JSON Logging in Quarkus based Keycloak #10414
Replies: 6 comments 13 replies
-
Could you provide some more context on why there's a need for default and ecs formats? What are the use-cases to be able to include/exclude fields? Is this really needed other than ability to remove the unused fields? From a community health perspective I'm concerned with the proposed extension as it does not seem to be a actively maintained project, but more a "it fits our need, and we open sourced it". A quick review of the community health:
A positive is that there are no transitive runtime dependencies other than Quarkus. Also, positive that it is using Maven. Have you tried to clone the repository and build the project? Have you reviewed the source code? |
Beta Was this translation helpful? Give feedback.
-
I can not think about any argument that justifies logging when running build or show-config. IMO, that is definitely a runtime thing and targeted for monitoring and collecting data when at runtime. I'm also not 100% sure if including/excluding fields is so important. At least in a v1. it is also not clear the effort to extend the core extension to provide this capability and others that we might need. |
Beta Was this translation helpful? Give feedback.
-
Updated the discussion to have a very basic v1 using the ootb quarkus json logging capabilities. |
Beta Was this translation helpful? Give feedback.
-
Initial json console logging support is now in latest main, see #10576 - expect some more options when we get to #10618 - we need quarkus 2.8.0 to be released though. |
Beta Was this translation helpful? Give feedback.
-
I imported quarkiverse extension jar into providers folder (Keycloak 17.0.0). Any help would be appreciated. |
Beta Was this translation helpful? Give feedback.
-
@DGuhr my 2 cents about the current state of keycloak 18.x logging compared to jboss keycloak logging:
In the past both features were easily achievable with JBoss CLI like:
The above can be achieved in Quarkus (and via Keycloak's
Having started coding on data pipeline projects, I suspect I may be on the opposite spectrum of the customer and development bases but feels to me that trying to "solve" logging issues will inevitably lead to spending development resources on a feature that may end up being unable to solve the desirable permutations (simply because data pipelines are a pain on their own and each place handles things very differently from what one would expect is the best way of handling). I would posit that
|
Beta Was this translation helpful? Give feedback.
-
Context & History:
This is a follow-up of the general discussion in #8870
The ootb json logging in Quarkus falls short on configuration capabilities for our use-case, it would result in multiple empty fields, as we don't use e.g. mdc/ndc (see e.g. here for more details: ).
There is a quarkiverse extension here https://github.com/quarkiverse/quarkus-logging-json/ that gives us far more capabilities for a nice json logging user experience, and is also referred to by quarkus core team members.
So after careful consideration of "adding another dependency" I'd build a first version that uses this extension. For a first milestone, we'll go with the ootb quarkus json logging support, and try to improve the log output later on.Scope:
We want to have the following json log capabilities:
Milestone 1:
Milestone 2:
(potentially) next Milestones could include:
Intentionally Out of Scope:
Proposal for configuration options (format:
<key>=<values>:<default>
)log-json-enabled=true/false:false
Proposal for potential configuration options for further iterations (format:
<key>=<values>:<default>
)log-json-format=ecs|default:default
log-json-fields=...,...,...,...,...:default
-default
is a wrapper for fields: level, logger name, timestamp, message)log-json-fields-disabled=...,...,...,...,...,...:all but default, see above.
Already Open Questions:
json enabled per default in production mode: yes or no? PoV so-far: postpone this decision, as the impl is trivial
How to handle output when invoking "build", "show-config" or similar? Here we have a mix of cli logs outside of quarkus (no log framework yet, so always unstructured) and especially for the
build
command, where we call quarkus in a somewhat "undefined" middle state between two new "closed world assumptions", because we're re-augmenting it. This leads to non-structured output, as quarkus is not aware of "json is turned on" in this middle state.PoV so-far: As it is intended behaviour to run the "build" on another point in time / another step (e.g. in a CI before publishing the img to a registry) I ignored this as "not important" for now, but may be wrong. We're effectively calling
QuarkusEntryPoint.Main()
here, so when we want to do sth about it we most likely have to create a quarkus issue/PR.Beta Was this translation helpful? Give feedback.
All reactions