Add exclude logging path option

Useful for excluding /ping endpoint to reduce log volume.
This is somewhat more verbose than a simple bool to disable logging of
the `/ping` endpoint.

Perhaps better to add `-silence-ping-logging` bool flag to `options.go` and
pass in the `/ping` endpoint as part of `logger` declaration in `options.go`.

Could be extended into a slice of paths similar to go-gin's `SkipPaths`:
https://github.com/gin-gonic/gin/blob/master/logger.go#L46

docs/configuration/configuration.md

@@ -42,6 +42,7 @@ Usage of oauth2_proxy:
   -display-htpasswd-form: display username / password login form if an htpasswd file is provided (default true)
   -email-domain value: authenticate emails with the specified domain (may be given multiple times). Use * to authenticate any email
   -extra-jwt-issuers: if -skip-jwt-bearer-tokens is set, a list of extra JWT issuer=audience pairs (where the issuer URL has a .well-known/openid-configuration or a .well-known/jwks.json)
+  -exclude-logging-path: don't log requests to this path, eg: /ping (default "" = no paths excluded)
   -flush-interval: period between flushing response buffers when streaming responses (default "1s")
   -banner string: custom banner string. Use "-" to disable default banner.
   -footer string: custom footer string. Use "-" to disable default footer.
@@ -90,7 +91,6 @@ Usage of oauth2_proxy:
   -set-xauthrequest: set X-Auth-Request-User and X-Auth-Request-Email response headers (useful in Nginx auth_request mode)
   -set-authorization-header: set Authorization Bearer response header (useful in Nginx auth_request mode)
   -signature-key string: GAP-Signature request signature key (algorithm:secretkey)
-  -silence-ping-logging bool: disable logging of requests to ping endpoint (default false) 
   -skip-auth-preflight: will skip authentication for OPTIONS requests
   -skip-auth-regex value: bypass authentication for requests path's that match (may be given multiple times)
   -skip-jwt-bearer-tokens: will skip requests that have verified JWT bearer tokens
@@ -140,7 +140,7 @@ There are three different types of logging: standard, authentication, and HTTP r
 
 Each type of logging has their own configurable format and variables. By default these formats are similar to the Apache Combined Log.
 
-Logging of requests to the `/ping` endpoint can be disabled with `-silence-ping-logging` reducing log volume.
+A specific path can be excluded from request logs by setting `-exclude-logging-path`. This is useful for disabling logging of requests to the `/ping` endpoint to reduce log volume when health checking `oauth2_proxy`.
 
 ### Auth Log Format
 Authentication logs are logs which are guaranteed to contain a username or email address of a user attempting to authenticate. These logs are output by default in the below format:

logging_handler_test.go

@@ -19,15 +19,15 @@ func TestLoggingHandler_ServeHTTP(t *testing.T) {
 		Format,
 		ExpectedLogMessage,
 		Path string
-		SilentPing bool
+		ExcludePath string
 	}{
-		{logger.DefaultRequestLoggingFormat, fmt.Sprintf("127.0.0.1 - - [%s] test-server GET - \"/foo/bar\" HTTP/1.1 \"\" 200 4 0.000\n", logger.FormatTimestamp(ts)), "/foo/bar", false},
-		{logger.DefaultRequestLoggingFormat, fmt.Sprintf("127.0.0.1 - - [%s] test-server GET - \"/foo/bar\" HTTP/1.1 \"\" 200 4 0.000\n", logger.FormatTimestamp(ts)), "/foo/bar", true},
-		{logger.DefaultRequestLoggingFormat, fmt.Sprintf("127.0.0.1 - - [%s] test-server GET - \"/ping\" HTTP/1.1 \"\" 200 4 0.000\n", logger.FormatTimestamp(ts)), "/ping", false},
-		{"{{.RequestMethod}}", "GET\n", "/foo/bar", false},
-		{"{{.RequestMethod}}", "GET\n", "/foo/bar", true},
-		{"{{.RequestMethod}}", "GET\n", "/ping", false},
-		{"{{.RequestMethod}}", "", "/ping", true},
+		{logger.DefaultRequestLoggingFormat, fmt.Sprintf("127.0.0.1 - - [%s] test-server GET - \"/foo/bar\" HTTP/1.1 \"\" 200 4 0.000\n", logger.FormatTimestamp(ts)), "/foo/bar", ""},
+		{logger.DefaultRequestLoggingFormat, fmt.Sprintf("127.0.0.1 - - [%s] test-server GET - \"/foo/bar\" HTTP/1.1 \"\" 200 4 0.000\n", logger.FormatTimestamp(ts)), "/foo/bar", "/ping"},
+		{logger.DefaultRequestLoggingFormat, fmt.Sprintf("127.0.0.1 - - [%s] test-server GET - \"/ping\" HTTP/1.1 \"\" 200 4 0.000\n", logger.FormatTimestamp(ts)), "/ping", ""},
+		{"{{.RequestMethod}}", "GET\n", "/foo/bar", ""},
+		{"{{.RequestMethod}}", "GET\n", "/foo/bar", "/ping"},
+		{"{{.RequestMethod}}", "GET\n", "/ping", ""},
+		{"{{.RequestMethod}}", "", "/ping", "/ping"},
 	}
 
 	for _, test := range tests {
@@ -43,7 +43,7 @@ func TestLoggingHandler_ServeHTTP(t *testing.T) {
 
 		logger.SetOutput(buf)
 		logger.SetReqTemplate(test.Format)
-		logger.SetSilentPing(test.SilentPing)
+		logger.SetExcludePath(test.ExcludePath)
 		h := LoggingHandler(http.HandlerFunc(handler))
 
 		r, _ := http.NewRequest("GET", test.Path, nil)

main.go

@@ -98,7 +98,7 @@ func main() {
 
 	flagSet.Bool("request-logging", true, "Log HTTP requests")
 	flagSet.String("request-logging-format", logger.DefaultRequestLoggingFormat, "Template for HTTP request log lines")
-	flagSet.Bool("silence-ping-logging", false, "Disable logging of requests to ping endpoint")
+	flagSet.String("exclude-logging-path", "", "Exclude logging requests to path (eg: /ping)")
 
 	flagSet.Bool("auth-logging", true, "Log authentication attempts")
 	flagSet.String("auth-logging-format", logger.DefaultAuthLoggingFormat, "Template for authentication log lines")

options.go

@@ -105,9 +105,9 @@ type Options struct {
 	RequestLoggingFormat  string `flag:"request-logging-format" cfg:"request_logging_format" env:"OAUTH2_PROXY_REQUEST_LOGGING_FORMAT"`
 	PingPath              string `flag:"ping-path" cfg:"ping_path" env:"OAUTH2_PROXY_PING_PATH"`
 	SilencePingLogging    bool   `flag:"silence-ping-logging" cfg:"silence_ping_logging" env:"OAUTH2_PROXY_SILENCE_PING_LOGGING"`
+	ExcludeLoggingPath    string `flag:"exclude-logging-path" cfg:"exclude_logging_path" env:"OAUTH2_PROXY_EXCLUDE_LOGGING_PATH"`
 	AuthLogging           bool   `flag:"auth-logging" cfg:"auth_logging" env:"OAUTH2_PROXY_LOGGING_AUTH_LOGGING"`
 	AuthLoggingFormat     string `flag:"auth-logging-format" cfg:"auth_logging_format" env:"OAUTH2_PROXY_AUTH_LOGGING_FORMAT"`
-
 	SignatureKey          string `flag:"signature-key" cfg:"signature_key" env:"OAUTH2_PROXY_SIGNATURE_KEY"`
 	AcrValues             string `flag:"acr-values" cfg:"acr_values" env:"OAUTH2_PROXY_ACR_VALUES"`
 	JWTKey                string `flag:"jwt-key" cfg:"jwt_key" env:"OAUTH2_PROXY_JWT_KEY"`
@@ -167,6 +167,7 @@ func NewOptions() *Options {
 		LoggingMaxBackups:                0,
 		LoggingLocalTime:                 true,
 		LoggingCompress:                  false,
+		ExcludeLoggingPath:               "",
 		PingPath:                         "/ping",
 		SilencePingLogging:               false,
 		StandardLogging:                  true,
@@ -571,8 +572,7 @@ func setupLogger(o *Options, msgs []string) []string {
 	logger.SetStandardEnabled(o.StandardLogging)
 	logger.SetAuthEnabled(o.AuthLogging)
 	logger.SetReqEnabled(o.RequestLogging)
-	logger.SetSilentPing(o.SilencePingLogging)
-	logger.SetPingPath(o.PingPath)
+	logger.SetExcludePath(o.ExcludeLoggingPath)
 	logger.SetStandardTemplate(o.StandardLoggingFormat)
 	logger.SetAuthTemplate(o.AuthLoggingFormat)
 	logger.SetReqTemplate(o.RequestLoggingFormat)

pkg/logger/logger.go

@@ -88,8 +88,7 @@ type Logger struct {
 	stdEnabled     bool
 	authEnabled    bool
 	reqEnabled     bool
-	silentPing     bool
-	pingPath       string
+	excludePath    string
 	stdLogTemplate *template.Template
 	authTemplate   *template.Template
 	reqTemplate    *template.Template
@@ -103,8 +102,7 @@ func New(flag int) *Logger {
 		stdEnabled:     true,
 		authEnabled:    true,
 		reqEnabled:     true,
-		silentPing:     false,
-		pingPath:       "/ping",
+		excludePath:    "",
 		stdLogTemplate: template.Must(template.New("std-log").Parse(DefaultStandardLoggingFormat)),
 		authTemplate:   template.Must(template.New("auth-log").Parse(DefaultAuthLoggingFormat)),
 		reqTemplate:    template.Must(template.New("req-log").Parse(DefaultRequestLoggingFormat)),
@@ -181,7 +179,7 @@ func (l *Logger) PrintReq(username, upstream string, req *http.Request, url url.
 		return
 	}
 
-	if url.Path == l.pingPath && l.silentPing {
+	if url.Path == l.excludePath {
 		return
 	}
 	duration := float64(time.Now().Sub(ts)) / float64(time.Second)
@@ -309,18 +307,11 @@ func (l *Logger) SetReqEnabled(e bool) {
 	l.reqEnabled = e
 }
 
-// SetPingPath sets the ping path.
-func (l *Logger) SetPingPath(s string) {
+// SetExcludePath sets the path to exclude from logging.
+func (l *Logger) SetExcludePath(s string) {
 	l.mu.Lock()
 	defer l.mu.Unlock()
-	l.pingPath = s
-}
-
-// SetSilentPing disables ping request logging.
-func (l *Logger) SetSilentPing(e bool) {
-	l.mu.Lock()
-	defer l.mu.Unlock()
-	l.silentPing = e
+	l.excludePath = s
 }
 
 // SetStandardTemplate sets the template for standard logging.
@@ -386,15 +377,9 @@ func SetReqEnabled(e bool) {
 	std.SetReqEnabled(e)
 }
 
-// SetPingPath sets the healthcheck endpoint path.
-// FIXME: Seems wrong to define this
-func SetPingPath(s string) {
-	std.SetPingPath(s)
-}
-
-// SetSilentPing disables request logging for the ping endpoint.
-func SetSilentPing(e bool) {
-	std.SetSilentPing(e)
+// SetExcludePath sets the path to exclude from logging, eg: health checks
+func SetExcludePath(s string) {
+	std.SetExcludePath(s)
 }
 
 // SetStandardTemplate sets the template for standard logging for