feat: add options to disable access and auth logging for oauth2 proxy

rolehippie · Jul 6, 2023 · 4330c25 · 4330c25
1 parent 4f85436
commit 4330c25
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -36,6 +36,7 @@ Building and improving this Ansible role have been sponsored by my current and p
   - [prometheus_installation](#prometheus_installation)
   - [prometheus_listen_address](#prometheus_listen_address)
   - [prometheus_network](#prometheus_network)
+  - [prometheus_oauth2_access_logging](#prometheus_oauth2_access_logging)
   - [prometheus_oauth2_allowed_groups](#prometheus_oauth2_allowed_groups)
   - [prometheus_oauth2_client_id](#prometheus_oauth2_client_id)
   - [prometheus_oauth2_client_secret](#prometheus_oauth2_client_secret)
@@ -52,6 +53,7 @@ Building and improving this Ansible role have been sponsored by my current and p
   - [prometheus_oauth2_network](#prometheus_oauth2_network)
   - [prometheus_oauth2_provider](#prometheus_oauth2_provider)
   - [prometheus_oauth2_pull_image](#prometheus_oauth2_pull_image)
+  - [prometheus_oauth2_request_logging](#prometheus_oauth2_request_logging)
   - [prometheus_oauth2_static_groups](#prometheus_oauth2_static_groups)
   - [prometheus_oauth2_static_users](#prometheus_oauth2_static_users)
   - [prometheus_oauth2_upstream](#prometheus_oauth2_upstream)
@@ -361,6 +363,16 @@ Optional docker network to attach on OAuth2 Proxy
 prometheus_network:
 ```
 
+### prometheus_oauth2_access_logging
+
+Enable access logging for OAuth2 proxy
+
+#### Default value
+
+```YAML
+prometheus_oauth2_access_logging: false
+```
+
 ### prometheus_oauth2_allowed_groups
 
 List of groups to allow access
@@ -538,6 +550,16 @@ prometheus_oauth2_provider: keycloak
 prometheus_oauth2_pull_image: true
 ```
 
+### prometheus_oauth2_request_logging
+
+Enable request logging for OAuth2 proxy
+
+#### Default value
+
+```YAML
+prometheus_oauth2_request_logging: false
+```
+
 ### prometheus_oauth2_static_groups
 
 List of groups assigned to static users

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -201,6 +201,12 @@ prometheus_oauth2_upstream: "http://{{ prometheus_listen_address if prometheus_i
 # @var prometheus_oauth2_listen_address:description: Listem address for the OAuth2 proxy
 prometheus_oauth2_listen_address: 0.0.0.0:9089
 
+# @var prometheus_oauth2_request_logging:description: Enable request logging for OAuth2 proxy
+prometheus_oauth2_request_logging: False
+
+# @var prometheus_oauth2_access_logging:description: Enable access logging for OAuth2 proxy
+prometheus_oauth2_access_logging: False
+
 # @var prometheus_oauth2_cookie_secret:description: Cookie secret used by OAuth2 proxy
 prometheus_oauth2_cookie_secret:
 

diff --git a/templates/oauth2/default.j2 b/templates/oauth2/default.j2
@@ -3,6 +3,9 @@ OAUTH2_PROXY_REVERSE_PROXY=true
 OAUTH2_PROXY_UPSTREAMS={{ prometheus_oauth2_upstream }}
 OAUTH2_PROXY_FOOTER=-
 
+OAUTH2_PROXY_REQUEST_LOGGING={{ prometheus_oauth2_request_logging | lower }}
+OAUTH2_PROXY_AUTH_LOGGING={{ prometheus_oauth2_access_logging | lower }}
+
 OAUTH2_PROXY_COOKIE_SECRET={{ prometheus_oauth2_cookie_secret }}
 OAUTH2_PROXY_COOKIE_NAME=prometheus
 OAUTH2_PROXY_COOKIE_SECURE={{ (True if prometheus_domain.startswith('https://') else False) | lower }}