Add option to disable capturing network activity log (#113)

google · Oct 10, 2024 · 334c034 · 334c034
1 parent 97bd98b
commit 334c034
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 14 deletions.
diff --git a/cmd/proxy/main.go b/cmd/proxy/main.go
@@ -57,7 +57,9 @@ func main() {
 			log.Fatalf("Error unmarshaling policy file content: %v", err)
 		}
 	}
-	proxyService := proxy.NewTransparentProxyService(p, ca, proxy.PolicyMode(*policyMode), &pl)
+	proxyService := proxy.NewTransparentProxyService(p, ca, proxy.PolicyMode(*policyMode), proxy.TransparentProxyServiceOpts{
+		Policy: &pl,
+	})
 	proxyService.Proxy.OnRequest().DoFunc(
 		func(req *http.Request, ctx *goproxy.ProxyCtx) (*http.Request, *http.Response) {
 			return proxyService.ApplyNetworkPolicy(req, ctx)

diff --git a/pkg/proxy/proxy/transparent.go b/pkg/proxy/proxy/transparent.go
@@ -87,31 +87,41 @@ func (m PolicyMode) IsValid() bool {
 
 // TransparentProxyService transparently proxies HTTP and HTTPS traffic.
 type TransparentProxyService struct {
-	Proxy      *goproxy.ProxyHttpServer
-	Ca         *tls.Certificate
-	NetworkLog *netlog.NetworkActivityLog
-	Policy     *policy.Policy
-	Mode       PolicyMode
+	Proxy  *goproxy.ProxyHttpServer
+	Ca     *tls.Certificate
+	Policy *policy.Policy
+	Mode   PolicyMode
 
-	mx *sync.Mutex
+	mx         *sync.Mutex
+	networkLog *netlog.NetworkActivityLog
+}
+
+// TransparentProxyServiceOpts defines the optional parameters for creating a TransparentProxyService.
+type TransparentProxyServiceOpts struct {
+	Policy      *policy.Policy
+	SkipLogging bool
 }
 
 // NewTransparentProxyService creates a new TransparentProxyService.
-func NewTransparentProxyService(p *goproxy.ProxyHttpServer, ca *tls.Certificate, mode PolicyMode, pl *policy.Policy) TransparentProxyService {
+func NewTransparentProxyService(p *goproxy.ProxyHttpServer, ca *tls.Certificate, mode PolicyMode, opts TransparentProxyServiceOpts) TransparentProxyService {
 	m := new(sync.Mutex)
 	if !mode.IsValid() {
 		log.Fatalf("Invalid proxy mode specified: %v", mode)
 	}
-	if mode != DisabledMode && pl == nil {
-		log.Fatalf("Invalid policy: %v", pl)
+	if mode != DisabledMode && opts.Policy == nil {
+		log.Fatalf("Invalid policy: %v", opts.Policy)
+	}
+	networkLog := &netlog.NetworkActivityLog{}
+	if !opts.SkipLogging {
+		networkLog = netlog.CaptureActivityLog(p, m)
 	}
 	return TransparentProxyService{
 		Proxy:      p,
 		Ca:         ca,
-		NetworkLog: netlog.CaptureActivityLog(p, m),
 		Mode:       mode,
-		Policy:     pl,
+		Policy:     opts.Policy,
 		mx:         m,
+		networkLog: networkLog,
 	}
 }
 
@@ -194,7 +204,7 @@ func (t *TransparentProxyService) ServeAdmin(addr string) {
 		defer t.mx.Unlock()
 		enc := json.NewEncoder(w)
 		enc.SetIndent("", "  ")
-		if err := enc.Encode(t.NetworkLog); err != nil {
+		if err := enc.Encode(t.networkLog); err != nil {
 			log.Printf("Failed to marshal metadata: %v", err)
 			http.Error(w, "Internal Error", http.StatusInternalServerError)
 		}

diff --git a/pkg/proxy/proxy/transparent_test.go b/pkg/proxy/proxy/transparent_test.go
@@ -207,7 +207,9 @@ func TestPolicyEndpoint(t *testing.T) {
 			wantResp:   http.StatusMethodNotAllowed,
 		},
 	}
-	proxyService := NewTransparentProxyService(NewTransparentProxyServer(false), nil, "enforce", &policy.Policy{})
+	proxyService := NewTransparentProxyService(NewTransparentProxyServer(false), nil, "enforce", TransparentProxyServiceOpts{
+		Policy: &policy.Policy{},
+	})
 	policy.RegisterRule("URLMatchRule", func() policy.Rule { return &policy.URLMatchRule{} })
 	mux := http.NewServeMux()
 	mux.HandleFunc("/policy", proxyService.policyHandler)