Merge pull request #231 from juandspy/CCXDEV-12944

[CCXDEV-12944] Log the headers of the request (not the authorization one)
RedHatInsights · Jun 18, 2024 · 8e0fa51 · 8e0fa51
2 parents 5e3af0f + 63d7d7b
commit 8e0fa51
Show file tree

Hide file tree

Showing 4 changed files with 86 additions and 1 deletion.
diff --git a/deploy/clowdapp.yaml b/deploy/clowdapp.yaml
@@ -104,6 +104,8 @@ objects:
                   optional: true
             - name: INSIGHTS_OPERATOR_GATHERING_CONDITIONS_SERVICE__SENTRY__ENVIRONMENT
               value: ${ENV_NAME}
+            - name: INSIGHTS_OPERATOR_GATHERING_CONDITIONS_SERVICE__LOGGING__LOG_LEVEL
+              value: ${LOG_LEVEL}
           image: ${IMAGE}:${IMAGE_TAG}
           livenessProbe:
             failureThreshold: 3
@@ -190,3 +192,5 @@ parameters:
   value: '200m'
 - name: MEMORY_LIMIT
   value: '512Mi'
+- name: LOG_LEVEL
+  value: "INFO"
diff --git a/internal/service/endpoints.go b/internal/service/endpoints.go
@@ -21,6 +21,7 @@ import (
 	"errors"
 	"net/http"
 
+	"github.com/rs/zerolog"
 	"github.com/rs/zerolog/log"
 
 	merrors "github.com/RedHatInsights/insights-operator-gathering-conditions-service/internal/errors"
@@ -48,6 +49,12 @@ func serveOpenAPI(w http.ResponseWriter, r *http.Request) {
 
 func gatheringRulesEndpoint(svc Interface) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
+		// This is some debug logging to check if we receive the cluster ID as
+		// part of the request IO is doing
+		logHeadersEvent := log.Debug()
+		logHeaders(r, []string{"Authorization"}, logHeadersEvent)
+		logHeadersEvent.Msg("Request headers")
+
 		rules, err := svc.Rules()
 		if err != nil {
 			renderErrorResponse(w, "internal error", err)
@@ -106,3 +113,21 @@ func renderErrorResponse(w http.ResponseWriter, msg string, err error) {
 
 	renderResponse(w, resp, code)
 }
+
+func logHeaders(r *http.Request, skipHeaders []string, logEvent *zerolog.Event) {
+	for name, values := range r.Header {
+		if sliceContains(skipHeaders, name) {
+			continue
+		}
+		logEvent.Strs(name, values)
+	}
+}
+
+func sliceContains(s []string, e string) bool {
+	for _, a := range s {
+		if a == e {
+			return true
+		}
+	}
+	return false
+}
diff --git a/internal/service/endpoints_test.go b/internal/service/endpoints_test.go
@@ -22,6 +22,7 @@ import (
 	"net/http/httptest"
 	"testing"
 
+	"github.com/rs/zerolog"
 	"github.com/stretchr/testify/assert"
 
 	"github.com/RedHatInsights/insights-operator-gathering-conditions-service/internal/service"
@@ -70,3 +71,55 @@ func TestRenderResponseJSONMarshalError(t *testing.T) {
 	// we expect that error should be returned
 	assert.Equal(t, http.StatusInternalServerError, writer.Code)
 }
+
+func TestLogHeaders(t *testing.T) {
+	req, err := http.NewRequest("GET", "http://example.com", nil)
+	assert.NoError(t, err)
+
+	req.Header.Add("Authorization", "Bearer token")
+	req.Header.Add("Content-Type", "application/json")
+	req.Header.Add("User-Agent", "Go-http-client/1.1")
+
+	t.Run("no filter", func(t *testing.T) {
+		logs := &logSink{}
+		logger := zerolog.New(logs)
+		logEvent := logger.Debug()
+
+		service.LogHeaders(req, []string{}, logEvent)
+		logEvent.Msg("test")
+
+		assert.Len(t, logs.logs, 1, "received more than 1 log")
+		got := logs.logs[0]
+		assert.Contains(t, got, `"Authorization":["Bearer token"]`)
+		assert.Contains(t, got, `"User-Agent":["Go-http-client/1.1"]`)
+		assert.Contains(t, got, `"Content-Type":["application/json"]`)
+	})
+
+	t.Run("with filter", func(t *testing.T) {
+		logs := &logSink{}
+		logger := zerolog.New(logs)
+		logEvent := logger.Debug()
+
+		service.LogHeaders(req, []string{"Authorization"}, logEvent)
+		logEvent.Msg("test")
+
+		assert.Len(t, logs.logs, 1, "received more than 1 log")
+		got := logs.logs[0]
+		// Note that "Authorization":["Bearer token"] is no longer expected
+		assert.Contains(t, got, `"User-Agent":["Go-http-client/1.1"]`)
+		assert.Contains(t, got, `"Content-Type":["application/json"]`)
+	})
+}
+
+type logSink struct {
+	logs []string
+}
+
+func (l *logSink) Write(p []byte) (n int, err error) {
+	l.logs = append(l.logs, string(p))
+	return len(p), nil
+}
+
+func (l *logSink) Index(i int) string {
+	return l.logs[i]
+}
diff --git a/internal/service/export_test.go b/internal/service/export_test.go
@@ -25,4 +25,7 @@ package service
 // Please look into the following blogpost:
 // https://medium.com/@robiplus/golang-trick-export-for-test-aa16cbd7b8cd
 // to see why this trick is needed.
-var RenderResponse = renderResponse
+var (
+	RenderResponse = renderResponse
+	LogHeaders     = logHeaders
+)