NE-2117: Add httpsLogFormat and tcpLogFormat to API

Author: rohara

features.md

@@ -68,6 +68,7 @@
 | HyperShiftOnlyDynamicResourceAllocation| <span style="background-color: #519450">Enabled</span> | | <span style="background-color: #519450">Enabled</span> | | <span style="background-color: #519450">Enabled</span> | | <span style="background-color: #519450">Enabled</span> |  |
 | ImageModeStatusReporting| | | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | | | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span>  |
 | IngressControllerDynamicConfigurationManager| | | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | | | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span>  |
+| IngressControllerHTTPSLogFormat| | | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | | | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span>  |
 | IrreconcilableMachineConfig| | | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | | | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span>  |
 | KMSEncryption| | | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | | | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span>  |
 | MachineAPIMigration| | | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | | | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span>  |

features/features.go

@@ -203,12 +203,12 @@ var (
 					mustRegister()
 
 	FeatureGateNoOverlayMode = newFeatureGate("NoOverlayMode").
-				reportProblemsToJiraComponent("Networking/ovn-kubernetes").
-				contactPerson("pliurh").
-				productScope(ocpSpecific).
-				enhancementPR("https://github.com/openshift/enhancements/pull/1859").
-				enable(inDevPreviewNoUpgrade(), inTechPreviewNoUpgrade()).
-				mustRegister()
+					reportProblemsToJiraComponent("Networking/ovn-kubernetes").
+					contactPerson("pliurh").
+					productScope(ocpSpecific).
+					enhancementPR("https://github.com/openshift/enhancements/pull/1859").
+					enable(inDevPreviewNoUpgrade(), inTechPreviewNoUpgrade()).
+					mustRegister()
 
 	FeatureGateEVPN = newFeatureGate("EVPN").
 			reportProblemsToJiraComponent("Networking/ovn-kubernetes").
@@ -665,6 +665,14 @@ var (
 								enable(inDevPreviewNoUpgrade(), inTechPreviewNoUpgrade()).
 								mustRegister()
 
+	FeatureGateIngressControllerHTTPSLogFormat = newFeatureGate("IngressControllerHTTPSLogFormat").
+							reportProblemsToJiraComponent("Networking / router").
+							contactPerson("rohara").
+							productScope(ocpSpecific).
+							enhancementPR("https://github.com/openshift/enhancements/pull/1832").
+							enable(inDevPreviewNoUpgrade(), inTechPreviewNoUpgrade()).
+							mustRegister()
+
 	FeatureGateMinimumKubeletVersion = newFeatureGate("MinimumKubeletVersion").
 						reportProblemsToJiraComponent("Node").
 						contactPerson("haircommander").

openapi/generated_openapi/zz_generated.openapi.go

@@ -0,0 +1,67 @@
+apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this
+name: "IngressController"
+crdName: ingresscontrollers.operator.openshift.io
+featureGates:
+- IngressControllerHTTPSLogFormat
+tests:
+  onCreate:
+    - name: Should be able to create a minimal ingresscontroller with tcpLogFormat
+      initial: |
+        apiVersion: operator.openshift.io/v1
+        kind: IngressController
+        metadata:
+          name: default
+          namespace: openshift-ingress-operator
+        spec:
+          logging:
+            access:
+              destination:
+                type: Container
+              logEmptyRequests: "Ignore"
+              tcpLogFormat: "%ci:%cp [%t] %ft %b/%s %Tw/%Tc/%Tt %B %ts"
+      expected: |
+        apiVersion: operator.openshift.io/v1
+        kind: IngressController
+        metadata:
+          name: default
+          namespace: openshift-ingress-operator
+        spec:
+          httpEmptyRequestsPolicy: Respond
+          idleConnectionTerminationPolicy: Immediate
+          closedClientConnectionPolicy: Continue
+          logging:
+            access:
+              destination:
+                type: Container
+              logEmptyRequests: "Ignore"
+              tcpLogFormat: "%ci:%cp [%t] %ft %b/%s %Tw/%Tc/%Tt %B %ts"
+    - name: Should be able to create a minimal ingresscontroller with httpsLogFormat
+      initial: |
+        apiVersion: operator.openshift.io/v1
+        kind: IngressController
+        metadata:
+          name: default
+          namespace: openshift-ingress-operator
+        spec:
+          logging:
+            access:
+              destination:
+                type: Container
+              logEmptyRequests: "Ignore"
+              httpsLogFormat: "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC"
+      expected: |
+        apiVersion: operator.openshift.io/v1
+        kind: IngressController
+        metadata:
+          name: default
+          namespace: openshift-ingress-operator
+        spec:
+          httpEmptyRequestsPolicy: Respond
+          idleConnectionTerminationPolicy: Immediate
+          closedClientConnectionPolicy: Continue
+          logging:
+            access:
+              destination:
+                type: Container
+              logEmptyRequests: "Ignore"
+              httpsLogFormat: "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC"

operator/v1/tests/ingresscontrollers.operator.openshift.io/IngressControllerHTTPSLogFormat.yaml

@@ -1495,13 +1495,35 @@ type AccessLogging struct {
 	// +required
 	Destination LoggingDestination `json:"destination"`
 
+	// tcpLogFormat specifies the format of the log message for a TCP
+	// connection.
+	//
+	// If this field is empty, log messages use the implementation's default
+	// TCP log format.  When set, the value must be between 1 and 1024
+	// characters long.For HAProxy's default TCP log format, see the
+	// HAProxy documentation:
+	// http://docs.haproxy.org/2.8/configuration.html#8.2.2
+	//
+	// Note that this log message is used for the initial TCP connection
+	// associated with a TLS session.  Note that for edge-terminated and
+	// reencrypt routes, you may see a second log message for the HTTP
+	// request in addition to the log message for the TCP connection.  Use
+	// the httpsLogFormat option to customize the log format for the HTTPS
+	// request.
+	//
+	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:MaxLength=1024
+	// +openshift:enable:FeatureGate=IngressControllerHTTPSLogFormat
+	// +optional
+	TcpLogFormat string `json:"tcpLogFormat,omitempty"`
+
 	// httpLogFormat specifies the format of the log message for an HTTP
 	// request.
 	//
 	// If this field is empty, log messages use the implementation's default
 	// HTTP log format.  For HAProxy's default HTTP log format, see the
 	// HAProxy documentation:
-	// http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3
+	// http://docs.haproxy.org/2.8/configuration.html#8.2.3
 	//
 	// Note that this format only applies to cleartext HTTP connections
 	// and to secure HTTP connections for which the ingress controller
@@ -1512,6 +1534,26 @@ type AccessLogging struct {
 	// +optional
 	HttpLogFormat string `json:"httpLogFormat,omitempty"`
 
+	// httpsLogFormat specifies the format of the log message for an HTTPS
+	// request.
+	//
+	// If this field is empty, log messages use the implementation's default
+	// HTTPS log format.  When set, the value must be between 1 and 1024
+	// characters long.For HAProxy's default HTTPS log format, see the
+	// HAProxy documentation:
+	// http://docs.haproxy.org/2.8/configuration.html#8.2.4
+	//
+	// Note that this format only applies to HTTPS connections for which the
+	// ingress controller terminates encryption (that is, edge-terminated or
+	// reencrypt connections).  It does not affect the log format for TLS
+	// passthrough connections.
+	//
+	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:MaxLength=1024
+	// +openshift:enable:FeatureGate=IngressControllerHTTPSLogFormat
+	// +optional
+	HttpsLogFormat string `json:"httpsLogFormat,omitempty"`
+
 	// httpCaptureHeaders defines HTTP headers that should be captured in
 	// access logs.  If this field is empty, no headers are captured.
 	//

operator/v1/types_ingress.go

@@ -1661,14 +1661,32 @@ spec:
                           If this field is empty, log messages use the implementation's default
                           HTTP log format.  For HAProxy's default HTTP log format, see the
                           HAProxy documentation:
-                          http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3
+                          http://docs.haproxy.org/2.8/configuration.html#8.2.3
 
                           Note that this format only applies to cleartext HTTP connections
                           and to secure HTTP connections for which the ingress controller
                           terminates encryption (that is, edge-terminated or reencrypt
                           connections).  It does not affect the log format for TLS passthrough
                           connections.
                         type: string
+                      httpsLogFormat:
+                        description: |-
+                          httpsLogFormat specifies the format of the log message for an HTTPS
+                          request.
+
+                          If this field is empty, log messages use the implementation's default
+                          HTTPS log format.  When set, the value must be between 1 and 1024
+                          characters long.For HAProxy's default HTTPS log format, see the
+                          HAProxy documentation:
+                          http://docs.haproxy.org/2.8/configuration.html#8.2.4
+
+                          Note that this format only applies to HTTPS connections for which the
+                          ingress controller terminates encryption (that is, edge-terminated or
+                          reencrypt connections).  It does not affect the log format for TLS
+                          passthrough connections.
+                        maxLength: 1024
+                        minLength: 1
+                        type: string
                       logEmptyRequests:
                         default: Log
                         description: |-
@@ -1686,6 +1704,26 @@ spec:
                         - Log
                         - Ignore
                         type: string
+                      tcpLogFormat:
+                        description: |-
+                          tcpLogFormat specifies the format of the log message for a TCP
+                          connection.
+
+                          If this field is empty, log messages use the implementation's default
+                          TCP log format.  When set, the value must be between 1 and 1024
+                          characters long.For HAProxy's default TCP log format, see the
+                          HAProxy documentation:
+                          http://docs.haproxy.org/2.8/configuration.html#8.2.2
+
+                          Note that this log message is used for the initial TCP connection
+                          associated with a TLS session.  Note that for edge-terminated and
+                          reencrypt routes, you may see a second log message for the HTTP
+                          request in addition to the log message for the TCP connection.  Use
+                          the httpsLogFormat option to customize the log format for the HTTPS
+                          request.
+                        maxLength: 1024
+                        minLength: 1
+                        type: string
                     required:
                     - destination
                     type: object

operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-CustomNoUpgrade.crd.yaml

@@ -1661,7 +1661,7 @@ spec:
                           If this field is empty, log messages use the implementation's default
                           HTTP log format.  For HAProxy's default HTTP log format, see the
                           HAProxy documentation:
-                          http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3
+                          http://docs.haproxy.org/2.8/configuration.html#8.2.3
 
                           Note that this format only applies to cleartext HTTP connections
                           and to secure HTTP connections for which the ingress controller

operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-Default.crd.yaml

@@ -1661,14 +1661,32 @@ spec:
                           If this field is empty, log messages use the implementation's default
                           HTTP log format.  For HAProxy's default HTTP log format, see the
                           HAProxy documentation:
-                          http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3
+                          http://docs.haproxy.org/2.8/configuration.html#8.2.3
 
                           Note that this format only applies to cleartext HTTP connections
                           and to secure HTTP connections for which the ingress controller
                           terminates encryption (that is, edge-terminated or reencrypt
                           connections).  It does not affect the log format for TLS passthrough
                           connections.
                         type: string
+                      httpsLogFormat:
+                        description: |-
+                          httpsLogFormat specifies the format of the log message for an HTTPS
+                          request.
+
+                          If this field is empty, log messages use the implementation's default
+                          HTTPS log format.  When set, the value must be between 1 and 1024
+                          characters long.For HAProxy's default HTTPS log format, see the
+                          HAProxy documentation:
+                          http://docs.haproxy.org/2.8/configuration.html#8.2.4
+
+                          Note that this format only applies to HTTPS connections for which the
+                          ingress controller terminates encryption (that is, edge-terminated or
+                          reencrypt connections).  It does not affect the log format for TLS
+                          passthrough connections.
+                        maxLength: 1024
+                        minLength: 1
+                        type: string
                       logEmptyRequests:
                         default: Log
                         description: |-
@@ -1686,6 +1704,26 @@ spec:
                         - Log
                         - Ignore
                         type: string
+                      tcpLogFormat:
+                        description: |-
+                          tcpLogFormat specifies the format of the log message for a TCP
+                          connection.
+
+                          If this field is empty, log messages use the implementation's default
+                          TCP log format.  When set, the value must be between 1 and 1024
+                          characters long.For HAProxy's default TCP log format, see the
+                          HAProxy documentation:
+                          http://docs.haproxy.org/2.8/configuration.html#8.2.2
+
+                          Note that this log message is used for the initial TCP connection
+                          associated with a TLS session.  Note that for edge-terminated and
+                          reencrypt routes, you may see a second log message for the HTTP
+                          request in addition to the log message for the TCP connection.  Use
+                          the httpsLogFormat option to customize the log format for the HTTPS
+                          request.
+                        maxLength: 1024
+                        minLength: 1
+                        type: string
                     required:
                     - destination
                     type: object

operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-DevPreviewNoUpgrade.crd.yaml

@@ -1661,7 +1661,7 @@ spec:
                           If this field is empty, log messages use the implementation's default
                           HTTP log format.  For HAProxy's default HTTP log format, see the
                           HAProxy documentation:
-                          http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3
+                          http://docs.haproxy.org/2.8/configuration.html#8.2.3
 
                           Note that this format only applies to cleartext HTTP connections
                           and to secure HTTP connections for which the ingress controller