Make access log attributes configurable (#932)

* Make access log attributes configurable

* Fix unit tests

* Apply to Bamboo and Crowd

---------

Co-authored-by: Yevhen Ivantsov <[email protected]>

src/main/charts/bamboo/README.md

@@ -105,7 +105,7 @@ Kubernetes: `>=1.21.x-0`
 | bamboo.sysadminCredentials.passwordSecretKey | string | `"password"` | The key in the Kubernetes Secret that contains the sysadmin password  |
 | bamboo.sysadminCredentials.secretName | string | `nil` | The secret that contains the admin user information  |
 | bamboo.sysadminCredentials.usernameSecretKey | string | `"username"` | The key in the Kubernetes Secret that contains the sysadmin username  |
-| bamboo.tomcatConfig | object | `{"acceptCount":"100","address":null,"bambooEncryptionKey":null,"clientAuth":null,"compressibleMimeType":null,"compression":null,"compressionMinSize":null,"connectionTimeout":"20000","customServerXml":"","enableLookups":"false","generateByHelm":false,"keyPass":null,"keystoreFile":null,"keystorePass":null,"maxHttpHeaderSize":"8192","maxThreads":"100","mgmtPort":"8005","minSpareThreads":"10","port":"8085","protocol":"HTTP/1.1","proxyInternalIps":null,"proxyName":null,"proxyPort":null,"redirectPort":"8443","requestAttributesEnabled":null,"scheme":null,"secret":null,"secretRequired":null,"secure":null,"sslCertificateFile":null,"sslCertificateKeyFile":null,"sslEnabled":null,"sslPass":null,"sslProtocol":null,"stuckThreadDetectionValveThreshold":"120","trustedProxies":null,"truststoreFile":null,"truststorePass":null}` | By default Tomcat's server.xml is generated in the container entrypoint from a template shipped with an official Bamboo image. However, server.xml generation may fail if container is not run as root, which is a common case if Bamboo is deployed to OpenShift. See: https://bitbucket.org/atlassian-docker/docker-bamboo-server/src/master/README.md for a complete list of xml elements. |
+| bamboo.tomcatConfig | object | `{"acceptCount":"100","accessLogMaxDays":"-1","address":null,"bambooEncryptionKey":null,"clientAuth":null,"compressibleMimeType":null,"compression":null,"compressionMinSize":null,"connectionTimeout":"20000","customServerXml":"","enableLookups":"false","generateByHelm":false,"keyPass":null,"keystoreFile":null,"keystorePass":null,"maxHttpHeaderSize":"8192","maxThreads":"100","mgmtPort":"8005","minSpareThreads":"10","port":"8085","protocol":"HTTP/1.1","proxyInternalIps":null,"proxyName":null,"proxyPort":null,"redirectPort":"8443","requestAttributesEnabled":"false","scheme":null,"secret":null,"secretRequired":null,"secure":null,"sslCertificateFile":null,"sslCertificateKeyFile":null,"sslEnabled":null,"sslPass":null,"sslProtocol":null,"stuckThreadDetectionValveThreshold":"120","trustedProxies":null,"truststoreFile":null,"truststorePass":null}` | By default Tomcat's server.xml is generated in the container entrypoint from a template shipped with an official Bamboo image. However, server.xml generation may fail if container is not run as root, which is a common case if Bamboo is deployed to OpenShift. See: https://bitbucket.org/atlassian-docker/docker-bamboo-server/src/master/README.md for a complete list of xml elements. |
 | bamboo.tomcatConfig.customServerXml | string | `""` | Custom server.xml to be mounted into /opt/atlassian/bamboo/conf  |
 | bamboo.tomcatConfig.generateByHelm | bool | `false` | Mount server.xml as a ConfigMap. Override configuration elements if necessary  |
 | bamboo.topologySpreadConstraints | list | `[]` | Defines topology spread constraints for Bamboo pods. See details: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/  |

src/main/charts/bamboo/templates/configmap-server-config.yaml

@@ -141,6 +141,7 @@ data:
 
           </Host>
           <Valve className="org.apache.catalina.valves.AccessLogValve"
+                 maxDays="{{ .Values.bamboo.tomcatConfig.accessLogMaxDays | default "-1" }}"
                  requestAttributesEnabled="{{ .Values.bamboo.tomcatConfig.requestAttributesEnabled | default "false" }}"
                  pattern="%a %{bamboo.request.id}r %{bamboo.request.username}r %t &quot;%m %U%q %H&quot; %s %b %D &quot;%{Referer}i&quot; &quot;%{User-Agent}i&quot; &quot;%{bamboo.request.assession.id}r&quot;"/>
         </Engine>

src/main/charts/bamboo/values.yaml

@@ -886,7 +886,8 @@ bamboo:
     compressionMinSize:
     proxyInternalIps:
     trustedProxies:
-    requestAttributesEnabled:
+    requestAttributesEnabled: "false"
+    accessLogMaxDays: "-1"
     stuckThreadDetectionValveThreshold: "120"
 
     # -- Custom server.xml to be mounted into /opt/atlassian/bamboo/conf

src/main/charts/confluence/README.md

@@ -100,7 +100,7 @@ Kubernetes: `>=1.21.x-0`
 | confluence.startupProbe.failureThreshold | int | `120` | The number of consecutive failures of the Confluence container startup probe before the pod fails startup checks.  |
 | confluence.startupProbe.initialDelaySeconds | int | `60` | Time to wait before starting the first probe  |
 | confluence.startupProbe.periodSeconds | int | `5` | How often (in seconds) the Confluence container startup probe will run  |
-| confluence.tomcatConfig | object | `{"acceptCount":"100","connectionTimeout":"20000","customServerXml":"","debug":"0","enableLookups":"false","generateByHelm":false,"maxHttpHeaderSize":"8192","maxThreads":"100","mgmtPort":"8000","minSpareThreads":"10","port":"8090","protocol":"org.apache.coyote.http11.Http11NioProtocol","proxyInternalIps":null,"proxyName":null,"proxyPort":null,"redirectPort":"8443","scheme":null,"secure":null,"stuckThreadDetectionValveThreshold":"60","trustedProxies":null,"uriEncoding":"UTF-8"}` | By default Tomcat's server.xml is generated in the container entrypoint from a template shipped with an official Confluence image. However, server.xml generation may fail if container is not run as root, which is a common case if Confluence is deployed to OpenShift.  |
+| confluence.tomcatConfig | object | `{"acceptCount":"100","accessLogMaxDays":"-1","connectionTimeout":"20000","customServerXml":"","debug":"0","enableLookups":"false","generateByHelm":false,"maxHttpHeaderSize":"8192","maxThreads":"100","mgmtPort":"8000","minSpareThreads":"10","port":"8090","protocol":"org.apache.coyote.http11.Http11NioProtocol","proxyInternalIps":null,"proxyName":null,"proxyPort":null,"redirectPort":"8443","requestAttributesEnabled":"false","scheme":null,"secure":null,"stuckThreadDetectionValveThreshold":"60","trustedProxies":null,"uriEncoding":"UTF-8"}` | By default Tomcat's server.xml is generated in the container entrypoint from a template shipped with an official Confluence image. However, server.xml generation may fail if container is not run as root, which is a common case if Confluence is deployed to OpenShift.  |
 | confluence.tomcatConfig.customServerXml | string | `""` | Custom server.xml to be mounted into /opt/atlassian/confluence/conf  |
 | confluence.tomcatConfig.generateByHelm | bool | `false` | Mount server.xml as a ConfigMap. Override configuration elements if necessary  |
 | confluence.topologySpreadConstraints | list | `[]` | Defines topology spread constraints for Confluence pods. See details: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/  |

src/main/charts/confluence/templates/configmap-server-config.yaml

@@ -51,11 +51,12 @@ data:
                      threshold="{{ .Values.confluence.tomcatConfig.stuckThreadDetectionValveThreshold | default "60" }}" />
             {{ if .Values.confluence.accessLog.enabled }}
               <Valve className="org.apache.catalina.valves.AccessLogValve"
-                     requestAttributesEnabled="true"
+                     requestAttributesEnabled="{{ .Values.confluence.tomcatConfig.requestAttributesEnabled | default "false" }}"
                      directory="logs"
                      prefix="confluence_access"
                      suffix=".log"
                      rotatable="true"
+                     maxDays="{{ .Values.confluence.tomcatConfig.accessLogMaxDays | default "-1" }}"
                      pattern="%h %{X-AUSERNAME}o %t &quot;%r&quot; %s %b %D %U %I &quot;%{User-Agent}i&quot;" />
               <Valve className="org.apache.catalina.valves.RemoteIpValve"
                      proxiesHeader="x-forwarded-by"

src/main/charts/confluence/values.yaml

@@ -951,7 +951,8 @@ confluence:
     proxyInternalIps:
     trustedProxies:
     stuckThreadDetectionValveThreshold: "60"
-
+    accessLogMaxDays: "-1"
+    requestAttributesEnabled: "false"
 
     # -- Custom server.xml to be mounted into /opt/atlassian/confluence/conf
     #

src/main/charts/crowd/README.md

@@ -83,7 +83,7 @@ Kubernetes: `>=1.21.x-0`
 | crowd.startupProbe.initialDelaySeconds | int | `60` | Time to wait before starting the first probe  |
 | crowd.startupProbe.periodSeconds | int | `5` | How often (in seconds) the Crowd container startup probe will run  |
 | crowd.tomcatConfig.acceptCount | string | `"100"` |  |
-| crowd.tomcatConfig.accessLogsMaxDays | string | `nil` |  |
+| crowd.tomcatConfig.accessLogsMaxDays | string | `"-1"` |  |
 | crowd.tomcatConfig.connectionTimeout | string | `"20000"` |  |
 | crowd.tomcatConfig.enableLookups | string | `"false"` |  |
 | crowd.tomcatConfig.generateByHelm | bool | `false` | Mount server.xml as a ConfigMap. Override configuration elements if necessary  |
@@ -97,6 +97,7 @@ Kubernetes: `>=1.21.x-0`
 | crowd.tomcatConfig.proxyName | string | `nil` |  |
 | crowd.tomcatConfig.proxyPort | string | `nil` |  |
 | crowd.tomcatConfig.redirectPort | string | `"8443"` |  |
+| crowd.tomcatConfig.requestAttributesEnabled | string | `"false"` |  |
 | crowd.tomcatConfig.scheme | string | `nil` |  |
 | crowd.tomcatConfig.secure | string | `nil` |  |
 | crowd.topologySpreadConstraints | list | `[]` | Defines topology spread constraints for Crowd pods. See details: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/  |

src/main/charts/crowd/templates/configmap-server-config.yaml

@@ -53,7 +53,7 @@ data:
         </Host>
         {{- if .Values.crowd.accessLog.enabled }}
             <Valve className="org.apache.catalina.valves.AccessLogValve"
-                   requestAttributesEnabled="true"
+                   requestAttributesEnabled="{{ .Values.crowd.tomcatConfig.requestAttributesEnabled | default "false" }}"
                    directory="logs"
                    prefix="crowd_access"
                    suffix=".log"

src/main/charts/crowd/values.yaml

@@ -383,7 +383,8 @@ crowd:
     # proxyPort is set depending on ingress.https value (80 if http, 443 if https)
     proxyPort:
     maxHttpHeaderSize: "8192"
-    accessLogsMaxDays:
+    accessLogsMaxDays: "-1"
+    requestAttributesEnabled: "false"
     proxyInternalIps:
 
   # -- Specifies a list of additional Java libraries that should be added to the

src/main/charts/jira/README.md

@@ -133,7 +133,7 @@ Kubernetes: `>=1.21.x-0`
 | jira.startupProbe.failureThreshold | int | `120` | The number of consecutive failures of the Jira container startup probe before the pod fails startup checks.  |
 | jira.startupProbe.initialDelaySeconds | int | `60` | Time to wait before starting the first probe  |
 | jira.startupProbe.periodSeconds | int | `5` | How often (in seconds) the Jira container startup probe will run  |
-| jira.tomcatConfig | object | `{"acceptCount":"100","connectionTimeout":"20000","customServerXml":"","enableLookups":"false","generateByHelm":false,"maxHttpHeaderSize":"8192","maxThreads":"100","mgmtPort":"8005","minSpareThreads":"10","port":"8080","protocol":"HTTP/1.1","proxyName":null,"proxyPort":null,"redirectPort":"8443","scheme":null,"secure":null,"stuckThreadDetectionValveThreshold":"120"}` | By default Tomcat's server.xml is generated in the container entrypoint from a template shipped with an official Jira image. However, server.xml generation may fail if container is not run as root, which is a common case if Jira is deployed to OpenShift.  |
+| jira.tomcatConfig | object | `{"acceptCount":"100","accessLogMaxDays":"-1","connectionTimeout":"20000","customServerXml":"","enableLookups":"false","generateByHelm":false,"maxHttpHeaderSize":"8192","maxThreads":"100","mgmtPort":"8005","minSpareThreads":"10","port":"8080","protocol":"HTTP/1.1","proxyName":null,"proxyPort":null,"redirectPort":"8443","requestAttributesEnabled":"false","scheme":null,"secure":null,"stuckThreadDetectionValveThreshold":"120"}` | By default Tomcat's server.xml is generated in the container entrypoint from a template shipped with an official Jira image. However, server.xml generation may fail if container is not run as root, which is a common case if Jira is deployed to OpenShift.  |
 | jira.tomcatConfig.customServerXml | string | `""` | Custom server.xml to be mounted into /opt/atlassian/jira/conf  |
 | jira.tomcatConfig.generateByHelm | bool | `false` | Mount server.xml as a ConfigMap. Override configuration elements if necessary  |
 | jira.topologySpreadConstraints | list | `[]` | Defines topology spread constraints for Jira pods. See details: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/  |

src/main/charts/jira/templates/configmap-server-config.yaml

@@ -69,6 +69,8 @@ data:
 
           </Host>
           <Valve className="org.apache.catalina.valves.AccessLogValve"
+                 maxDays="{{ .Values.jira.tomcatConfig.accessLogMaxDays | default "-1" }}"
+                 requestAttributesEnabled="{{ .Values.jira.tomcatConfig.requestAttributesEnabled | default "false" }}"
                  pattern="%a %{jira.request.id}r %{jira.request.username}r %t &quot;%m %U%q %H&quot; %s %b %D &quot;%{Referer}i&quot; &quot;%{User-Agent}i&quot; &quot;%{jira.request.assession.id}r&quot;"/>
         </Engine>
 

src/main/charts/jira/values.yaml

@@ -815,6 +815,8 @@ jira:
     proxyPort:
     maxHttpHeaderSize: "8192"
     stuckThreadDetectionValveThreshold: "120"
+    accessLogMaxDays: "-1"
+    requestAttributesEnabled: "false"
 
     # -- Custom server.xml to be mounted into /opt/atlassian/jira/conf
     #

src/test/java/test/ServerConfigTest.java

@@ -113,6 +113,8 @@ void server_config_config_map(Product product, String generatedByHelm, String re
         // assert a few server.xml elements in server-config ConfigMap
         KubeResource serverConfigMap = resources.get(Kind.ConfigMap, product.getHelmReleaseName() + "-server-config");
         assertThat(serverConfigMap.getConfigMapData().path("server.xml")).hasTextContaining("Connector port=\"1234\"");
+        assertThat(serverConfigMap.getConfigMapData().path("server.xml")).hasTextContaining("maxDays=\"-1\"");
+        assertThat(serverConfigMap.getConfigMapData().path("server.xml")).hasTextContaining("requestAttributesEnabled=\"false\"");
         assertThat(serverConfigMap.getConfigMapData().path("server.xml")).hasTextContaining("acceptCount=\"5678\"");
         assertThat(serverConfigMap.getConfigMapData().path("server.xml")).hasTextContaining("maxHttpHeaderSize=\"9876\"");
         assertThat(serverConfigMap.getConfigMapData().path("server.xml")).hasTextContaining("proxyPort=\"443\"");

src/test/resources/expected_helm_output/bamboo-agent/output.yaml

@@ -46,7 +46,7 @@ spec:
   template:
     metadata:
       annotations:
-        checksum/config-jvm: 7840cc3e79fba7837aee076a182650b787c8f53f1919ec199b7adc3e7b1abccb
+        checksum/config-jvm: 8587a9721b627f0dfd7a359dbee53d0a010f75d293f03f5a160104dc9d15101a
       labels:
         app.kubernetes.io/name: bamboo-agent
         app.kubernetes.io/instance: unittest-bamboo-agent

src/test/resources/expected_helm_output/bamboo/output.yaml

@@ -184,6 +184,7 @@ data:
         usernameSecretKey: adminTestUsernameKey
       tomcatConfig:
         acceptCount: "100"
+        accessLogMaxDays: "-1"
         address: null
         bambooEncryptionKey: null
         clientAuth: null
@@ -207,7 +208,7 @@ data:
         proxyName: null
         proxyPort: null
         redirectPort: "8443"
-        requestAttributesEnabled: null
+        requestAttributesEnabled: "false"
         scheme: null
         secret: null
         secretRequired: null
@@ -450,7 +451,7 @@ spec:
   template:
     metadata:
       annotations:
-        checksum/config-jvm: 3adff5bd3002b33d2f9ede62864902898e58a0ede65de2c485424c36e855f629
+        checksum/config-jvm: c41bc799b8b23af6a3170c4635ef9fa71edb855f1d47e25eaa8e8acfa9ca43e1
       labels:
         helm.sh/chart: bamboo-1.22.1
         app.kubernetes.io/name: bamboo

src/test/resources/expected_helm_output/bitbucket/output.yaml

@@ -593,7 +593,7 @@ spec:
   template:
     metadata:
       annotations:
-        checksum/config-jvm: 325d0f8b0fb850d725ad0e9b17f9ffb5afe1e87176215d4c59afaa987034fbc4
+        checksum/config-jvm: 2749f9462255f51e691b5c20440ba6926c4e36eede24448f852a4c9b9f3293fc
       labels:
         app.kubernetes.io/name: bitbucket-mesh
         app.kubernetes.io/instance: unittest-bitbucket
@@ -714,7 +714,7 @@ spec:
   template:
     metadata:
       annotations:
-        checksum/config-jvm: 904ee5cdf24aa3f20010c1bd0a75de5c1755f2b4a68fb2361e1e36e8b8464eec
+        checksum/config-jvm: 769b21f2174a73dca3bd26f10a6ebcf67d6c70b9481a618d4d0808d6e40799d2
       labels:
         helm.sh/chart: bitbucket-1.22.1
         app.kubernetes.io/name: bitbucket

src/test/resources/expected_helm_output/confluence/output.yaml

@@ -180,6 +180,7 @@ data:
         periodSeconds: 5
       tomcatConfig:
         acceptCount: "100"
+        accessLogMaxDays: "-1"
         connectionTimeout: "20000"
         customServerXml: ""
         debug: "0"
@@ -195,6 +196,7 @@ data:
         proxyName: null
         proxyPort: null
         redirectPort: "8443"
+        requestAttributesEnabled: "false"
         scheme: null
         secure: null
         stuckThreadDetectionValveThreshold: "60"
@@ -637,7 +639,7 @@ spec:
   template:
     metadata:
       annotations:
-        checksum/config-jvm: 0be7e4380d8a71217f79c8ea3e714e9bbc003d9eb19cfe363980fe2f04087fbf
+        checksum/config-jvm: 12b2bf4a8a471b4be5acc06995810c8331609e8aa3f237e44dd62e27888f85df
       labels:
         helm.sh/chart: confluence-1.22.1
         app.kubernetes.io/name: confluence

src/test/resources/expected_helm_output/crowd/output.yaml

@@ -160,7 +160,7 @@ data:
         periodSeconds: 5
       tomcatConfig:
         acceptCount: "100"
-        accessLogsMaxDays: null
+        accessLogsMaxDays: "-1"
         connectionTimeout: "20000"
         enableLookups: "false"
         generateByHelm: false
@@ -174,6 +174,7 @@ data:
         proxyName: null
         proxyPort: null
         redirectPort: "8443"
+        requestAttributesEnabled: "false"
         scheme: null
         secure: null
       topologySpreadConstraints: []
@@ -374,7 +375,7 @@ spec:
   template:
     metadata:
       annotations:
-        checksum/config-jvm: 87bf8a70efc8e508ac8cef16c7ec7ed9a4383fbd561d0775996a538f82bda1ef
+        checksum/config-jvm: 959bd1ffef2f05dc8025f24a6c7e5af1d8c91b90d88d64f7b9e22b80d3553ec3
       labels:
         helm.sh/chart: crowd-1.22.1
         app.kubernetes.io/name: crowd

src/test/resources/expected_helm_output/jira/output.yaml

@@ -220,6 +220,7 @@ data:
         periodSeconds: 5
       tomcatConfig:
         acceptCount: "100"
+        accessLogMaxDays: "-1"
         connectionTimeout: "20000"
         customServerXml: ""
         enableLookups: "false"
@@ -233,6 +234,7 @@ data:
         proxyName: null
         proxyPort: null
         redirectPort: "8443"
+        requestAttributesEnabled: "false"
         scheme: null
         secure: null
         stuckThreadDetectionValveThreshold: "120"
@@ -401,7 +403,7 @@ spec:
   template:
     metadata:
       annotations:
-        checksum/config-jvm: 9874e836468ba673419d9305856e7570c1c7e752338d664e62b9d32180107b9a
+        checksum/config-jvm: 3294c8cdaf5ff4579163b6eaad63d6ce37838bc0101e7b903b1d2913c5a882a9
       labels:
         helm.sh/chart: jira-1.22.1
         app.kubernetes.io/name: jira