logger.go ExcludedPaths changed to slice of paths.

- `logger.go` convert slice of paths to map for quicker lookup - `options.go` combines csv paths and pingpath into slice
2019-06-22 09:39:46 +12:00 · 2019-06-22 09:39:46 +12:00 · 289dfce28a
parent 4e10cc76e0
commit 289dfce28a
5 changed files with 41 additions and 27 deletions
--- a/docs/configuration/configuration.md
+++ b/docs/configuration/configuration.md
@ -41,8 +41,9 @@ Usage of oauth2_proxy:
  -custom-templates-dir string: path to custom html templates
  -display-htpasswd-form: display username / password login form if an htpasswd file is provided (default true)
  -email-domain value: authenticate emails with the specified domain (may be given multiple times). Use * to authenticate any email
+<<<<<<< HEAD
  -extra-jwt-issuers: if -skip-jwt-bearer-tokens is set, a list of extra JWT issuer=audience pairs (where the issuer URL has a .well-known/openid-configuration or a .well-known/jwks.json)
-  -exclude-logging-path: don't log requests to this path, eg: /ping (default "" = no paths excluded)
+  -exclude-logging-paths: comma separated list of paths to exclude from logging, eg: "/ping,/path2" (default "" = no paths excluded)
  -flush-interval: period between flushing response buffers when streaming responses (default "1s")
  -banner string: custom banner string. Use "-" to disable default banner.
  -footer string: custom footer string. Use "-" to disable default footer.
@ -142,7 +143,7 @@ There are three different types of logging: standard, authentication, and HTTP r

 Each type of logging has their own configurable format and variables. By default these formats are similar to the Apache Combined Log.

-Logging of requests to the `/ping` endpoint can be disabled with `-silence-ping-logging` reducing log volume. This flag sets the `-exclude-logging-path` value to the `-ping-path` and takes precedence over any other value `-exclude-logging-path` may have been set to directly.
+Logging of requests to the `/ping` endpoint can be disabled with `-silence-ping-logging` reducing log volume. This flag appends the `-ping-path` to `-exclude-logging-paths`.

 ### Auth Log Format
 Authentication logs are logs which are guaranteed to contain a username or email address of a user attempting to authenticate. These logs are output by default in the below format:
--- a/logging_handler_test.go
+++ b/logging_handler_test.go
@ -19,16 +19,21 @@ func TestLoggingHandler_ServeHTTP(t *testing.T) {
 		Format,
 		ExpectedLogMessage,
 		Path string
-		ExcludePath string
+		ExcludePaths       []string
+		SilencePingLogging bool
 	}{
-		{logger.DefaultRequestLoggingFormat, fmt.Sprintf("127.0.0.1 - - [%s] test-server GET - \"/foo/bar\" HTTP/1.1 \"\" 200 4 0.000\n", logger.FormatTimestamp(ts)), "/foo/bar", ""},
-		{logger.DefaultRequestLoggingFormat, fmt.Sprintf("127.0.0.1 - - [%s] test-server GET - \"/foo/bar\" HTTP/1.1 \"\" 200 4 0.000\n", logger.FormatTimestamp(ts)), "/foo/bar", "/ping"},
-		{logger.DefaultRequestLoggingFormat, fmt.Sprintf("127.0.0.1 - - [%s] test-server GET - \"/ping\" HTTP/1.1 \"\" 200 4 0.000\n", logger.FormatTimestamp(ts)), "/ping", ""},
-		{logger.DefaultRequestLoggingFormat, "", "/ping", "/ping"},
-		{"{{.RequestMethod}}", "GET\n", "/foo/bar", ""},
-		{"{{.RequestMethod}}", "GET\n", "/foo/bar", "/ping"},
-		{"{{.RequestMethod}}", "GET\n", "/ping", ""},
-		{"{{.RequestMethod}}", "", "/ping", "/ping"},
+		{logger.DefaultRequestLoggingFormat, fmt.Sprintf("127.0.0.1 - - [%s] test-server GET - \"/foo/bar\" HTTP/1.1 \"\" 200 4 0.000\n", logger.FormatTimestamp(ts)), "/foo/bar", []string{}, false},
+		{logger.DefaultRequestLoggingFormat, fmt.Sprintf("127.0.0.1 - - [%s] test-server GET - \"/foo/bar\" HTTP/1.1 \"\" 200 4 0.000\n", logger.FormatTimestamp(ts)), "/foo/bar", []string{}, true},
+		{logger.DefaultRequestLoggingFormat, fmt.Sprintf("127.0.0.1 - - [%s] test-server GET - \"/foo/bar\" HTTP/1.1 \"\" 200 4 0.000\n", logger.FormatTimestamp(ts)), "/foo/bar", []string{"/ping"}, false},
+		{logger.DefaultRequestLoggingFormat, "", "/foo/bar", []string{"/foo/bar"}, false},
+		{logger.DefaultRequestLoggingFormat, "", "/ping", []string{}, true},
+		{logger.DefaultRequestLoggingFormat, "", "/ping", []string{"/ping"}, false},
+		{logger.DefaultRequestLoggingFormat, "", "/ping", []string{"/ping"}, true},
+		{logger.DefaultRequestLoggingFormat, "", "/ping", []string{"/foo/bar", "/ping"}, false},
+		{"{{.RequestMethod}}", "GET\n", "/foo/bar", []string{}, true},
+		{"{{.RequestMethod}}", "GET\n", "/foo/bar", []string{"/ping"}, false},
+		{"{{.RequestMethod}}", "GET\n", "/ping", []string{}, false},
+		{"{{.RequestMethod}}", "", "/ping", []string{"/ping"}, true},
 	}

 	for _, test := range tests {
@ -44,7 +49,10 @@ func TestLoggingHandler_ServeHTTP(t *testing.T) {

 		logger.SetOutput(buf)
 		logger.SetReqTemplate(test.Format)
-		logger.SetExcludePath(test.ExcludePath)
+		if test.SilencePingLogging {
+			test.ExcludePaths = append(test.ExcludePaths, "/ping")
+		}
+		logger.SetExcludePaths(test.ExcludePaths)
 		h := LoggingHandler(http.HandlerFunc(handler))

 		r, _ := http.NewRequest("GET", test.Path, nil)
--- a/main.go
+++ b/main.go
@ -99,7 +99,7 @@ func main() {

 	flagSet.Bool("request-logging", true, "Log HTTP requests")
 	flagSet.String("request-logging-format", logger.DefaultRequestLoggingFormat, "Template for HTTP request log lines")
-	flagSet.String("exclude-logging-path", "", "Exclude logging requests to path (eg: /ping)")
+	flagSet.String("exclude-logging-paths", "", "Exclude logging requests to paths (eg: '/path1,/path2,/path3')")
 	flagSet.Bool("silence-ping-logging", false, "Disable logging of requests to ping endpoint")

 	flagSet.Bool("auth-logging", true, "Log authentication attempts")
--- a/options.go
+++ b/options.go
@ -104,7 +104,7 @@ type Options struct {
 	StandardLoggingFormat string `flag:"standard-logging-format" cfg:"standard_logging_format" env:"OAUTH2_PROXY_STANDARD_LOGGING_FORMAT"`
 	RequestLogging        bool   `flag:"request-logging" cfg:"request_logging" env:"OAUTH2_PROXY_REQUEST_LOGGING"`
 	RequestLoggingFormat  string `flag:"request-logging-format" cfg:"request_logging_format" env:"OAUTH2_PROXY_REQUEST_LOGGING_FORMAT"`
-	ExcludeLoggingPath    string `flag:"exclude-logging-path" cfg:"exclude_logging_path" env:"OAUTH2_PROXY_EXCLUDE_LOGGING_PATH"`
+	ExcludeLoggingPaths   string `flag:"exclude-logging-paths" cfg:"exclude_logging_paths" env:"OAUTH2_EXCLUDE_LOGGING_PATHS"`
 	SilencePingLogging    bool   `flag:"silence-ping-logging" cfg:"silence_ping_logging" env:"OAUTH2_PROXY_SILENCE_PING_LOGGING"`
 	AuthLogging           bool   `flag:"auth-logging" cfg:"auth_logging" env:"OAUTH2_PROXY_LOGGING_AUTH_LOGGING"`
 	AuthLoggingFormat     string `flag:"auth-logging-format" cfg:"auth_logging_format" env:"OAUTH2_PROXY_AUTH_LOGGING_FORMAT"`
@ -168,7 +168,7 @@ func NewOptions() *Options {
 		LoggingMaxBackups:                0,
 		LoggingLocalTime:                 true,
 		LoggingCompress:                  false,
-		ExcludeLoggingPath:               "",
+		ExcludeLoggingPaths:              "",
 		SilencePingLogging:               false,
 		StandardLogging:                  true,
 		StandardLoggingFormat:            logger.DefaultStandardLoggingFormat,
@ -576,12 +576,14 @@ func setupLogger(o *Options, msgs []string) []string {
 	logger.SetAuthTemplate(o.AuthLoggingFormat)
 	logger.SetReqTemplate(o.RequestLoggingFormat)

+	excludePaths := make([]string, 0)
+	excludePaths = append(excludePaths, strings.Split(o.ExcludeLoggingPaths, ",")...)
 	if o.SilencePingLogging {
-		logger.SetExcludePath(o.PingPath)
-	} else {
-		logger.SetExcludePath(o.ExcludeLoggingPath)
+		excludePaths = append(excludePaths, o.PingPath)
 	}

+	logger.SetExcludePaths(excludePaths)
+
 	if !o.LoggingLocalTime {
 		logger.SetFlags(logger.Flags() | logger.LUTC)
 	}
--- a/pkg/logger/logger.go
+++ b/pkg/logger/logger.go
@ -88,7 +88,7 @@ type Logger struct {
 	stdEnabled     bool
 	authEnabled    bool
 	reqEnabled     bool
-	excludePath    string
+	excludePaths   map[string]struct{}
 	stdLogTemplate *template.Template
 	authTemplate   *template.Template
 	reqTemplate    *template.Template
@ -102,7 +102,7 @@ func New(flag int) *Logger {
 		stdEnabled:     true,
 		authEnabled:    true,
 		reqEnabled:     true,
-		excludePath:    "",
+		excludePaths:   nil,
 		stdLogTemplate: template.Must(template.New("std-log").Parse(DefaultStandardLoggingFormat)),
 		authTemplate:   template.Must(template.New("auth-log").Parse(DefaultAuthLoggingFormat)),
 		reqTemplate:    template.Must(template.New("req-log").Parse(DefaultRequestLoggingFormat)),
@ -179,7 +179,7 @@ func (l *Logger) PrintReq(username, upstream string, req *http.Request, url url.
 		return
 	}

-	if url.Path == l.excludePath {
+	if _, excludedPath := l.excludePaths[url.Path]; excludedPath {
 		return
 	}

@ -308,11 +308,14 @@ func (l *Logger) SetReqEnabled(e bool) {
 	l.reqEnabled = e
 }

-// SetExcludePath sets the path to exclude from logging.
-func (l *Logger) SetExcludePath(s string) {
+// SetExcludePaths sets the paths to exclude from logging.
+func (l *Logger) SetExcludePaths(s []string) {
 	l.mu.Lock()
 	defer l.mu.Unlock()
-	l.excludePath = s
+	l.excludePaths = make(map[string]struct{})
+	for _, p := range s {
+		l.excludePaths[p] = struct{}{}
+	}
 }

 // SetStandardTemplate sets the template for standard logging.
@ -378,9 +381,9 @@ func SetReqEnabled(e bool) {
 	std.SetReqEnabled(e)
 }

-// SetExcludePath sets the path to exclude from logging, eg: health checks
-func SetExcludePath(s string) {
-	std.SetExcludePath(s)
+// SetExcludePaths sets the path to exclude from logging, eg: health checks
+func SetExcludePaths(s []string) {
+	std.SetExcludePaths(s)
 }

 // SetStandardTemplate sets the template for standard logging for