Skip to content

Add JSON logging format support for scan jobs and enforcer#539

Open
moshemorad wants to merge 4 commits into
mainfrom
claude/json-log-format-runner-vqbzst
Open

Add JSON logging format support for scan jobs and enforcer#539
moshemorad wants to merge 4 commits into
mainfrom
claude/json-log-format-runner-vqbzst

Conversation

@moshemorad

Copy link
Copy Markdown
Contributor

Summary

Add opt-in JSON log output (one object per line) so KRR logs are easier to index, search, and filter with log scrapers such as Filebeat. This aligns KRR with the logging approach used across the other Robusta services (runner, Holmes, relay), all driven by the same ENABLE_JSON_LOGS_FORMAT toggle. Part of ROB-459.

Key Changes

  • Scanner (robusta_krr/core/models/config.py): set_config() emits a python-json-logger JsonFormatter (with levelnameseverity) when ENABLE_JSON_LOGS_FORMAT is set. This is read from the environment only — never a CLI flag — so the interactive CLI keeps its Rich output. The runner sets this env var on the KRR scan Job (only when KRR_PUSH_SCAN is enabled, since the non-push path parses the result out of the job's combined stdout/stderr logs).
  • Enforcer (enforcer/enforcer_main.py): the resident enforcer pod swaps its plain formatter for the same JSON formatter when the toggle is set.
  • Helm (helm/krr-enforcer): new enableJsonLogsFormat value (with global.enableJsonLogsFormat honored as a fallback) wired to the ENABLE_JSON_LOGS_FORMAT container env var.
  • Dependencies: add python-json-logger; poetry.lock regenerated with Poetry 1.8.5 (matching the committed lock's generator) so the change is limited to adding the new package.

Notes

  • Default behavior is unchanged: with the toggle off, the scanner keeps Rich output and the enforcer keeps its plain text format.
  • The interactive CLI is intentionally never switched to JSON.

🤖 Generated with Claude Code

https://claude.ai/code/session_01AozEpN8uwPRQuF8FPRX4Jy


Generated by Claude Code

@coderabbitai

coderabbitai Bot commented Jul 13, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 0a683bf2-9ca4-4aea-aef3-9e5653bdf0bb

📥 Commits

Reviewing files that changed from the base of the PR and between 2657080 and cefb2b2.

📒 Files selected for processing (2)
  • enforcer/enforcer_main.py
  • robusta_krr/core/models/config.py
🚧 Files skipped from review as they are similar to previous changes (2)
  • enforcer/enforcer_main.py
  • robusta_krr/core/models/config.py

Walkthrough

Adds optional JSON log formatting controlled by ENABLE_JSON_LOGS_FORMAT, updates both Python logging paths, adds the JSON logger dependency, and wires the setting through Helm values into the enforcer Deployment.

Changes

JSON logging configuration

Layer / File(s) Summary
Runtime JSON logging setup
pyproject.toml, requirements.txt, enforcer/requirements.txt, robusta_krr/core/models/config.py, enforcer/enforcer_main.py
Adds python-json-logger and selects JSON or existing plain-text formatting based on the environment variable, including the severity field mapping.
Helm logging value wiring
helm/krr-enforcer/values.yaml, helm/krr-enforcer/templates/enforcer.yaml
Adds the logging toggle and injects ENABLE_JSON_LOGS_FORMAT into the Deployment using global, local, and default values.

Estimated code review effort: 2 (Simple) | ~10 minutes

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly describes the main change: adding JSON logging support for scan jobs and the enforcer.
Description check ✅ Passed The description is directly related to the changes and accurately summarizes the JSON logging work.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch claude/json-log-format-runner-vqbzst

Comment @coderabbitai help to get the list of available commands.

claude added 3 commits July 14, 2026 11:00
Add an opt-in ENABLE_JSON_LOGS_FORMAT toggle so KRR emits logs as JSON
(one object per line) instead of the default output, matching the format
used across Robusta services. This makes logs easier to index and filter
with scrapers like Filebeat.

- config.py set_config(): env-driven JSON branch (never a CLI flag, so
  the interactive CLI keeps its Rich output); used when KRR runs as an
  in-cluster scan job
- enforcer_main.py: JSON formatter branch for the enforcer pod
- helm/krr-enforcer: enableJsonLogsFormat value + env var
- add python-json-logger dependency

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01AozEpN8uwPRQuF8FPRX4Jy
Signed-off-by: Claude <noreply@anthropic.com>
Re-lock with the same Poetry version that generated the committed lock
(1.8.5) so the change is limited to adding python-json-logger instead of
rewriting the whole file in the 2.x lock format.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01AozEpN8uwPRQuF8FPRX4Jy
Signed-off-by: Claude <noreply@anthropic.com>
The scanner and enforcer Docker images install dependencies with
`pip install -r requirements.txt`, not Poetry, so adding the package to
pyproject.toml/poetry.lock alone did not make it available at runtime —
the scanner crashed with `ModuleNotFoundError: No module named
'pythonjsonlogger'` when ENABLE_JSON_LOGS_FORMAT was enabled.

Add python-json-logger==3.3.0 to both requirements.txt (scanner) and
enforcer/requirements.txt so the module is present in the images.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01AozEpN8uwPRQuF8FPRX4Jy
Signed-off-by: Claude <noreply@anthropic.com>
@moshemorad moshemorad force-pushed the claude/json-log-format-runner-vqbzst branch from a49795e to 2657080 Compare July 14, 2026 11:00
naomi-robusta
naomi-robusta previously approved these changes Jul 14, 2026
Comment thread enforcer/enforcer_main.py Outdated
Comment thread robusta_krr/core/models/config.py Outdated
Address review: import JsonFormatter at the top of enforcer_main.py and
config.py instead of inside the ENABLE_JSON_LOGS_FORMAT branch. In
enforcer_main.py it goes after the custom-certificate setup, since the
JSON formatter does not initialize any HTTP client.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01AozEpN8uwPRQuF8FPRX4Jy
Signed-off-by: Claude <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants