Add JSON logging format support for scan jobs and enforcer#539
Open
moshemorad wants to merge 4 commits into
Open
Add JSON logging format support for scan jobs and enforcer#539moshemorad wants to merge 4 commits into
moshemorad wants to merge 4 commits into
Conversation
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (2)
🚧 Files skipped from review as they are similar to previous changes (2)
WalkthroughAdds optional JSON log formatting controlled by ChangesJSON logging configuration
Estimated code review effort: 2 (Simple) | ~10 minutes 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Comment |
Add an opt-in ENABLE_JSON_LOGS_FORMAT toggle so KRR emits logs as JSON (one object per line) instead of the default output, matching the format used across Robusta services. This makes logs easier to index and filter with scrapers like Filebeat. - config.py set_config(): env-driven JSON branch (never a CLI flag, so the interactive CLI keeps its Rich output); used when KRR runs as an in-cluster scan job - enforcer_main.py: JSON formatter branch for the enforcer pod - helm/krr-enforcer: enableJsonLogsFormat value + env var - add python-json-logger dependency Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01AozEpN8uwPRQuF8FPRX4Jy Signed-off-by: Claude <noreply@anthropic.com>
Re-lock with the same Poetry version that generated the committed lock (1.8.5) so the change is limited to adding python-json-logger instead of rewriting the whole file in the 2.x lock format. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01AozEpN8uwPRQuF8FPRX4Jy Signed-off-by: Claude <noreply@anthropic.com>
The scanner and enforcer Docker images install dependencies with `pip install -r requirements.txt`, not Poetry, so adding the package to pyproject.toml/poetry.lock alone did not make it available at runtime — the scanner crashed with `ModuleNotFoundError: No module named 'pythonjsonlogger'` when ENABLE_JSON_LOGS_FORMAT was enabled. Add python-json-logger==3.3.0 to both requirements.txt (scanner) and enforcer/requirements.txt so the module is present in the images. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01AozEpN8uwPRQuF8FPRX4Jy Signed-off-by: Claude <noreply@anthropic.com>
a49795e to
2657080
Compare
naomi-robusta
previously approved these changes
Jul 14, 2026
Address review: import JsonFormatter at the top of enforcer_main.py and config.py instead of inside the ENABLE_JSON_LOGS_FORMAT branch. In enforcer_main.py it goes after the custom-certificate setup, since the JSON formatter does not initialize any HTTP client. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01AozEpN8uwPRQuF8FPRX4Jy Signed-off-by: Claude <noreply@anthropic.com>
naomi-robusta
approved these changes
Jul 14, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Add opt-in JSON log output (one object per line) so KRR logs are easier to index, search, and filter with log scrapers such as Filebeat. This aligns KRR with the logging approach used across the other Robusta services (runner, Holmes, relay), all driven by the same
ENABLE_JSON_LOGS_FORMATtoggle. Part of ROB-459.Key Changes
robusta_krr/core/models/config.py):set_config()emits apython-json-loggerJsonFormatter(withlevelname→severity) whenENABLE_JSON_LOGS_FORMATis set. This is read from the environment only — never a CLI flag — so the interactive CLI keeps its Rich output. The runner sets this env var on the KRR scan Job (only whenKRR_PUSH_SCANis enabled, since the non-push path parses the result out of the job's combined stdout/stderr logs).enforcer/enforcer_main.py): the resident enforcer pod swaps its plain formatter for the same JSON formatter when the toggle is set.helm/krr-enforcer): newenableJsonLogsFormatvalue (withglobal.enableJsonLogsFormathonored as a fallback) wired to theENABLE_JSON_LOGS_FORMATcontainer env var.python-json-logger;poetry.lockregenerated with Poetry 1.8.5 (matching the committed lock's generator) so the change is limited to adding the new package.Notes
🤖 Generated with Claude Code
https://claude.ai/code/session_01AozEpN8uwPRQuF8FPRX4Jy
Generated by Claude Code