Merge branch 'main' into add-explicit-forward-proxy

Author: Akshay2191

.github/workflows/ci.yml

@@ -23,6 +23,17 @@ env:
   GOPROXY: "https://${{ secrets.ARTIFACTORY_USER }}:${{ secrets.ARTIFACTORY_TOKEN }}@azr.artifactory.f5net.com/artifactory/api/go/f5-nginx-go-dev"
 
 jobs:
+  set-vars:
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Set Variables
+        run: |
+          if  [[ -z ${{ secrets.ARTIFACTORY_USER }} ]] || 
+              [[ -z ${{ secrets.ARTIFACTORY_TOKEN }} ]] ||
+              ${{ github.event.pull_request.head.repo.fork }}; then
+          echo "GOPROXY=direct" >> $GITHUB_ENV
+          fi
+
   lint:
     name: Lint
     runs-on: ubuntu-22.04

.github/workflows/release-branch.yml

@@ -42,7 +42,7 @@ on:
 
 env:
   NFPM_VERSION: 'v2.35.3'
-  GOPROXY: "https://${{ secrets.ARTIFACTORY_USER }}:${{ secrets.ARTIFACTORY_TOKEN }}@azr.artifactory.f5net.com/artifactory/api/go/f5-nginx-go-local-approved-dependency"
+  GOPROXY: "https://${{ secrets.ARTIFACTORY_USER }}:${{ secrets.ARTIFACTORY_TOKEN }}@azr.artifactory.f5net.com/artifactory/api/go/f5-nginx-go-dev"
 
 defaults:
   run:
@@ -304,10 +304,10 @@ jobs:
           script: |
             const { repo, owner } = context.repo;
             const result = await github.rest.pulls.create({
-              title: 'Merge ${{ github.ref_name }} back into main',
+              title: 'Merge ${{ inputs.releaseBranch }} back into main',
               owner,
               repo,
-              head: '${{ github.ref_name }}',
+              head: '${{ inputs.releaseBranch }}',
               base: 'main',
               body: [
                 'This PR is auto-generated by the release workflow.'

Makefile.packaging

@@ -9,7 +9,7 @@ AZURE_PACKAGES_DIR  := ./build/azure/packages
 BINARY_PATH         := $(BUILD_DIR)/$(BINARY_NAME)
 GPG_PUBLIC_KEY      := .key
 PACKAGE_BUILD       ?= 1
-PACKAGE_VERSION     := $(shell git describe --match "v[0-9]*" --abbrev=0 --tags)
+PACKAGE_VERSION     ?= $(shell echo ${VERSION} | tr -d 'v')
 TARBALL_NAME        := $(PACKAGE_PREFIX).tar.gz
 
 DEB_DISTROS         ?= ubuntu-plucky-25.04 ubuntu-noble-24.04 ubuntu-jammy-22.04 ubuntu-focal-20.04 debian-bookworm-12 debian-bullseye-11
@@ -35,7 +35,7 @@ $(PACKAGES_DIR):
 	@mkdir -p $(PACKAGES_DIR)/deb && mkdir -p $(PACKAGES_DIR)/rpm && mkdir -p $(PACKAGES_DIR)/apk
 
 .PHONY: package
-package: $(PACKAGES_DIR) #### Create final packages for all supported distros
+package: gpg-key $(PACKAGES_DIR) #### Create final packages for all supported distros
 	# Create deb packages
 	@for arch in $(DEB_ARCHS); do \
 		GOWORK=off CGO_ENABLED=0 GOARCH=$${arch} GOOS=linux go build -pgo=auto -ldflags=${LDFLAGS} -o $(BINARY_PATH) $(PROJECT_DIR)/$(PROJECT_FILE); \
@@ -111,7 +111,7 @@ package: $(PACKAGES_DIR) #### Create final packages for all supported distros
 	find $(PACKAGES_DIR)/apk ;\
 
 	# Create tarball containing all packages
-	cd $(PACKAGES_DIR) && tar -czvf "./$(TARBALL_NAME)" * && cd ../.. && cp "${PACKAGES_DIR}/$(TARBALL_NAME)"; \
+	cd $(PACKAGES_DIR) && tar -czvf "./$(TARBALL_NAME)" * && cd ../..; \
 
 .PHONY: gpg-key
 gpg-key: ## Generate GPG public key

internal/collector/otel_collector_plugin.go

@@ -10,6 +10,7 @@ import (
 	"fmt"
 	"log/slog"
 	"net/url"
+	"net"
 	"os"
 	"strings"
 	"sync"
@@ -47,11 +48,12 @@ const (
 type (
 	// Collector The OTel collector plugin start an embedded OTel collector for metrics collection in the OTel format.
 	Collector struct {
-		service types.CollectorInterface
-		cancel  context.CancelFunc
-		config  *config.Config
-		mu      *sync.Mutex
-		stopped bool
+		service                 types.CollectorInterface
+		config                  *config.Config
+		mu                      *sync.Mutex
+		cancel                  context.CancelFunc
+		previousNAPSysLogServer string
+		stopped                 bool
 	}
 )
 
@@ -87,10 +89,11 @@ func NewCollector(conf *config.Config) (*Collector, error) {
 	}
 
 	return &Collector{
-		config:  conf,
-		service: oTelCollector,
-		stopped: true,
-		mu:      &sync.Mutex{},
+		config:                  conf,
+		service:                 oTelCollector,
+		stopped:                 true,
+		mu:                      &sync.Mutex{},
+		previousNAPSysLogServer: "",
 	}, nil
 }
 
@@ -586,10 +589,12 @@ func (oc *Collector) updateNginxAppProtectTcplogReceivers(nginxConfigContext *mo
 		oc.config.Collector.Receivers.TcplogReceivers = make(map[string]*config.TcplogReceiver)
 	}
 
-	if nginxConfigContext.NAPSysLogServer != "" {
-		if !oc.doesTcplogReceiverAlreadyExist(nginxConfigContext.NAPSysLogServer) {
+	napSysLogServer := oc.findAvailableSyslogServers(nginxConfigContext.NAPSysLogServers)
+
+	if napSysLogServer != "" {
+		if !oc.doesTcplogReceiverAlreadyExist(napSysLogServer) {
 			oc.config.Collector.Receivers.TcplogReceivers["nginx_app_protect"] = &config.TcplogReceiver{
-				ListenAddress: nginxConfigContext.NAPSysLogServer,
+				ListenAddress: napSysLogServer,
 				Operators: []config.Operator{
 					// regex captures the priority number from the log line
 					{
@@ -642,13 +647,13 @@ func (oc *Collector) updateNginxAppProtectTcplogReceivers(nginxConfigContext *mo
 		}
 	}
 
-	tcplogReceiverDeleted := oc.areNapReceiversDeleted(nginxConfigContext)
+	tcplogReceiverDeleted := oc.areNapReceiversDeleted(napSysLogServer)
 
 	return newTcplogReceiverAdded || tcplogReceiverDeleted
 }
 
-func (oc *Collector) areNapReceiversDeleted(nginxConfigContext *model.NginxConfigContext) bool {
-	listenAddressesToBeDeleted := oc.configDeletedNapReceivers(nginxConfigContext)
+func (oc *Collector) areNapReceiversDeleted(napSysLogServer string) bool {
+	listenAddressesToBeDeleted := oc.configDeletedNapReceivers(napSysLogServer)
 	if len(listenAddressesToBeDeleted) != 0 {
 		delete(oc.config.Collector.Receivers.TcplogReceivers, "nginx_app_protect")
 		return true
@@ -657,17 +662,17 @@ func (oc *Collector) areNapReceiversDeleted(nginxConfigContext *model.NginxConfi
 	return false
 }
 
-func (oc *Collector) configDeletedNapReceivers(nginxConfigContext *model.NginxConfigContext) map[string]bool {
+func (oc *Collector) configDeletedNapReceivers(napSysLogServer string) map[string]bool {
 	elements := make(map[string]bool)
 
 	for _, tcplogReceiver := range oc.config.Collector.Receivers.TcplogReceivers {
 		elements[tcplogReceiver.ListenAddress] = true
 	}
 
-	if nginxConfigContext.NAPSysLogServer != "" {
+	if napSysLogServer != "" {
 		addressesToDelete := make(map[string]bool)
-		if !elements[nginxConfigContext.NAPSysLogServer] {
-			addressesToDelete[nginxConfigContext.NAPSysLogServer] = true
+		if !elements[napSysLogServer] {
+			addressesToDelete[napSysLogServer] = true
 		}
 
 		return addressesToDelete
@@ -711,6 +716,39 @@ func (oc *Collector) updateResourceAttributes(
 	return actionUpdated
 }
 
+func (oc *Collector) findAvailableSyslogServers(napSyslogServers []string) string {
+	napSyslogServersMap := make(map[string]bool)
+	for _, server := range napSyslogServers {
+		napSyslogServersMap[server] = true
+	}
+
+	if oc.previousNAPSysLogServer != "" {
+		if _, ok := napSyslogServersMap[oc.previousNAPSysLogServer]; ok {
+			return oc.previousNAPSysLogServer
+		}
+	}
+
+	for _, napSyslogServer := range napSyslogServers {
+		ln, err := net.Listen("tcp", napSyslogServer)
+		if err != nil {
+			slog.Debug("NAP syslog server is not reachable", "address", napSyslogServer,
+				"error", err)
+
+			continue
+		}
+		closeError := ln.Close()
+		if closeError != nil {
+			slog.Debug("Failed to close syslog server", "address", napSyslogServer, "error", closeError)
+		}
+
+		slog.Debug("Found valid NAP syslog server", "address", napSyslogServer)
+
+		return napSyslogServer
+	}
+
+	return ""
+}
+
 func isOSSReceiverChanged(nginxReceiver config.NginxReceiver, nginxConfigContext *model.NginxConfigContext) bool {
 	return nginxReceiver.StubStatus.URL != nginxConfigContext.StubStatus.URL ||
 		len(nginxReceiver.AccessLogs) != len(nginxConfigContext.AccessLogs)

internal/collector/otel_collector_plugin_test.go

@@ -10,6 +10,7 @@ import (
 	"errors"
 	"net/url"
 	"os"
+	"net"
 	"path/filepath"
 	"testing"
 
@@ -740,7 +741,7 @@ func TestCollector_updateNginxAppProtectTcplogReceivers(t *testing.T) {
 	require.NoError(t, err)
 
 	nginxConfigContext := &model.NginxConfigContext{
-		NAPSysLogServer: "localhost:151",
+		NAPSysLogServers: []string{"localhost:15632"},
 	}
 
 	assert.Empty(t, conf.Collector.Receivers.TcplogReceivers)
@@ -750,7 +751,7 @@ func TestCollector_updateNginxAppProtectTcplogReceivers(t *testing.T) {
 
 		assert.True(tt, tcplogReceiverAdded)
 		assert.Len(tt, conf.Collector.Receivers.TcplogReceivers, 1)
-		assert.Equal(tt, "localhost:151", conf.Collector.Receivers.TcplogReceivers["nginx_app_protect"].ListenAddress)
+		assert.Equal(tt, "localhost:15632", conf.Collector.Receivers.TcplogReceivers["nginx_app_protect"].ListenAddress)
 		assert.Len(tt, conf.Collector.Receivers.TcplogReceivers["nginx_app_protect"].Operators, 6)
 	})
 
@@ -760,7 +761,7 @@ func TestCollector_updateNginxAppProtectTcplogReceivers(t *testing.T) {
 		tcplogReceiverAdded := collector.updateNginxAppProtectTcplogReceivers(nginxConfigContext)
 		assert.False(t, tcplogReceiverAdded)
 		assert.Len(t, conf.Collector.Receivers.TcplogReceivers, 1)
-		assert.Equal(t, "localhost:151", conf.Collector.Receivers.TcplogReceivers["nginx_app_protect"].ListenAddress)
+		assert.Equal(t, "localhost:15632", conf.Collector.Receivers.TcplogReceivers["nginx_app_protect"].ListenAddress)
 		assert.Len(t, conf.Collector.Receivers.TcplogReceivers["nginx_app_protect"].Operators, 6)
 	})
 
@@ -773,13 +774,13 @@ func TestCollector_updateNginxAppProtectTcplogReceivers(t *testing.T) {
 	t.Run("Test 4: NewCollector tcplogReceiver added and deleted another", func(tt *testing.T) {
 		tcplogReceiverDeleted := collector.updateNginxAppProtectTcplogReceivers(
 			&model.NginxConfigContext{
-				NAPSysLogServer: "localhost:152",
+				NAPSysLogServers: []string{"localhost:1555"},
 			},
 		)
 
 		assert.True(t, tcplogReceiverDeleted)
 		assert.Len(t, conf.Collector.Receivers.TcplogReceivers, 1)
-		assert.Equal(t, "localhost:152", conf.Collector.Receivers.TcplogReceivers["nginx_app_protect"].ListenAddress)
+		assert.Equal(t, "localhost:1555", conf.Collector.Receivers.TcplogReceivers["nginx_app_protect"].ListenAddress)
 		assert.Len(t, conf.Collector.Receivers.TcplogReceivers["nginx_app_protect"].Operators, 6)
 	})
 }
@@ -903,6 +904,74 @@ func TestSetExporterProxyEnvVars(t *testing.T) {
 				os.Unsetenv("HTTP_PROXY")
 				os.Unsetenv("HTTPS_PROXY")
 			}
+  	}
+	}
+}
+
+func TestCollector_findAvailableSyslogServers(t *testing.T) {
+	conf := types.OTelConfig(t)
+	conf.Collector.Log.Path = ""
+	conf.Collector.Processors.Batch = nil
+	conf.Collector.Processors.Attribute = nil
+	conf.Collector.Processors.Resource = nil
+	conf.Collector.Processors.LogsGzip = nil
+	collector, err := NewCollector(conf)
+	require.NoError(t, err)
+
+	tests := []struct {
+		name                    string
+		expectedSyslogServer    string
+		previousNAPSysLogServer string
+		syslogServers           []string
+		portInUse               bool
+	}{
+		{
+			name:                    "Test 1: port available",
+			expectedSyslogServer:    "localhost:15632",
+			previousNAPSysLogServer: "",
+			syslogServers:           []string{"localhost:15632"},
+			portInUse:               false,
+		},
+		{
+			name:                    "Test 2: port in use",
+			expectedSyslogServer:    "",
+			previousNAPSysLogServer: "",
+			syslogServers:           []string{"localhost:15632"},
+			portInUse:               true,
+		},
+		{
+			name:                    "Test 3: syslog server already configured",
+			expectedSyslogServer:    "localhost:15632",
+			previousNAPSysLogServer: "localhost:15632",
+			syslogServers:           []string{"localhost:15632"},
+			portInUse:               false,
+		},
+		{
+			name:                    "Test 4: new syslog server",
+			expectedSyslogServer:    "localhost:15632",
+			previousNAPSysLogServer: "localhost:1122",
+			syslogServers:           []string{"localhost:15632"},
+			portInUse:               false,
+		},
+		{
+			name:                    "Test 5: port in use find next server",
+			expectedSyslogServer:    "localhost:1122",
+			previousNAPSysLogServer: "",
+			syslogServers:           []string{"localhost:15632", "localhost:1122"},
+			portInUse:               true,
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(tt *testing.T) {
+			if test.portInUse {
+				ln, listenError := net.Listen("tcp", "localhost:15632")
+				require.NoError(t, listenError)
+				defer ln.Close()
+			}
+
+			actual := collector.findAvailableSyslogServers(test.syslogServers)
+			assert.Equal(tt, test.expectedSyslogServer, actual)
 		})
 	}
 }

internal/config/config.go

@@ -848,6 +848,14 @@ func normalizeFunc(f *flag.FlagSet, name string) flag.NormalizedName {
 }
 
 func resolveLog() *Log {
+	logLevel := strings.ToLower(viperInstance.GetString(LogLevelKey))
+	validLevels := []string{"debug", "info", "warn", "error"}
+
+	if !slices.Contains(validLevels, logLevel) {
+		slog.Warn("Invalid log level set, defaulting to 'info'", "log_level", logLevel)
+		viperInstance.Set(LogLevelKey, "info")
+	}
+
 	return &Log{
 		Level: viperInstance.GetString(LogLevelKey),
 		Path:  viperInstance.GetString(LogPathKey),
@@ -1227,6 +1235,10 @@ func isHealthExtensionSet() bool {
 }
 
 func resolveCollectorLog() *Log {
+	if !viperInstance.IsSet(CollectorLogLevelKey) {
+		viperInstance.Set(CollectorLogLevelKey, strings.ToUpper(viperInstance.GetString(LogLevelKey)))
+	}
+
 	return &Log{
 		Level: viperInstance.GetString(CollectorLogLevelKey),
 		Path:  viperInstance.GetString(CollectorLogPathKey),