Remove observability for internal resources

2024-01-30 16:28:05 +01:00 · 2024-01-30 16:28:05 +01:00 · 8b77f0c2dd
commit 8b77f0c2dd
parent d02be003ab
36 changed files with 594 additions and 317 deletions
--- a/integration/access_log_test.go
+++ b/integration/access_log_test.go
@ -61,7 +61,7 @@ func (s *AccessLogSuite) TestAccessLog() {
 	ensureWorkingDirectoryIsClean()

 	// Start Traefik
-	s.traefikCmd(withConfigFile("fixtures/access_log_config.toml"))
+	s.traefikCmd(withConfigFile("fixtures/access_log/access_log_base.toml"))

 	defer func() {
 		traefikLog, err := os.ReadFile(traefikTestLogFile)
@ -130,7 +130,7 @@ func (s *AccessLogSuite) TestAccessLogAuthFrontend() {
 	}

 	// Start Traefik
-	s.traefikCmd(withConfigFile("fixtures/access_log_config.toml"))
+	s.traefikCmd(withConfigFile("fixtures/access_log/access_log_base.toml"))

 	s.checkStatsForLogFile()

@ -194,7 +194,7 @@ func (s *AccessLogSuite) TestAccessLogDigestAuthMiddleware() {
 	}

 	// Start Traefik
-	s.traefikCmd(withConfigFile("fixtures/access_log_config.toml"))
+	s.traefikCmd(withConfigFile("fixtures/access_log/access_log_base.toml"))

 	s.checkStatsForLogFile()

@ -304,7 +304,7 @@ func (s *AccessLogSuite) TestAccessLogFrontendRedirect() {
 	}

 	// Start Traefik
-	s.traefikCmd(withConfigFile("fixtures/access_log_config.toml"))
+	s.traefikCmd(withConfigFile("fixtures/access_log/access_log_base.toml"))

 	s.checkStatsForLogFile()

@ -410,7 +410,7 @@ func (s *AccessLogSuite) TestAccessLogRateLimit() {
 	}

 	// Start Traefik
-	s.traefikCmd(withConfigFile("fixtures/access_log_config.toml"))
+	s.traefikCmd(withConfigFile("fixtures/access_log/access_log_base.toml"))

 	s.checkStatsForLogFile()

@ -454,7 +454,7 @@ func (s *AccessLogSuite) TestAccessLogBackendNotFound() {
 	}

 	// Start Traefik
-	s.traefikCmd(withConfigFile("fixtures/access_log_config.toml"))
+	s.traefikCmd(withConfigFile("fixtures/access_log/access_log_base.toml"))

 	s.waitForTraefik("server1")

@ -494,7 +494,7 @@ func (s *AccessLogSuite) TestAccessLogFrontendAllowlist() {
 	}

 	// Start Traefik
-	s.traefikCmd(withConfigFile("fixtures/access_log_config.toml"))
+	s.traefikCmd(withConfigFile("fixtures/access_log/access_log_base.toml"))

 	s.checkStatsForLogFile()

@ -534,7 +534,7 @@ func (s *AccessLogSuite) TestAccessLogAuthFrontendSuccess() {
 	}

 	// Start Traefik
-	s.traefikCmd(withConfigFile("fixtures/access_log_config.toml"))
+	s.traefikCmd(withConfigFile("fixtures/access_log/access_log_base.toml"))

 	s.checkStatsForLogFile()

@ -575,7 +575,7 @@ func (s *AccessLogSuite) TestAccessLogPreflightHeadersMiddleware() {
 	}

 	// Start Traefik
-	s.traefikCmd(withConfigFile("fixtures/access_log_config.toml"))
+	s.traefikCmd(withConfigFile("fixtures/access_log/access_log_base.toml"))

 	s.checkStatsForLogFile()

@ -603,6 +603,56 @@ func (s *AccessLogSuite) TestAccessLogPreflightHeadersMiddleware() {
 	s.checkNoOtherTraefikProblems()
 }

+func (s *AccessLogSuite) TestAccessLogDisabledForInternals() {
+	ensureWorkingDirectoryIsClean()
+
+	file := s.adaptFile("fixtures/access_log/access_log_ping.toml", struct{}{})
+
+	// Start Traefik.
+	s.traefikCmd(withConfigFile(file))
+
+	defer func() {
+		traefikLog, err := os.ReadFile(traefikTestLogFile)
+		require.NoError(s.T(), err)
+		log.Info().Msg(string(traefikLog))
+	}()
+
+	// waitForTraefik makes at least one call to the rawdata api endpoint,
+	// but the logs for this endpoint are ignored in checkAccessLogOutput.
+	s.waitForTraefik("customPing")
+
+	s.checkStatsForLogFile()
+
+	// Verify Traefik started OK.
+	s.checkTraefikStarted()
+
+	// Make some requests on the internal ping router.
+	req, err := http.NewRequest(http.MethodGet, "http://127.0.0.1:8080/ping", nil)
+	require.NoError(s.T(), err)
+
+	err = try.Request(req, 500*time.Millisecond, try.StatusCodeIs(http.StatusOK), try.HasBody())
+	require.NoError(s.T(), err)
+	err = try.Request(req, 500*time.Millisecond, try.StatusCodeIs(http.StatusOK), try.HasBody())
+	require.NoError(s.T(), err)
+
+	// Make some requests on the custom ping router.
+	req, err = http.NewRequest(http.MethodGet, "http://127.0.0.1:8000/ping", nil)
+	require.NoError(s.T(), err)
+
+	err = try.Request(req, 500*time.Millisecond, try.StatusCodeIs(http.StatusOK), try.HasBody())
+	require.NoError(s.T(), err)
+	err = try.Request(req, 500*time.Millisecond, try.StatusCodeIs(http.StatusOK), try.HasBody())
+	require.NoError(s.T(), err)
+
+	// Verify access.log output as expected.
+	count := s.checkAccessLogOutput()
+
+	require.Equal(s.T(), 0, count)
+
+	// Verify no other Traefik problems.
+	s.checkNoOtherTraefikProblems()
+}
+
 func (s *AccessLogSuite) checkNoOtherTraefikProblems() {
 	traefikLog, err := os.ReadFile(traefikTestLogFile)
 	require.NoError(s.T(), err)
@ -612,6 +662,8 @@ func (s *AccessLogSuite) checkNoOtherTraefikProblems() {
 }

 func (s *AccessLogSuite) checkAccessLogOutput() int {
+	s.T().Helper()
+
 	lines := s.extractLines()
 	count := 0
 	for i, line := range lines {
@ -624,6 +676,8 @@ func (s *AccessLogSuite) checkAccessLogOutput() int {
 }

 func (s *AccessLogSuite) checkAccessLogExactValuesOutput(values []accessLogValue) int {
+	s.T().Helper()
+
 	lines := s.extractLines()
 	count := 0
 	for i, line := range lines {
@ -641,6 +695,8 @@ func (s *AccessLogSuite) checkAccessLogExactValuesOutput(values []accessLogValue
 }

 func (s *AccessLogSuite) extractLines() []string {
+	s.T().Helper()
+
 	accessLog, err := os.ReadFile(traefikTestAccessLogFile)
 	require.NoError(s.T(), err)

@ -656,6 +712,8 @@ func (s *AccessLogSuite) extractLines() []string {
 }

 func (s *AccessLogSuite) checkStatsForLogFile() {
+	s.T().Helper()
+
 	err := try.Do(1*time.Second, func() error {
 		if _, errStat := os.Stat(traefikTestLogFile); errStat != nil {
 			return fmt.Errorf("could not get stats for log file: %w", errStat)
@ -671,6 +729,8 @@ func ensureWorkingDirectoryIsClean() {
 }

 func (s *AccessLogSuite) checkTraefikStarted() []byte {
+	s.T().Helper()
+
 	traefikLog, err := os.ReadFile(traefikTestLogFile)
 	require.NoError(s.T(), err)
 	if len(traefikLog) > 0 {
@ -680,6 +740,8 @@ func (s *AccessLogSuite) checkTraefikStarted() []byte {
 }

 func (s *BaseSuite) CheckAccessLogFormat(line string, i int) {
+	s.T().Helper()
+
 	results, err := accesslog.ParseAccessLog(line)
 	require.NoError(s.T(), err)
 	assert.Len(s.T(), results, 14)
@ -692,6 +754,8 @@ func (s *BaseSuite) CheckAccessLogFormat(line string, i int) {
 }

 func (s *AccessLogSuite) checkAccessLogExactValues(line string, i int, v accessLogValue) {
+	s.T().Helper()
+
 	results, err := accesslog.ParseAccessLog(line)
 	require.NoError(s.T(), err)
 	assert.Len(s.T(), results, 14)
--- a/integration/fixtures/access_log/access_log_base.toml
+++ b/integration/fixtures/access_log/access_log_base.toml
--- a/integration/fixtures/access_log/access_log_ping.toml
+++ b/integration/fixtures/access_log/access_log_ping.toml
@ -0,0 +1,30 @@
+[global]
+  checkNewVersion = false
+  sendAnonymousUsage = false
+
+[log]
+  level = "ERROR"
+  filePath = "traefik.log"
+
+[accessLog]
+  filePath = "access.log"
+
+[entryPoints]
+  [entryPoints.web]
+    address = ":8000"
+
+[api]
+  insecure = true
+
+[ping]
+
+[providers]
+  [providers.file]
+    filename = "{{ .SelfFilename }}"
+
+## dynamic configuration ##
+[http.routers]
+  [http.routers.customPing]
+    entryPoints = ["web"]
+    rule = "PathPrefix(`/ping`)"
+    service = "ping@internal"
--- a/integration/fixtures/throttling/simple.toml
+++ b/integration/fixtures/throttling/simple.toml
@ -19,5 +19,6 @@
    insecure = true

 [metrics]
+  addInternals = true
  [metrics.prometheus]
    buckets = [0.1,0.3,1.2,5.0]
--- a/integration/fixtures/tracing/simple-opentelemetry.toml
+++ b/integration/fixtures/tracing/simple-opentelemetry.toml
@ -9,6 +9,8 @@
 [api]
  insecure = true

+[ping]
+
 [entryPoints]
  [entryPoints.web]
    address = ":8000"
@ -47,6 +49,10 @@
    Service = "service3"
    Middlewares = ["retry", "basic-auth"]
    Rule = "Path(`/auth`)"
+  [http.routers.customPing]
+    entryPoints = ["web"]
+    rule = "PathPrefix(`/ping`)"
+    service = "ping@internal"

 [http.middlewares]
  [http.middlewares.retry.retry]
--- a/integration/log_rotation_test.go
+++ b/integration/log_rotation_test.go
@ -57,7 +57,7 @@ func (s *LogRotationSuite) TearDownSuite() {

 func (s *LogRotationSuite) TestAccessLogRotation() {
 	// Start Traefik
-	cmd, _ := s.cmdTraefik(withConfigFile("fixtures/access_log_config.toml"))
+	cmd, _ := s.cmdTraefik(withConfigFile("fixtures/access_log/access_log_base.toml"))
 	defer s.displayTraefikLogFile(traefikTestLogFile)

 	// Verify Traefik started ok
--- a/integration/simple_test.go
+++ b/integration/simple_test.go
@ -287,6 +287,10 @@ func (s *SimpleSuite) TestMetricsPrometheusDefaultEntryPoint() {

 	err = try.GetRequest("http://127.0.0.1:8080/metrics", 1*time.Second, try.BodyContains("_service_"))
 	require.NoError(s.T(), err)
+
+	// No metrics for internals.
+	err = try.GetRequest("http://127.0.0.1:8080/metrics", 1*time.Second, try.BodyNotContains("router=\"api@internal\"", "service=\"api@internal\""))
+	require.NoError(s.T(), err)
 }

 func (s *SimpleSuite) TestMetricsPrometheusTwoRoutersOneService() {
--- a/integration/tracing_test.go
+++ b/integration/tracing_test.go
@ -414,6 +414,67 @@ func (s *TracingSuite) TestOpentelemetryAuth() {
 	s.checkTraceContent(contains)
 }

+func (s *TracingSuite) TestNoInternals() {
+	file := s.adaptFile("fixtures/tracing/simple-opentelemetry.toml", TracingTemplate{
+		WhoamiIP:   s.whoamiIP,
+		WhoamiPort: s.whoamiPort,
+		IP:         s.otelCollectorIP,
+		IsHTTP:     true,
+	})
+
+	s.traefikCmd(withConfigFile(file))
+
+	// wait for traefik
+	err := try.GetRequest("http://127.0.0.1:8080/api/rawdata", time.Second, try.BodyContains("basic-auth"))
+	require.NoError(s.T(), err)
+
+	err = try.GetRequest("http://127.0.0.1:8000/ratelimit", 500*time.Millisecond, try.StatusCodeIs(http.StatusOK))
+	require.NoError(s.T(), err)
+
+	err = try.GetRequest("http://127.0.0.1:8000/ping", 500*time.Millisecond, try.StatusCodeIs(http.StatusOK))
+	require.NoError(s.T(), err)
+	err = try.GetRequest("http://127.0.0.1:8080/ping", 500*time.Millisecond, try.StatusCodeIs(http.StatusOK))
+	require.NoError(s.T(), err)
+
+	baseURL, err := url.Parse("http://" + s.tempoIP + ":3200/api/search")
+	require.NoError(s.T(), err)
+
+	req := &http.Request{
+		Method: http.MethodGet,
+		URL:    baseURL,
+	}
+	// Wait for traces to be available.
+	time.Sleep(10 * time.Second)
+	resp, err := try.Response(req, 5*time.Second)
+	require.NoError(s.T(), err)
+
+	out := &TraceResponse{}
+	content, err := io.ReadAll(resp.Body)
+	require.NoError(s.T(), err)
+	err = json.Unmarshal(content, &out)
+	require.NoError(s.T(), err)
+
+	s.NotEmptyf(len(out.Traces), "expected at least one trace")
+
+	for _, t := range out.Traces {
+		baseURL, err := url.Parse("http://" + s.tempoIP + ":3200/api/traces/" + t.TraceID)
+		require.NoError(s.T(), err)
+
+		req := &http.Request{
+			Method: http.MethodGet,
+			URL:    baseURL,
+		}
+
+		resp, err := try.Response(req, 5*time.Second)
+		require.NoError(s.T(), err)
+
+		content, err := io.ReadAll(resp.Body)
+		require.NoError(s.T(), err)
+
+		require.NotContains(s.T(), content, "@internal")
+	}
+}
+
 func (s *TracingSuite) checkTraceContent(expectedJSON []map[string]string) {
 	s.T().Helper()