feat: expose log level

semgr8ns · Jun 13, 2024 · 142bfb8 · 142bfb8
1 parent 711a3bf
commit 142bfb8
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 7 deletions.
diff --git a/charts/semgr8s/templates/env.yaml b/charts/semgr8s/templates/env.yaml
@@ -6,5 +6,6 @@ metadata:
  {{- include "semgr8s.labels" . | nindent 4 }}
 data:
  ENFORCE: {{ .Values.application.enforce | quote }}
+ LOG_LEVEL: {{.Values.application.logLevel | default "INFO"}}
  SEMGREP_RULES: {{ join " " .Values.application.remoteRules | quote }}
  NAMESPACE: {{ .Release.Namespace }}
diff --git a/charts/semgr8s/values.yaml b/charts/semgr8s/values.yaml
@@ -63,11 +63,16 @@ webhooks: # configuration options for webhooks described under https://kubernet
  operations: ["CREATE", "UPDATE"]
 
 application:
- enforce: true # fail on rule violation (true/false)
+ # Configure the log level. Either one of `DEBUG`, `INFO`, `WARNING`, `ERROR`, `CRITICAL`. Defaults to `INFO`
+ logLevel: INFO
+ # fail on rule violation (true/false)
+ enforce: true
  # remoteRules: Apply remote rules from e.g.
  # * semgrep registry: https://semgrep.dev/r
  # * semgrep-rules github repo: https://github.com/semgrep/semgrep-rules
  # common choices: p/kubernetes, r/yaml.kubernetes
  remoteRules: ["p/kubernetes"]
- autofix: false # apply semgrep fixes before validation (see https://semgrep.dev/docs/writing-rules/autofix)
- semgrepLogin: false # requires generic secret with name 'semgrep-app-token' and key 'token' in semgr8ns namespace
+ # apply semgrep fixes before validation (see https://semgrep.dev/docs/writing-rules/autofix)
+ autofix: false
+ # requires generic secret with name 'semgrep-app-token' and key 'token' in semgr8ns namespace
+ semgrepLogin: false
diff --git a/semgr8s/__main__.py b/semgr8s/__main__.py
@@ -3,6 +3,7 @@
 """
 
 import logging
+import os
 
 from apscheduler.schedulers.background import BackgroundScheduler
 from cheroot.server import HTTPServer
@@ -12,8 +13,10 @@
 from semgr8s.app import APP
 from semgr8s.updater import update_rules
 
+
 if __name__ == "__main__":
- APP.logger.setLevel(logging.DEBUG)
+ LOG_LEVEL = os.environ.get("LOG_LEVEL", "INFO")
+ APP.logger.setLevel(logging.getLevelName(LOG_LEVEL))
 
  scheduler = BackgroundScheduler()
  job = scheduler.add_job(update_rules, "interval", minutes=1)

diff --git a/semgr8s/app.py b/semgr8s/app.py
@@ -186,13 +186,15 @@ def send_response(allowed, uid, code, msg, patch=None):
  """
  Prepare json response in expected format based on validation result.
  """
- APP.logger.info(
- "> response:(allowed=%s, uid=%s, status_code=%s msg=%s)",
+ APP.logger.warning(
+ "> response:(allowed=%s, uid=%s, status_code=%s, msg=%s, audit=%s)",
  allowed | AUDIT,
  uid,
  code,
- msg,
+ msg.replace("\n", ""),
+ AUDIT,
  )
+
  review = {
  "apiVersion": "admission.k8s.io/v1",
  "kind": "AdmissionReview",