feat: Add log processing script to opa for decision logging

opa/Dockerfile

@@ -10,7 +10,18 @@ ARG BUNDLE_BUILDER_VERSION
 # Update image and install everything needed for Rustup & Rust
 RUN microdnf update --disablerepo=* --enablerepo=ubi-8-appstream-rpms --enablerepo=ubi-8-baseos-rpms -y \
   && rm -rf /var/cache/yum \
-  && microdnf install --disablerepo=* --enablerepo=ubi-8-appstream-rpms --enablerepo=ubi-8-baseos-rpms curl findutils gcc gcc-c++ git make cmake openssl-devel pkg-config systemd-devel unzip -y \
+  && microdnf install --disablerepo=* --enablerepo=ubi-8-appstream-rpms --enablerepo=ubi-8-baseos-rpms -y \
+  curl \
+  findutils \
+  gcc \
+  gcc-c++ \
+  git \
+  make \
+  cmake \
+  openssl-devel \
+  pkg-config \
+  systemd-devel \
+  unzip \
   && rm -rf /var/cache/yum
 
 WORKDIR /
@@ -60,8 +71,12 @@ LABEL name="Open Policy Agent" \
       description="This image is deployed by the Stackable Operator for OPA."
 
 RUN microdnf update && \
-    microdnf install tar gzip && \
-    microdnf clean all
+    microdnf install \
+    tar \
+    gzip \
+    # Required for filtering logs
+    jq \
+    && microdnf clean all
 
 COPY opa/licenses /licenses
 
@@ -76,4 +91,8 @@ RUN curl --fail -L "https://repo.stackable.tech/repository/packages/opa/opa_${TA
 COPY --from=opa-bundle-builder --chown=stackable:stackable /opa-bundle-builder/target/release/stackable-opa-bundle-builder /stackable/opa-bundle-builder
 COPY --from=multilog-builder --chown=stackable:stackable /daemontools/admin/daemontools/command/multilog /stackable/multilog
 
-CMD ["./opa", "run", "-s"]
+COPY --chown=stackable:stackable opa/stackable/bin /stackable/opa/bin
+
+ENV PATH="${PATH}":/stackable/opa:/stackable/opa/bin
+
+CMD ["opa", "run", "-s"]

opa/stackable/bin/process-logs

@@ -0,0 +1,108 @@
+#!/usr/bin/env bash
+#
+# This file was created by the Stackable developers.
+#
+# Usage: process-logs <options>
+# Options:
+#   --console-log-level <log-level>
+#   --file-log-level <log-level>
+#   --decision-log-level <log-level>
+#   --server-log-level <log-level>
+#   --help
+#
+# Processes incoming log messages. Log messages are filtered by the set log levels
+# and forwarded to the output destinations console and/or file.
+#
+
+# inputs
+CONSOLE_LEVEL="info"
+FILE_LEVEL="info"
+SERVER_LEVEL="info"
+DECISION_LEVEL="info"
+
+# inputs forwarded to /stackable/multilog script
+OPA_ROLLING_LOG_FILE_SIZE_BYTES=5000000
+OPA_ROLLING_LOG_FILES=2
+STACKABLE_LOG_DIR=/stackable/log
+CONTAINER_NAME=opa
+
+parse_args() {
+  while true; do
+    case $1 in
+        --console-log-level)
+            shift
+            CONSOLE_LEVEL=$1
+            ;;
+        --file-log-level)
+            shift
+            FILE_LEVEL=$1
+            ;;
+        --decision-log-level)
+            shift
+            DECISION_LEVEL=$1
+            ;;
+        --server-log-level)
+            shift
+            SERVER_LEVEL=$1
+            ;;
+        --opa-rolling-log-file-size-bytes)
+            shift
+            OPA_ROLLING_LOG_FILE_SIZE_BYTES=$1
+            ;;
+        --opa-rolling-log-files)
+            shift
+            OPA_ROLLING_LOG_FILES=$1
+            ;;
+        --stackable-log-dir)
+            shift
+            STACKABLE_LOG_DIR=$1
+            ;;
+        --container-name)
+            shift
+            CONTAINER_NAME=$1
+            ;;
+        *)
+            break
+            ;;
+    esac
+    shift
+  done
+}
+
+get_levels() {
+    case $1 in
+        fatal)
+            echo '["fatal"]' ;;
+        error)
+            echo '["error","fatal"]' ;;
+        warn)
+            echo '["warn","error","fatal"]' ;;
+        info)
+            echo '["info","warn","error","fatal"]' ;;
+        debug)
+            echo '["debug","info","warn","error","fatal"]' ;;
+        trace)
+            echo '["trace","debug","info","warn","error","fatal"]' ;;
+        *)
+            echo '[""]' ;;
+    esac
+}
+
+main() {
+    parse_args $@
+
+    local DECISION_LEVELS=$(get_levels $DECISION_LEVEL)
+    local SERVER_LEVELS=$(get_levels $SERVER_LEVEL)
+    local CONSOLE_LEVELS=$(get_levels $CONSOLE_LEVEL)
+    local FILE_LEVELS=$(get_levels $FILE_LEVEL)
+
+    jq -c --unbuffered 'if .decision_id then .logger = "decision" else .logger = "server" end' |
+    jq -c --unbuffered --arg decision_levels $DECISION_LEVELS --arg server_levels $SERVER_LEVELS \
+        'select(((.logger == "decision") and (.level | inside($decision_levels))) or 
+        ((.logger == "server") and (.level | inside($server_levels))))' |
+    tee >(jq -c --unbuffered --arg file_levels $FILE_LEVELS 'select(.level | inside($file_levels))' \
+        > >(/stackable/multilog s$OPA_ROLLING_LOG_FILE_SIZE_BYTES n$OPA_ROLLING_LOG_FILES $STACKABLE_LOG_DIR/$CONTAINER_NAME)) |
+    jq -c --unbuffered --arg console_levels $CONSOLE_LEVELS 'select(.level | inside($console_levels))'
+}
+
+main $@