Mo: add option to turn off stream logs when access log is set to off

[Binsabbar]

Proposed changes

During DoS attack the stream logs still writes logs, unlike when it is in HTTP, where the DoS automatically turn off access log based on the value of $loggable used in dos access log.

Since there is already an option to turn off access_log for default http server, it was not added for default stream server. I used the same variable to also turn off the stream access log.

If a new variable is preferred, please let me know.

Checklist

Before creating a PR, run through this checklist and mark each as complete.

• I have read the CONTRIBUTING doc
• I have added tests that prove my fix is effective or that my feature works
• I have checked that all unit tests pass after adding my changes
• I have updated necessary documentation
• I have rebased my branch onto main
• I will ensure my PR is targeting the main branch and pulling from my branch from my own fork

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 52.35%. Comparing base (c44b1a5) to head (6efdaa3).
Report is 623 commits behind head on main.

❗ Current head 6efdaa3 differs from pull request most recent head 7ede785. Consider uploading reports for the commit 7ede785 to get more accurate results

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3701      +/-   ##
==========================================
+ Coverage   51.95%   52.35%   +0.40%     
==========================================
  Files          59       59              
  Lines       16762    16880     +118     
==========================================
+ Hits         8708     8838     +130     
+ Misses       7755     7747       -8     
+ Partials      299      295       -4     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[haywoodsh]

Hi @Binsabbar Thanks for submitting this pull request. We're currently reviewing your proposed changes with the team to investigate the impact of this and determine if we need to use another config map key for the stream block. We'll let you know as soon as possible. Thanks for your patience.

[lucacome]

Seems reasonable to me. @Binsabbar can you please update your commit message and PR title following the guidelines? Thanks!

[Binsabbar]

Seems reasonable to me. @Binsabbar can you please update your commit message and PR title following the guidelines? Thanks!

Sure I will work on that

[Binsabbar]

@lucacome @haywoodsh I am having a second though about how I implemented this. Currently there are two variables to control access_log for server blocks in thehttp block.

• AccessLogOff in template file, which controls overall non-default server blocks.
• DefaultServerAccessLogOff in template file, which only controls the default server block in http block.

In my PR I used AccessLogOff as a way to control stream block default logs. The AccessLogOff if set to true will also turn off the logs for server blocks in the http block.

I can think of two options:

1. Use DefaultServerAccessLogOff instead of AccessLogOff to turn off stream logs.
2. Introduce new configuration key to control stream access logs name it StreamAccessLogOff.

what do you think? (I will need some directions on implementing option 2)

[Binsabbar]

HI @brianehlert , can you provide me with a preferred option? and in case of option 2, can you provide me with direction?

[Binsabbar]

I think I found out how to do it and introduce a new StreamAccessLogOff and use it in the template file.

I will work on this one this week, and update my MR. I think introducing a new variable is cleaner

[shaun-nx]

Hi @Binsabbar apologies for the delay on our responding to this.
I would say having the StreamAccessLogOff option would be best. If you still want help in knowing what files you should edit for this please let us know.

Since this would be a new ConfigMap key, we will need to add an entry for that setting in our docs here: https://docs.nginx.com/nginx-ingress-controller/configuration/global-configuration/configmap-resource/#logging

There is currently a PR open which will be re-structuring our docs. I would wait for this PR to be merged before making any docs related changes (This PR is expected to be merged today 🤞 ) #4620

[github-actions]

This PR is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 10 days.

[github-actions]

This PR is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 10 days.

[j1m-ryan]

We recently merged a PR that changed logging behaviour. We interested in brining this functionality from http to stream. We have an issue for it here #6171. Are you still interested in doing this?