Standardized logging for policy developers

Author: renuka-fernando

cli/it/go.mod

@@ -17,7 +17,7 @@ require (
 	github.com/hashicorp/golang-lru v0.5.4 // indirect
 	github.com/kr/pretty v0.3.1 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
-	github.com/rogpeppe/go-internal v1.13.1 // indirect
+	github.com/rogpeppe/go-internal v1.14.1 // indirect
 	github.com/spf13/pflag v1.0.10 // indirect
 	github.com/stretchr/testify v1.11.1 // indirect
 )

cli/it/go.sum

@@ -38,8 +38,7 @@ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZN
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
-github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII=
-github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o=
+github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=

gateway/it/go.mod

@@ -136,10 +136,10 @@ require (
 	github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c // indirect
-	github.com/prometheus/client_golang v1.22.0 // indirect
+	github.com/prometheus/client_golang v1.23.2 // indirect
 	github.com/prometheus/client_model v0.6.2 // indirect
-	github.com/prometheus/common v0.62.0 // indirect
-	github.com/prometheus/procfs v0.15.1 // indirect
+	github.com/prometheus/common v0.66.1 // indirect
+	github.com/prometheus/procfs v0.16.1 // indirect
 	github.com/rivo/uniseg v0.2.0 // indirect
 	github.com/santhosh-tekuri/jsonschema/v6 v6.0.1 // indirect
 	github.com/secure-systems-lab/go-securesystemslib v0.6.0 // indirect
@@ -181,6 +181,7 @@ require (
 	go.opentelemetry.io/otel/sdk/metric v1.39.0 // indirect
 	go.opentelemetry.io/otel/trace v1.39.0 // indirect
 	go.opentelemetry.io/proto/otlp v1.9.0 // indirect
+	go.yaml.in/yaml/v2 v2.4.2 // indirect
 	go.yaml.in/yaml/v3 v3.0.4 // indirect
 	golang.org/x/crypto v0.46.0 // indirect
 	golang.org/x/net v0.48.0 // indirect

gateway/it/go.sum

@@ -418,8 +418,7 @@ github.com/prometheus/client_golang v0.9.0-pre1.0.20180209125602-c332b6f63c06/go
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
 github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
 github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g=
-github.com/prometheus/client_golang v1.22.0 h1:rb93p9lokFEsctTys46VnV1kLCDpVZ0a/Y92Vm0Zc6Q=
-github.com/prometheus/client_golang v1.22.0/go.mod h1:R7ljNsLXhuQXYZYtw6GAE9AZg8Y7vEW5scdCXrWRXC0=
+github.com/prometheus/client_golang v1.23.2 h1:Je96obch5RDVy3FDMndoUsjAhG5Edi49h0RJWRi/o0o=
 github.com/prometheus/client_model v0.0.0-20171117100541-99fa1f4be8e5/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
@@ -428,14 +427,12 @@ github.com/prometheus/client_model v0.6.2/go.mod h1:y3m2F6Gdpfy6Ut/GBsUqTWZqCUvM
 github.com/prometheus/common v0.0.0-20180110214958-89604d197083/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
 github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc=
-github.com/prometheus/common v0.62.0 h1:xasJaQlnWAeyHdUBeGjXmutelfJHWMRr+Fg4QszZ2Io=
-github.com/prometheus/common v0.62.0/go.mod h1:vyBcEuLSvWos9B1+CyL7JZ2up+uFzXhkqml0W5zIY1I=
+github.com/prometheus/common v0.66.1 h1:h5E0h5/Y8niHc5DlaLlWLArTQI7tMrsfQjHV+d9ZoGs=
 github.com/prometheus/procfs v0.0.0-20180125133057-cb4147076ac7/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
-github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc=
-github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
+github.com/prometheus/procfs v0.16.1 h1:hZ15bTNuirocR6u0JZ6BAHHmwS1p8B4P6MRqxtzMyRg=
 github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ=
@@ -572,6 +569,7 @@ go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
 go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
 go.uber.org/mock v0.6.0 h1:hyF9dfmbgIX5EfOdasqLsWD6xqpNZlXblLB/Dbnwv3Y=
 go.uber.org/mock v0.6.0/go.mod h1:KiVJ4BqZJaMj4svdfmHM0AUx4NJYO8ZNpPnZn1Z+BBU=
+go.yaml.in/yaml/v2 v2.4.2 h1:DzmwEr2rDGHl7lsFgAHxmNz/1NlQ7xLIrlN2h5d1eGI=
 go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc=
 go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=

gateway/policies/api-key-auth/v0.1.0/apikey.go

@@ -35,15 +35,18 @@ const (
 
 // APIKeyPolicy implements API Key Authentication
 type APIKeyPolicy struct {
+	logger *slog.Logger
 }
 
-var ins = &APIKeyPolicy{}
-
 func GetPolicy(
 	metadata policy.PolicyMetadata,
 	params map[string]interface{},
+	logger *slog.Logger,
 ) (policy.Policy, error) {
-	return ins, nil
+	p := &APIKeyPolicy{
+		logger: logger,
+	}
+	return p, nil
 }
 
 // Mode returns the processing mode for this policy
@@ -58,7 +61,8 @@ func (p *APIKeyPolicy) Mode() policy.ProcessingMode {
 
 // OnRequest performs API Key Authentication
 func (p *APIKeyPolicy) OnRequest(ctx *policy.RequestContext, params map[string]interface{}) policy.RequestAction {
-	slog.Debug("API Key Auth Policy: OnRequest started",
+	log := policy.WithRequestID(p.logger, ctx.RequestID)
+	log.Debug("OnRequest started",
 		"path", ctx.Path,
 		"method", ctx.Method,
 		"apiId", ctx.APIId,
@@ -69,7 +73,7 @@ func (p *APIKeyPolicy) OnRequest(ctx *policy.RequestContext, params map[string]i
 	// Get configuration parameters
 	keyName, ok := params["key"].(string)
 	if !ok || keyName == "" {
-		slog.Debug("API Key Auth Policy: Missing or invalid 'key' configuration",
+		log.Debug("Missing or invalid 'key' configuration",
 			"keyName", keyName,
 			"ok", ok,
 		)
@@ -79,7 +83,7 @@ func (p *APIKeyPolicy) OnRequest(ctx *policy.RequestContext, params map[string]i
 
 	location, ok := params["in"].(string)
 	if !ok || location == "" {
-		slog.Debug("API Key Auth Policy: Missing or invalid 'in' configuration",
+		log.Debug("Missing or invalid 'in' configuration",
 			"location", location,
 			"ok", ok,
 		)
@@ -94,7 +98,7 @@ func (p *APIKeyPolicy) OnRequest(ctx *policy.RequestContext, params map[string]i
 		}
 	}
 
-	slog.Debug("API Key Auth Policy: Configuration loaded",
+	log.Debug("Configuration loaded",
 		"keyName", keyName,
 		"location", location,
 		"valuePrefix", valuePrefix,
@@ -107,7 +111,7 @@ func (p *APIKeyPolicy) OnRequest(ctx *policy.RequestContext, params map[string]i
 		// Check header (case-insensitive)
 		if headerValues := ctx.Headers.Get(http.CanonicalHeaderKey(keyName)); len(headerValues) > 0 {
 			providedKey = headerValues[0]
-			slog.Debug("API Key Auth Policy: Found API key in header",
+			log.Debug("Found API key in header",
 				"headerName", keyName,
 				"keyLength", len(providedKey),
 			)
@@ -116,7 +120,7 @@ func (p *APIKeyPolicy) OnRequest(ctx *policy.RequestContext, params map[string]i
 		// Extract query parameters from the full path
 		providedKey = extractQueryParam(ctx.Path, keyName)
 		if providedKey != "" {
-			slog.Debug("API Key Auth Policy: Found API key in query parameter",
+			log.Debug("Found API key in query parameter",
 				"paramName", keyName,
 				"keyLength", len(providedKey),
 			)
@@ -125,7 +129,7 @@ func (p *APIKeyPolicy) OnRequest(ctx *policy.RequestContext, params map[string]i
 
 	// If no API key provided
 	if providedKey == "" {
-		slog.Debug("API Key Auth Policy: No API key found",
+		log.Debug("No API key found",
 			"location", location,
 			"keyName", keyName,
 		)
@@ -137,15 +141,15 @@ func (p *APIKeyPolicy) OnRequest(ctx *policy.RequestContext, params map[string]i
 	if valuePrefix != "" {
 		originalLength := len(providedKey)
 		providedKey = stripPrefix(providedKey, valuePrefix)
-		slog.Debug("API Key Auth Policy: Processed value prefix",
+		log.Debug("Processed value prefix",
 			"prefix", valuePrefix,
 			"originalLength", originalLength,
 			"processedLength", len(providedKey),
 		)
 
 		// If after stripping prefix, the key is empty, treat as missing
 		if providedKey == "" {
-			slog.Debug("API Key Auth Policy: API key became empty after prefix removal")
+			log.Debug("API key became empty after prefix removal")
 			return p.handleAuthFailure(ctx, 401, "json", "Valid API key required",
 				"missing API key")
 		}
@@ -158,7 +162,7 @@ func (p *APIKeyPolicy) OnRequest(ctx *policy.RequestContext, params map[string]i
 	operationMethod := ctx.Method
 
 	if apiId == "" || apiName == "" || apiVersion == "" || apiOperation == "" || operationMethod == "" {
-		slog.Debug("API Key Auth Policy: Missing API details for validation",
+		log.Debug("Missing API details for validation",
 			"apiId", apiId,
 			"apiName", apiName,
 			"apiVersion", apiVersion,
@@ -169,7 +173,7 @@ func (p *APIKeyPolicy) OnRequest(ctx *policy.RequestContext, params map[string]i
 			"missing API details for validation")
 	}
 
-	slog.Debug("API Key Auth Policy: Starting validation",
+	log.Debug("Starting validation",
 		"apiId", apiId,
 		"apiName", apiName,
 		"apiVersion", apiVersion,
@@ -181,26 +185,27 @@ func (p *APIKeyPolicy) OnRequest(ctx *policy.RequestContext, params map[string]i
 	// API key was provided - validate it using external validation
 	isValid, err := p.validateAPIKey(apiId, apiOperation, operationMethod, providedKey)
 	if err != nil {
-		slog.Debug("API Key Auth Policy: Validation error",
+		log.Debug("Validation error",
 			"error", err,
 		)
 		return p.handleAuthFailure(ctx, 401, "json", "Valid API key required",
 			"error validating API key")
 	}
 	if !isValid {
-		slog.Debug("API Key Auth Policy: Invalid API key")
+		log.Debug("Invalid API key")
 		return p.handleAuthFailure(ctx, 401, "json", "Valid API key required",
 			"invalid API key")
 	}
 
 	// Authentication successful
-	slog.Debug("API Key Auth Policy: Authentication successful")
+	log.Debug("Authentication successful")
 	return p.handleAuthSuccess(ctx)
 }
 
 // handleAuthSuccess handles successful authentication
 func (p *APIKeyPolicy) handleAuthSuccess(ctx *policy.RequestContext) policy.RequestAction {
-	slog.Debug("API Key Auth Policy: handleAuthSuccess called",
+	log := policy.WithRequestID(p.logger, ctx.RequestID)
+	log.Debug("handleAuthSuccess called",
 		"apiId", ctx.APIId,
 		"apiName", ctx.APIName,
 		"apiVersion", ctx.APIVersion,
@@ -212,7 +217,7 @@ func (p *APIKeyPolicy) handleAuthSuccess(ctx *policy.RequestContext) policy.Requ
 	ctx.Metadata[MetadataKeyAuthSuccess] = true
 	ctx.Metadata[MetadataKeyAuthMethod] = "api-key"
 
-	slog.Debug("API Key Auth Policy: Authentication metadata set",
+	log.Debug("Authentication metadata set",
 		"authSuccess", true,
 		"authMethod", "api-key",
 	)
@@ -229,7 +234,8 @@ func (p *APIKeyPolicy) OnResponse(_ctx *policy.ResponseContext, _params map[stri
 // handleAuthFailure handles authentication failure
 func (p *APIKeyPolicy) handleAuthFailure(ctx *policy.RequestContext, statusCode int, errorFormat, errorMessage,
 	reason string) policy.RequestAction {
-	slog.Debug("API Key Auth Policy: handleAuthFailure called",
+	log := policy.WithRequestID(p.logger, ctx.RequestID)
+	log.Debug("handleAuthFailure called",
 		"statusCode", statusCode,
 		"errorFormat", errorFormat,
 		"errorMessage", errorMessage,
@@ -263,7 +269,7 @@ func (p *APIKeyPolicy) handleAuthFailure(ctx *policy.RequestContext, statusCode
 		body = string(bodyBytes)
 	}
 
-	slog.Debug("API Key Auth Policy: Returning immediate response",
+	log.Debug("Returning immediate response",
 		"statusCode", statusCode,
 		"contentType", headers["content-type"],
 		"bodyLength", len(body),

gateway/policies/basic-auth/v0.1.0/basicauth.go

@@ -3,6 +3,7 @@ package basicauth
 import (
 	"encoding/base64"
 	"fmt"
+	"log/slog"
 	"strings"
 
 	policy "github.com/wso2/api-platform/sdk/gateway/policy/v1alpha"
@@ -16,15 +17,19 @@ const (
 )
 
 // BasicAuthPolicy implements HTTP Basic Authentication
-type BasicAuthPolicy struct{}
-
-var ins = &BasicAuthPolicy{}
+type BasicAuthPolicy struct {
+	logger *slog.Logger
+}
 
 func GetPolicy(
 	metadata policy.PolicyMetadata,
 	params map[string]interface{},
+	logger *slog.Logger,
 ) (policy.Policy, error) {
-	return ins, nil
+	p := &BasicAuthPolicy{
+		logger: logger,
+	}
+	return p, nil
 }
 
 // Mode returns the processing mode for this policy

gateway/policies/content-length-guardrail/v0.1.0/contentlengthguardrail.go

@@ -21,6 +21,7 @@ var textCleanRegexCompiled = regexp.MustCompile(TextCleanRegex)
 
 // ContentLengthGuardrailPolicy implements content length validation
 type ContentLengthGuardrailPolicy struct {
+	logger            *slog.Logger
 	hasRequestParams  bool
 	hasResponseParams bool
 	requestParams     ContentLengthGuardrailPolicyParams
@@ -38,8 +39,11 @@ type ContentLengthGuardrailPolicyParams struct {
 func GetPolicy(
 	metadata policy.PolicyMetadata,
 	params map[string]interface{},
+	logger *slog.Logger,
 ) (policy.Policy, error) {
-	p := &ContentLengthGuardrailPolicy{}
+	p := &ContentLengthGuardrailPolicy{
+		logger: logger,
+	}
 
 	// Extract and parse request parameters if present
 	if requestParamsRaw, ok := params["request"].(map[string]interface{}); ok {
@@ -66,7 +70,7 @@ func GetPolicy(
 		return nil, fmt.Errorf("at least one of 'request' or 'response' parameters must be provided")
 	}
 
-	slog.Debug("ContentLengthGuardrail: Policy initialized", "hasRequestParams", p.hasRequestParams, "hasResponseParams", p.hasResponseParams)
+	p.logger.Debug("Policy initialized", "hasRequestParams", p.hasRequestParams, "hasResponseParams", p.hasResponseParams)
 
 	return p, nil
 }
@@ -182,7 +186,7 @@ func (p *ContentLengthGuardrailPolicy) OnRequest(ctx *policy.RequestContext, par
 	if ctx.Body != nil {
 		content = ctx.Body.Content
 	}
-	return p.validatePayload(content, p.requestParams, false).(policy.RequestAction)
+	return p.validatePayload(content, p.requestParams, false, ctx.RequestID).(policy.RequestAction)
 }
 
 // OnResponse validates response body content length
@@ -195,15 +199,16 @@ func (p *ContentLengthGuardrailPolicy) OnResponse(ctx *policy.ResponseContext, p
 	if ctx.ResponseBody != nil {
 		content = ctx.ResponseBody.Content
 	}
-	return p.validatePayload(content, p.responseParams, true).(policy.ResponseAction)
+	return p.validatePayload(content, p.responseParams, true, ctx.RequestID).(policy.ResponseAction)
 }
 
 // validatePayload validates payload content length (request phase)
-func (p *ContentLengthGuardrailPolicy) validatePayload(payload []byte, params ContentLengthGuardrailPolicyParams, isResponse bool) interface{} {
+func (p *ContentLengthGuardrailPolicy) validatePayload(payload []byte, params ContentLengthGuardrailPolicyParams, isResponse bool, requestID string) interface{} {
+	log := policy.WithRequestID(p.logger, requestID)
 	// Extract value using JSONPath
 	extractedValue, err := utils.ExtractStringValueFromJsonpath(payload, params.JsonPath)
 	if err != nil {
-		slog.Debug("ContentLengthGuardrail: Error extracting value from JSONPath", "jsonPath", params.JsonPath, "error", err, "isResponse", isResponse)
+		log.Debug("Error extracting value from JSONPath", "jsonPath", params.JsonPath, "error", err, "isResponse", isResponse)
 		return p.buildErrorResponse("Error extracting value from JSONPath", err, isResponse, params.ShowAssessment, params.Min, params.Max)
 	}
 
@@ -225,7 +230,7 @@ func (p *ContentLengthGuardrailPolicy) validatePayload(payload []byte, params Co
 	}
 
 	if !validationPassed {
-		slog.Debug("ContentLengthGuardrail: Validation failed", "byteCount", byteCount, "min", params.Min, "max", params.Max, "invert", params.Invert, "isResponse", isResponse)
+		log.Debug("Validation failed", "byteCount", byteCount, "min", params.Min, "max", params.Max, "invert", params.Invert, "isResponse", isResponse)
 		var reason string
 		if params.Invert {
 			reason = fmt.Sprintf("content length %d bytes is within the excluded range %d-%d bytes", byteCount, params.Min, params.Max)
@@ -235,7 +240,7 @@ func (p *ContentLengthGuardrailPolicy) validatePayload(payload []byte, params Co
 		return p.buildErrorResponse(reason, nil, isResponse, params.ShowAssessment, params.Min, params.Max)
 	}
 
-	slog.Debug("ContentLengthGuardrail: Validation passed", "byteCount", byteCount, "min", params.Min, "max", params.Max, "isResponse", isResponse)
+	log.Debug("Validation passed", "byteCount", byteCount, "min", params.Min, "max", params.Max, "isResponse", isResponse)
 	if isResponse {
 		return policy.UpstreamResponseModifications{}
 	}