feat: CGD-347: manage log level at runtime

README.md

@@ -149,6 +149,7 @@ This process ensures that any issues with the database schema are resolved by re
 | SUPPORTED_FRAMEWORK_VC_TYPES    | Supported framework VC, provide values ie type1=value1,type2=value2                          | cx-behavior-twin=Behavior Twin,cx-pcf=PCF,cx-quality=Quality,cx-resiliency=Resiliency,cx-sustainability=Sustainability,cx-traceability=ID_3.0_Trace |
 | ENFORCE_HTTPS_IN_DID_RESOLUTION | Enforce https during web did resolution                                                      | true                                                                                                                                                |
 | CONTRACT_TEMPLATES_URL          | Contract templates URL used in summary VC                                                    | https://public.catena-x.org/contracts/                                                                                                              |
+| APP_LOG_LEVEL                   | Log level of application                                                                     | INFO                                                                                                                                                |
 |                                 |                                                                                              |                                                                                                                                                     |
 
 ## Technical Debts and Known issue
@@ -157,9 +158,46 @@ This process ensures that any issues with the database schema are resolved by re
 2. Policies can be validated dynamically as per
    request while validating VP and
    VC. [Check this for more details](https://docs.walt.id/v/ssikit/concepts/verification-policies)
-3. When you are using MacOS and the MIW docker container won't start up, you can enable the docker-desktop feature "Use Rosetta for x86/amd64 emulation on Apple Silicon" in your Docker settings
+3. When you are using MacOS and the MIW docker container won't start up, you can enable the docker-desktop feature "Use
+   Rosetta for x86/amd64 emulation on Apple Silicon" in your Docker settings
    (under "features in development")
 
+## Logging in application
+
+Log level in application can be set using environment variable ``APP_LOG_LEVEL``. Possible values
+are ``OFF, ERROR, WARN, INFO, DEBUG, TRACE`` and default value set to ``INFO``
+
+### Change log level at runtime using Spring actuator
+
+We can use ``/actuator/loggers`` API endpoint of actuator for log related things. This end point can be accessible with
+role ``manage_app``. We can add this role to authority wallet client using keycloak as below:
+
+![manage_app.png](docs%2Fmanage_app.png)
+
+1. API to get current log settings
+
+```agsl
+curl --location 'http://localhost:8090/actuator/loggers' \
+--header 'Authorization: Bearer access_token'
+```
+
+2. Change log level at runtime
+
+```agsl
+
+curl --location 'http://localhost:8090/actuator/loggers/{java package name}' \
+--header 'Content-Type: application/json' \
+--header 'Authorization: Bearer access_token' \
+--data '{"configuredLevel":"INFO"}'
+
+i.e.
+
+curl --location 'http://localhost:8090/actuator/loggers/org.eclipse.tractusx.managedidentitywallets' \
+--header 'Content-Type: application/json' \
+--header 'Authorization: Bearer access_token' \
+--data '{"configuredLevel":"INFO"}'
+```
+
 ## Reference of external lib
 
 1. https://www.testcontainers.org/modules/databases/postgres/

src/main/java/org/eclipse/tractusx/managedidentitywallets/config/security/SecurityConfig.java

@@ -61,13 +61,14 @@ public class SecurityConfig {
     @ConditionalOnProperty(value = "miw.security.enabled", havingValue = "true", matchIfMissing = true)
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http.cors().and()
-                .csrf().and()
+                .csrf().disable()
                 .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
                 .authorizeHttpRequests()
                 .requestMatchers(new AntPathRequestMatcher("/")).permitAll() // forwards to swagger
                 .requestMatchers(new AntPathRequestMatcher("/docs/api-docs/**")).permitAll()
                 .requestMatchers(new AntPathRequestMatcher("/ui/swagger-ui/**")).permitAll()
                 .requestMatchers(new AntPathRequestMatcher("/actuator/health/**")).permitAll()
+                .requestMatchers(new AntPathRequestMatcher("/actuator/loggers/**")).hasRole(ApplicationRole.ROLE_MANAGE_APP)
 
                 //did document resolve APIs
                 .requestMatchers(new AntPathRequestMatcher(RestURI.DID_RESOLVE, GET.name())).permitAll() //Get did document

src/main/java/org/eclipse/tractusx/managedidentitywallets/constant/ApplicationRole.java

@@ -51,4 +51,6 @@ private ApplicationRole() {
      */
     public static final String ROLE_UPDATE_WALLET = "update_wallet";
 
+    public static final String ROLE_MANAGE_APP = "manage_app";
+
 }

src/main/resources/application.yaml

@@ -44,13 +44,15 @@ management:
   server:
     port: ${MANAGEMENT_PORT:8090}
   endpoint:
+    loggers:
+      enabled: true
     health:
       probes:
         enabled: true
   endpoints:
     web:
       exposure:
-        include: '*, pre-stop'
+        include: '*, pre-stop, loggers'
   health:
     db:
       enabled: true
@@ -59,6 +61,14 @@ management:
     readinessState:
       enabled: true
 
+# log level
+logging:
+  level:
+    org:
+      eclipse:
+        tractusx:
+          managedidentitywallets: ${APP_LOG_LEVEL:INFO}
+
 miw:
   host: ${MIW_HOST_NAME:localhost}
   encryptionKey: ${ENCRYPTION_KEY:Woh9waid4Ei5eez0aitieghoow9so4oe}