52 additions and 10 deletions
--- a/config/options.go
+++ b/config/options.go
@ -43,6 +43,10 @@ type Options struct {
 	// Possible options are "info","warn", and "error". Defaults to "debug".
 	LogLevel string `mapstructure:"log_level" yaml:"log_level,omitempty"`
 	// ProxyLogLevel sets the log level for the proxy service.
 	// Possible options are "info","warn", and "error". Defaults to the value of `LogLevel`.
 	ProxyLogLevel string `mapstructure:"proxy_log_level" yaml:"proxy_log_level,omitempty"`
 	// SharedKey is the shared secret authorization key used to mutually authenticate
 	// requests between services.
 	SharedKey string `mapstructure:"shared_secret" yaml:"shared_secret,omitempty"`
--- a/docs/configuration/readme.md
+++ b/docs/configuration/readme.md
@ -110,6 +110,16 @@ If `false`
 Log level sets the global logging level for pomerium. Only logs of the desired level and above will be logged.
 ### Proxy Log Level
 - Environmental Variable: `PROXY_LOG_LEVEL`
 - Config File Key: `proxy_log_level`
 - Type: `string`
 - Options: `debug` `info` `warn` `error`
 - Default: value of `log_level` or `debug` if both are unset
 Log level sets the logging level for the pomerium proxy service. Only logs of the desired level and above will be logged.
 ### Insecure Server
 - Environmental Variable: `INSECURE_SERVER`
--- a/internal/controlplane/grpc_accesslog.go
+++ b/internal/controlplane/grpc_accesslog.go
@ -2,6 +2,7 @@ package controlplane
 import (
 	envoy_service_accesslog_v2 "github.com/envoyproxy/go-control-plane/envoy/service/accesslog/v2"
 	"github.com/pomerium/pomerium/internal/log"
 )
--- a/internal/controlplane/grpc_xds.go
+++ b/internal/controlplane/grpc_xds.go
@ -7,8 +7,9 @@ import (
 	"fmt"
 	envoy_service_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3"
 	"github.com/pomerium/pomerium/internal/log"
 	"golang.org/x/sync/errgroup"
 	"github.com/pomerium/pomerium/internal/log"
 )
 func (srv *Server) registerXDSHandlers() {
@ -91,7 +92,7 @@ func (srv *Server) streamAggregatedResourcesProcessStep(
 			return ctx.Err()
 		}
-		current := srv.currentConfig.Load().(versionedOptions)
+		current := srv.currentConfig.Load()
 		for typeURL, version := range versions {
 			// the versions are different, so the envoy config needs to be updated
 			if version != fmt.Sprint(current.version) {
--- a/internal/controlplane/server.go
+++ b/internal/controlplane/server.go
@ -21,6 +21,18 @@ type versionedOptions struct {
 	version int64
 }
 type atomicVersionedOptions struct {
 	value atomic.Value
 }
 func (avo *atomicVersionedOptions) Load() versionedOptions {
 	return avo.value.Load().(versionedOptions)
 }
 func (avo *atomicVersionedOptions) Store(options versionedOptions) {
 	avo.value.Store(options)
 }
 // A Server is the control-plane gRPC and HTTP servers.
 type Server struct {
 	GRPCListener net.Listener
@ -28,7 +40,7 @@ type Server struct {
 	HTTPListener net.Listener
 	HTTPRouter   *mux.Router
-	currentConfig atomic.Value
+	currentConfig atomicVersionedOptions
 	configUpdated chan struct{}
 }
@ -129,7 +141,7 @@ func (srv *Server) UpdateOptions(options config.Options) error {
 	case <-srv.configUpdated:
 	default:
 	}
-	prev := srv.currentConfig.Load().(versionedOptions)
+	prev := srv.currentConfig.Load()
 	srv.currentConfig.Store(versionedOptions{
 		Options: options,
 		version: prev.version + 1,
--- a/internal/controlplane/xds.go
+++ b/internal/controlplane/xds.go
@ -56,7 +56,22 @@ func (srv *Server) buildDiscoveryResponse(version string, typeURL string, option
 	}
 }
-func (srv *Server) buildAccessLog() *envoy_config_accesslog_v3.AccessLog {
+func (srv *Server) buildAccessLogs(options config.Options) []*envoy_config_accesslog_v3.AccessLog {
 	lvl := options.ProxyLogLevel
 	if lvl == "" {
 		lvl = options.LogLevel
 	}
 	if lvl == "" {
 		lvl = "debug"
 	}
 	switch lvl {
 	case "trace", "debug", "info":
 	default:
 		// don't log access requests for levels > info
 		return nil
 	}
 	tc, _ := ptypes.MarshalAny(&envoy_extensions_access_loggers_grpc_v3.HttpGrpcAccessLogConfig{
 		CommonConfig: &envoy_extensions_access_loggers_grpc_v3.CommonGrpcAccessLogConfig{
 			LogName: "ingress-http",
@ -69,10 +84,10 @@ func (srv *Server) buildAccessLog() *envoy_config_accesslog_v3.AccessLog {
 			},
 		},
 	})
-	return &envoy_config_accesslog_v3.AccessLog{
+	return []*envoy_config_accesslog_v3.AccessLog{{
 		Name:       "envoy.access_loggers.http_grpc",
 		ConfigType: &envoy_config_accesslog_v3.AccessLog_TypedConfig{TypedConfig: tc},
-	}
+	}}
 }
 func buildAddress(hostport string, defaultPort int) *envoy_config_core_v3.Address {
--- a/internal/controlplane/xds_listeners.go
+++ b/internal/controlplane/xds_listeners.go
@ -4,7 +4,6 @@ import (
 	"encoding/base64"
 	"sort"
 	envoy_config_accesslog_v3 "github.com/envoyproxy/go-control-plane/envoy/config/accesslog/v3"
 	envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
 	envoy_config_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3"
 	envoy_config_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3"
@ -149,7 +148,7 @@ end
 				Name: "envoy.filters.http.router",
 			},
 		},
-		AccessLog: []*envoy_config_accesslog_v3.AccessLog{srv.buildAccessLog()},
+		AccessLog: srv.buildAccessLogs(options),
 	})
 	li := &envoy_config_listener_v3.Listener{