feat: Add JSON Log Format Support to Vault CSI Provider

[khajanwolt]

Summary

This PR adds support for JSON-formatted logging to the vault-csi-provider, enabling better integration with log aggregation systems like Datadog, ELK, and Splunk.

Changes

Core Implementation

New CLI Flag:

• Added -log-format flag with support for json and text formats
• Default format remains text to maintain backward compatibility
• Case-insensitive validation (accepts JSON, TEXT, etc.)

Files Modified:

• main.go: Implemented setupLogger() function with format selection logic
• internal/config/config.go: Added LogFormat field to FlagsConfig

Testing

Unit Tests (main_test.go):

• TestSetupLoggerFormat: Validates format configuration (JSON, TEXT, default)
• TestSetupLoggerFormatValidation: Tests case-insensitive validation
• TestSetupLoggerIntegration: End-to-end JSON output verification
• All existing tests continue to pass

Test Configuration:

• test/bats/configs/vault-csi-provider-test.yaml: Kubernetes test manifest
• test/bats/configs/test-app-with-vault-secrets.yaml: Sample app for mount testing

Usage

Command Line

# JSON format (for log aggregation systems)
vault-csi-provider -log-format=json -log-level=info

# Text format (human-readable, default)
vault-csi-provider -log-format=text -log-level=info

Kubernetes Deployment

args:
- -endpoint=/provider/vault.sock
- -log-level=info
- -log-format=json  # Add this line

Example Output

JSON Format

{"@level":"info","@message":"Logger initialized","@module":"vault-csi-provider","@timestamp":"2025-10-07T23:14:08.986Z","format":"json","level":"info"}
{"@level":"info","@message":"Creating new gRPC server","@module":"vault-csi-provider","@timestamp":"2025-10-07T23:14:08.987Z"}
{"@level":"info","@message":"Processing unary gRPC call","grpc.method":"/v1alpha1.CSIDriverProvider/MountSecretsStoreObjectContent","@timestamp":"..."}

Manual Testing

# Build and test locally
go build -o vault-csi-provider .
./vault-csi-provider -log-format=json -log-level=debug

Benefits

1. ✅ Better Observability: JSON logs are easily parsed by log aggregation systems
2. ✅ Structured Data: All log fields are machine-readable (timestamp, level, message, context)
3. ✅ Backward Compatible: Default behaviour unchanged (text format)
4. ✅ Production Ready: Includes comprehensive unit and integration tests

Migration Guide

For existing deployments wanting to switch to JSON logging:

1. Update your Kubernetes manifests to include -log-format=json in container args
2. Update log parsing rules in your monitoring system to handle JSON format
3. No other changes required - all log levels and functionality remain the same

Related Issues

#177

PCI review checklist

• I have documented a clear reason for, and description of, the change I am making.

• If applicable, I've documented a plan to revert these changes if they require more than reverting the pull request.

• If applicable, I've documented the impact of any changes to security controls.

  Examples of changes to security controls include using new access control methods, adding or removing logging pipelines, etc.

[hashicorp-cla-app]

All committers have signed the CLA.

[hashicorp-cla-app]

Thank you for your submission! We require that all contributors sign our Contributor License Agreement ("CLA") before we can accept the contribution. Read and sign the agreement

Learn more about why HashiCorp requires a CLA and what the CLA includes

_{Have you signed the CLA already but the status is still pending? Recheck it.}