From bd29c89b52d68b79968f49e804175e75c706b400 Mon Sep 17 00:00:00 2001
From: Kassio Borges <kborges@gitlab.com>
Date: Tue, 14 Mar 2023 14:35:11 +0000
Subject: Make the flags logging dynamic

---
 internal/config/config.go      | 26 ++++++++++++++++++++++----
 internal/config/config_test.go | 23 +++++++++++++++++++++++
 internal/config/flags.go       |  8 ++++++++
 3 files changed, 53 insertions(+), 4 deletions(-)

(limited to 'internal')

diff --git a/internal/config/config.go b/internal/config/config.go
index 5a1736ec..afd7982e 100644
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -410,8 +410,8 @@ func loadConfig() (*Config, error) {
 	return config, nil
 }
 
-func LogConfig(config *Config) {
-	log.WithFields(log.Fields{
+func logFields(config *Config) map[string]any {
+	return map[string]any{
 		"artifacts-server":               config.ArtifactsServer.URL,
 		"artifacts-server-timeout":       *artifactsServerTimeout,
 		"default-config-filename":        flag.DefaultConfigFlagname,
@@ -422,7 +422,8 @@ func LogConfig(config *Config) {
 		"listen-https":                   listenHTTPS,
 		"listen-proxy":                   listenProxy,
 		"listen-https-proxyv2":           listenHTTPSProxyv2,
-		"log-format":                     *logFormat,
+		"log-format":                     config.Log.Format,
+		"log-verbose":                    config.Log.Verbose,
 		"metrics-address":                *metricsAddress,
 		"metrics-certificate":            *metricsCertificate,
 		"metrics-key":                    *metricsKey,
@@ -443,6 +444,7 @@ func LogConfig(config *Config) {
 		"auth-redirect-uri":              config.Authentication.RedirectURI,
 		"auth-scope":                     config.Authentication.Scope,
 		"auth-cookie-session-timeout":    config.Authentication.CookieSessionTimeout,
+		"auth-timeout":                   config.Authentication.Timeout,
 		"max-conns":                      config.General.MaxConns,
 		"max-uri-length":                 config.General.MaxURILength,
 		"zip-cache-expiration":           config.Zip.ExpirationInterval,
@@ -458,6 +460,14 @@ func LogConfig(config *Config) {
 		"rate-limit-tls-source-ip-burst": config.RateLimit.TLSSourceIPBurst,
 		"rate-limit-tls-domain":          config.RateLimit.TLSDomainLimitPerSecond,
 		"rate-limit-tls-domain-burst":    config.RateLimit.TLSDomainBurst,
+		"gitlab-client-http-timeout":     config.GitLab.ClientHTTPTimeout,
+		"gitlab-client-jwt-expiry":       config.GitLab.JWTTokenExpiration,
+		"gitlab-cache-expiry":            config.GitLab.Cache.CacheExpiry,
+		"gitlab-cache-refresh":           config.GitLab.Cache.CacheCleanupInterval,
+		"gitlab-cache-cleanup":           config.GitLab.Cache.EntryRefreshTimeout,
+		"gitlab-retrieval-timeout":       config.GitLab.Cache.RetrievalTimeout,
+		"gitlab-retrieval-interval":      config.GitLab.Cache.MaxRetrievalInterval,
+		"gitlab-retrieval-retries":       config.GitLab.Cache.MaxRetrievalRetries,
 		"redirects-max-config-size":      config.Redirects.MaxConfigSize,
 		"redirects-max-path-segments":    config.Redirects.MaxPathSegments,
 		"redirects-max-rule-count":       config.Redirects.MaxRuleCount,
@@ -465,7 +475,15 @@ func LogConfig(config *Config) {
 		"server-read-header-timeout":     config.Server.ReadHeaderTimeout,
 		"server-write-timeout":           config.Server.WriteTimeout,
 		"server-keep-alive":              config.Server.ListenKeepAlive,
-	}).Debug("Start Pages with configuration")
+		"server-shutdown-timeout":        config.General.ServerShutdownTimeout,
+		"sentry-dsn":                     config.Sentry.DSN,
+		"sentry-environment":             config.Sentry.Environment,
+		"version":                        config.General.ShowVersion,
+	}
+}
+
+func LogConfig(config *Config) {
+	log.WithFields(logFields(config)).Debug("Start Pages with configuration")
 }
 
 // LoadConfig parses configuration settings passed as command line arguments or
diff --git a/internal/config/config_test.go b/internal/config/config_test.go
index 19dfb957..9db88acc 100644
--- a/internal/config/config_test.go
+++ b/internal/config/config_test.go
@@ -5,11 +5,34 @@ import (
 	"path/filepath"
 	"testing"
 
+	"github.com/namsral/flag"
 	"github.com/stretchr/testify/require"
 
 	"gitlab.com/gitlab-org/gitlab-pages/internal/fixture"
 )
 
+func TestLogFields(t *testing.T) {
+	loggingFlags := logFields(&Config{})
+
+	var missingFlags []string
+
+	flag.VisitAll(func(f *flag.Flag) {
+		_, logging := loggingFlags[f.Name]
+
+		if nonLoggableFlags[f.Name] || logging {
+			return
+		}
+
+		missingFlags = append(missingFlags, f.Name)
+	})
+
+	require.Empty(
+		t,
+		missingFlags,
+		"New flag is added, but not logged. Consider adding it to nonLoggableFlags if it contains any sensitive data such as keys",
+	)
+}
+
 func Test_loadMetricsConfig(t *testing.T) {
 	defaultMetricsAdress := ":9325"
 	defaultDir, defaultMetricsKey, defaultMetricsCertificate := setupHTTPSFixture(t)
diff --git a/internal/config/flags.go b/internal/config/flags.go
index 798e4a83..c05f2f32 100644
--- a/internal/config/flags.go
+++ b/internal/config/flags.go
@@ -103,6 +103,14 @@ var (
 	listenHTTPSProxyv2 = MultiStringFlag{separator: ","}
 
 	header = MultiStringFlag{separator: ";;"}
+
+	// flags that won't be logged to the output on Pages boot
+	nonLoggableFlags = map[string]bool{
+		"auth-client-id":     true,
+		"auth-client-secret": true,
+		"auth-secret":        true,
+		"use-http2":          true,
+	}
 )
 
 // initFlags will be called from LoadConfig
-- 
cgit v1.2.3