chore: fix ProxyChannelStateMachine logging policy compliance (kroxylicious#3752)

SamBarker · web-flow · commit 60261b007acf · 2026-04-28T09:27:27.000Z
* Fix ProxyChannelStateMachine logging policy compliance All log statements now include sessionId and virtualCluster as structured key-values, enabling operators to correlate log events to a specific session and cluster. Separate remoteHost/remotePort and clientHost/clientPort keys are replaced with combined address and clientAddress keys per policy. Assisted-by: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: Sam Barker <sam@quadrocket.co.uk> * ensure the mock handler behaves Signed-off-by: Sam Barker <sam@quadrocket.co.uk> # Conflicts: # kroxylicious-runtime/src/test/java/io/kroxylicious/proxy/internal/ProxyChannelStateMachineTest.java * Extract sessionId and virtualCluster log key constants Avoids duplicating the string literals across every log call in the class. Assisted-by: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: Sam Barker <sam@quadrocket.co.uk> * Revert "Extract sessionId and virtualCluster log key constants" This reverts commit fe33af2. Signed-off-by: Sam Barker <sam@quadrocket.co.uk> * Extract log(Level) helper to PSCM to reduce per-call boilerplate Adds a private log(Level) method that pre-populates sessionId and virtualCluster on the LoggingEventBuilder before returning it to the call site, mirroring the pattern already used by FilterHandler. Assisted-by: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: Sam Barker <sam@quadrocket.co.uk> * Use Supplier form of addKeyValue for lazily-evaluated address keys Avoids string construction when DEBUG/INFO logging is disabled. Assisted-by: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: Sam Barker <sam@quadrocket.co.uk> * Extract local variable to avoid requireNonNull inside logging supplier Assisted-by: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: Sam Barker <sam@quadrocket.co.uk> --------- Signed-off-by: Sam Barker <sam@quadrocket.co.uk>
diff --git a/kroxylicious-runtime/src/main/java/io/kroxylicious/proxy/internal/ProxyChannelStateMachine.java b/kroxylicious-runtime/src/main/java/io/kroxylicious/proxy/internal/ProxyChannelStateMachine.java
@@ -17,6 +17,8 @@
 import org.apache.kafka.common.protocol.ApiKeys;
 import org.apache.kafka.common.protocol.Errors;
 import org.slf4j.Logger;
+import org.slf4j.event.Level;
+import org.slf4j.spi.LoggingEventBuilder;
 
 import io.micrometer.core.instrument.Counter;
 import io.micrometer.core.instrument.Timer;
@@ -224,6 +226,8 @@ void forceState(ProxyChannelState state,
                     KafkaSession kafkaSession,
                     int transportAndBackendLatch) {
         LOGGER.atInfo()
+                .addKeyValue("sessionId", kafkaSession.sessionId())
+                .addKeyValue("virtualCluster", clusterName())
                 .addKeyValue("state", state)
                 .addKeyValue("frontendHandler", frontendHandler)
                 .addKeyValue("backendHandler", backendHandler)
@@ -332,10 +336,8 @@ public void onServerWritable() {
     void onClientActive(KafkaProxyFrontendHandler frontendHandler) {
         if (STARTING_STATE.equals(this.state)) {
             this.frontendHandler = frontendHandler;
-            LOGGER.atDebug()
-                    .addKeyValue("sessionId", kafkaSession.sessionId())
-                    .addKeyValue("remoteHost", Objects.requireNonNull(this.frontendHandler).remoteHost())
-                    .addKeyValue("remotePort", this.frontendHandler.remotePort())
+            log(Level.DEBUG)
+                    .addKeyValue("address", () -> HostPort.asString(frontendHandler.remoteHost(), frontendHandler.remotePort()))
                     .log("Allocated session ID for downstream connection");
             ProxyChannelState.ClientActive clientActive = STARTING_STATE.toClientActive();
             toClientActive(clientActive, frontendHandler);
@@ -387,7 +389,7 @@ void onServerActive() {
      */
     void illegalState(String msg) {
         if (!(state instanceof Closed)) {
-            LOGGER.atError()
+            log(Level.ERROR)
                     .addKeyValue("state", state)
                     .addKeyValue("message", msg)
                     .log("Unexpected event, closing channels with no client response");
@@ -496,7 +498,7 @@ void onClientIdle() {
      */
     @SuppressWarnings("java:S5738")
     void onServerException(@Nullable Throwable cause) {
-        LOGGER.atWarn()
+        log(Level.WARN)
                 .addKeyValue("error", cause != null ? cause.getMessage() : "")
                 .setCause(LOGGER.isDebugEnabled() ? cause : null)
                 .log(LOGGER.isDebugEnabled()
@@ -522,15 +524,15 @@ void onClientException(@Nullable Throwable cause) {
                     : " Possible unexpected TLS handshake? When connecting via TLS from your client, make sure to enable TLS for the Kroxylicious gateway ("
                             + StableKroxyliciousLinkGenerator.INSTANCE.errorLink(StableKroxyliciousLinkGenerator.CLIENT_TLS)
                             + ").";
-            LOGGER.atWarn()
+            log(Level.WARN)
                     .addKeyValue("maxFrameSizeBytes", e.getMaxFrameSizeBytes())
                     .addKeyValue("receivedFrameSizeBytes", e.getReceivedFrameSizeBytes())
                     .addKeyValue("hint", tlsHint)
                     .log("Received over-sized frame from client, other possible causes are: an oversized Kafka frame, or something unexpected like an HTTP request");
             errorCodeEx = Errors.INVALID_REQUEST.exception();
         }
         else {
-            LOGGER.atWarn()
+            log(Level.WARN)
                     .addKeyValue("error", cause != null ? cause.getMessage() : "")
                     .setCause(LOGGER.isDebugEnabled() ? cause : null)
                     .log(LOGGER.isDebugEnabled()
@@ -632,11 +634,10 @@ private void toConnecting(
         backendHandler = new KafkaProxyBackendHandler(this);
         Objects.requireNonNull(frontendHandler).inConnecting(connecting.remote(), backendHandler);
         proxyToServerConnectionCounter.increment();
-        LOGGER.atDebug()
-                .addKeyValue("sessionId", kafkaSession.sessionId())
+        var frontend = Objects.requireNonNull(this.frontendHandler);
+        log(Level.DEBUG)
                 .addKeyValue("remote", connecting.remote())
-                .addKeyValue("clientHost", Objects.requireNonNull(this.frontendHandler).remoteHost())
-                .addKeyValue("clientPort", this.frontendHandler.remotePort())
+                .addKeyValue("clientAddress", () -> HostPort.asString(frontend.remoteHost(), frontend.remotePort()))
                 .log("Upstream connection established for client");
     }
 
@@ -743,13 +744,26 @@ private void incrementAppropriateDisconnectsMetric(@Nullable DisconnectCause dis
     }
 
     private void setState(ProxyChannelState state) {
-        LOGGER.atTrace()
+        log(Level.TRACE)
                 .addKeyValue("stateMachine", this)
                 .addKeyValue("targetState", state)
                 .log("Transitioning to state");
         this.state = state;
     }
 
+    private LoggingEventBuilder log(Level level) {
+        LoggingEventBuilder builder = switch (level) {
+            case ERROR -> LOGGER.atError();
+            case WARN -> LOGGER.atWarn();
+            case INFO -> LOGGER.atInfo();
+            case DEBUG -> LOGGER.atDebug();
+            case TRACE -> LOGGER.atTrace();
+        };
+        return builder
+                .addKeyValue("sessionId", kafkaSession.sessionId())
+                .addKeyValue("virtualCluster", clusterName());
+    }
+
     private static boolean isMessageApiVersionsRequest(Object msg) {
         return msg instanceof DecodedRequestFrame
                 && ((DecodedRequestFrame<?>) msg).apiKey() == ApiKeys.API_VERSIONS;
diff --git a/kroxylicious-runtime/src/test/java/io/kroxylicious/proxy/internal/ProxyChannelStateMachineTest.java b/kroxylicious-runtime/src/test/java/io/kroxylicious/proxy/internal/ProxyChannelStateMachineTest.java
@@ -112,6 +112,8 @@ void setUp() {
         when(endpointGateway.virtualCluster()).thenReturn(VIRTUAL_CLUSTER_MODEL);
         proxyChannelStateMachine = new ProxyChannelStateMachine(endpointBinding, new DefaultSubjectBuilder(List.of()), new KafkaSession(KafkaSessionState.ESTABLISHING));
         when(frontendHandler.channelId()).thenReturn(DefaultChannelId.newInstance());
+        when(frontendHandler.remoteHost()).thenReturn("testhost.example.com");
+        when(frontendHandler.remotePort()).thenReturn(9476);
         // Make the executor run tasks synchronously for tests
         when(frontendHandler.eventLoopExecutor()).thenReturn(Runnable::run);
     }

Original file line number	Diff line number	Diff line change
`@@ -112,6 +112,8 @@ void setUp() {`
`112`	`112`	`when(endpointGateway.virtualCluster()).thenReturn(VIRTUAL_CLUSTER_MODEL);`
`113`	`113`	`proxyChannelStateMachine = new ProxyChannelStateMachine(endpointBinding, new DefaultSubjectBuilder(List.of()), new KafkaSession(KafkaSessionState.ESTABLISHING));`
`114`	`114`	`when(frontendHandler.channelId()).thenReturn(DefaultChannelId.newInstance());`
	`115`	`+ when(frontendHandler.remoteHost()).thenReturn("testhost.example.com");`
	`116`	`+ when(frontendHandler.remotePort()).thenReturn(9476);`
`115`	`117`	`// Make the executor run tasks synchronously for tests`
`116`	`118`	`when(frontendHandler.eventLoopExecutor()).thenReturn(Runnable::run);`
`117`	`119`	`}`