feat: Add JSON Log Format Support to Vault CSI Provider #398
Conversation
|
|
|
Thank you for your submission! We require that all contributors sign our Contributor License Agreement ("CLA") before we can accept the contribution. Read and sign the agreement Learn more about why HashiCorp requires a CLA and what the CLA includes Have you signed the CLA already but the status is still pending? Recheck it. |
|
|
||
| // set log level | ||
| logger = setupLogger(flags) | ||
| logger := setupLogger(flags) |
There was a problem hiding this comment.
since we are not passing logger during func realmain() so logger needs to be created after parsing the Flagconfig template.
| } | ||
|
|
||
| func setupLogger(flags config.FlagsConfig) hclog.Logger { | ||
| logger := hclog.Default() |
There was a problem hiding this comment.
this is removed on purpose so that we can manipulate hclog logger Default values futher.
| } | ||
|
|
||
| // Create logger with options | ||
| logger := hclog.New(&hclog.LoggerOptions{ |
There was a problem hiding this comment.
created new logger format replacing default to pass Jsonformat flag. Following RFC3339Nano Timeformat.
| args: | ||
| - -endpoint=/provider/vault.sock | ||
| - -log-level=info | ||
| - -log-format=LOG_FORMAT_PLACEHOLDER # text or json |
There was a problem hiding this comment.
This placeholder coming from root dir Makefile to test log format
Makefile
Outdated
| -rm -rf $(BUILD_DIR) | ||
|
|
||
| # Test log format: JSON and TEXT | ||
| test-log-format: e2e-image |
There was a problem hiding this comment.
It feels a bit odd to have a separate command for testing the log format like this. The unit test already covers the logic.
We can either choose to remove this from here and the doc or add it to the existing e2e.
There was a problem hiding this comment.
removed it, can be tested manually later on after cluster spin up. thanks
2 participants
Summary
This PR adds support for JSON-formatted logging to the vault-csi-provider, enabling better integration with log aggregation systems like Datadog, ELK, and Splunk.
Changes
Core Implementation
New CLI Flag:
-log-formatflag with support forjsonandtextformatstextto maintain backward compatibilityJSON,TEXT, etc.)Files Modified:
main.go: ImplementedsetupLogger()function with format selection logicinternal/config/config.go: AddedLogFormatfield toFlagsConfigTesting
Unit Tests (
main_test.go):TestSetupLoggerFormat: Validates format configuration (JSON, TEXT, default)TestSetupLoggerFormatValidation: Tests case-insensitive validationTestSetupLoggerIntegration: End-to-end JSON output verificationTest Configuration:
test/bats/configs/vault-csi-provider-test.yaml: Kubernetes test manifesttest/bats/configs/test-app-with-vault-secrets.yaml: Sample app for mount testingUsage
Command Line
Kubernetes Deployment
Example Output
JSON Format
{"@level":"info","@message":"Logger initialized","@module":"vault-csi-provider","@timestamp":"2025-10-07T23:14:08.986Z","format":"json","level":"info"} {"@level":"info","@message":"Creating new gRPC server","@module":"vault-csi-provider","@timestamp":"2025-10-07T23:14:08.987Z"} {"@level":"info","@message":"Processing unary gRPC call","grpc.method":"/v1alpha1.CSIDriverProvider/MountSecretsStoreObjectContent","@timestamp":"..."}Manual Testing
Benefits
Migration Guide
For existing deployments wanting to switch to JSON logging:
-log-format=jsonin container argsRelated Issues
#177
PCI review checklist
I have documented a clear reason for, and description of, the change I am making.
If applicable, I've documented a plan to revert these changes if they require more than reverting the pull request.
If applicable, I've documented the impact of any changes to security controls.
Examples of changes to security controls include using new access control methods, adding or removing logging pipelines, etc.