Add missing public path and make logging level configurable

r-brown · r-brown · commit 3833c2358903 · 2025-08-04T14:55:06.000+02:00
diff --git a/.github/workflows/labs64io-docker-publish.yml b/.github/workflows/labs64io-docker-publish.yml
@@ -50,3 +50,15 @@ jobs:
             labs64/api-gateway:${{ steps.get_release_tag.outputs.RELEASE_TAG }}
           cache-from: type=gha,scope=${{ github.workflow }}
           cache-to: type=gha,mode=max,scope=${{ github.workflow }}
+
+      - name: Build and push Traefik AuthProxy Docker image
+        uses: docker/build-push-action@v6
+        with:
+          context: ./traefik-authproxy
+          push: true
+          platforms: linux/amd64,linux/arm64/v8
+          tags: |
+            labs64/traefik-authproxy:latest
+            labs64/traefik-authproxy:${{ steps.get_release_tag.outputs.RELEASE_TAG }}
+          cache-from: type=gha,scope=${{ github.workflow }}-traefik-authproxy
+          cache-to: type=gha,mode=max,scope=${{ github.workflow }}-traefik-authproxy
diff --git a/traefik-authproxy/traefik_authproxy.py b/traefik-authproxy/traefik_authproxy.py
@@ -8,6 +8,10 @@
 from jose import jwt
 from jose.exceptions import JWTError, ExpiredSignatureError
 
+# --- Caches ---
+DISCOVERY_CACHE: Dict[str, Any] = {}
+JWKS_CACHE: Dict[str, Any] = {}
+
 # --- Configuration ---
 KEYCLOAK_URL = os.getenv("KEYCLOAK_URL", "http://keycloak.tools.svc.cluster.local")
 KEYCLOAK_REALM = os.getenv("KEYCLOAK_REALM", "default")
@@ -19,14 +23,14 @@
 KEYCLOAK_AUDIENCE = os.getenv("KEYCLOAK_AUDIENCE", "account")
 ROLE_MAPPING_FILE = os.getenv("ROLE_MAPPING_FILE", "role_mapping.yaml")
 
-# --- Caches ---
-DISCOVERY_CACHE: Dict[str, Any] = {}
-JWKS_CACHE: Dict[str, Any] = {}
+LOG_LEVEL = os.getenv("LOG_LEVEL", "INFO").upper()
+LOG_FORMAT = "%(asctime)s - %(levelname)s - %(message)s"
 
 # --- Logging ---
-logging.basicConfig(level=logging.INFO, format="%(asctime)s - %(levelname)s - %(message)s")
-app_logger = logging.getLogger("forwardauth")
-app_logger.setLevel(logging.DEBUG)
+numeric_level = getattr(logging, LOG_LEVEL, logging.INFO)
+logging.basicConfig(level=numeric_level, format=LOG_FORMAT)
+app_logger = logging.getLogger("traefik_authproxy")
+app_logger.setLevel(numeric_level)
 
 # --- App Initialization ---
 app = FastAPI(
@@ -150,6 +154,7 @@ def is_public_path(path: str) -> bool:
 @app.post("/auth")
 async def authenticate(request: Request):
     forwarded_uri = request.headers.get("X-Forwarded-Uri", "/")
+    app_logger.debug(f"Received request on forwarded URI: {forwarded_uri}")
 
     if is_public_path(forwarded_uri):
         app_logger.info(f"Public access granted to: {forwarded_uri}")
