Replace more Logrus usage with Slog (#46757)

* Remove logrus from lib/auth/machineid * Switch authclient.Config.Log and TunnelAuthDialerConfig.Log to Slog * Add *slog.Logger to auth.Server * Remove logrus usage in `lib/auth/access.go` * Replace logrus with slog in lib/auth/accountrecovery.go * Replace logrus with slog in `lib/auth/apiserver.go` * Add missing logger to auth.Server * Fix test
gravitational · Sep 19, 2024 · cb6d927 · cb6d927
1 parent c76965e
commit cb6d927
Show file tree

Hide file tree

Showing 18 changed files with 187 additions and 93 deletions.
diff --git a/integration/tctl_terraform_env_test.go b/integration/tctl_terraform_env_test.go
@@ -23,6 +23,7 @@ import (
 	"bytes"
 	"context"
 	"encoding/base64"
+	"log/slog"
 	"os"
 	"path/filepath"
 	"strings"
@@ -235,7 +236,7 @@ func getAuthClientForProxy(t *testing.T, tc *helpers.TeleInstance, username stri
 		TLS:                  tlsConfig,
 		SSH:                  sshConfig,
 		AuthServers:          []utils.NetAddr{*authAddr},
-		Log:                  utils.NewLoggerForTests(),
+		Log:                  utils.NewSlogLoggerForTests(),
 		CircuitBreakerConfig: breaker.Config{},
 		DialTimeout:          0,
 		DialOpts:             nil,
@@ -258,7 +259,7 @@ func getAuthClientForProxy(t *testing.T, tc *helpers.TeleInstance, username stri
 	dialer, err := reversetunnelclient.NewTunnelAuthDialer(reversetunnelclient.TunnelAuthDialerConfig{
 		Resolver:              resolver,
 		ClientConfig:          clientConfig.SSH,
-		Log:                   clientConfig.Log,
+		Log:                   slog.Default(),
 		InsecureSkipTLSVerify: clientConfig.Insecure,
 		GetClusterCAs:         client.ClusterCAsFromCertPool(clientConfig.TLS.RootCAs),
 	})
@@ -288,7 +289,7 @@ func getAuthClientForAuth(t *testing.T, tc *helpers.TeleInstance, username strin
 	clientConfig := &authclient.Config{
 		TLS:                  tlsConfig,
 		AuthServers:          []utils.NetAddr{*authAddr},
-		Log:                  utils.NewLoggerForTests(),
+		Log:                  utils.NewSlogLoggerForTests(),
 		CircuitBreakerConfig: breaker.Config{},
 		DialTimeout:          0,
 		DialOpts:             nil,

diff --git a/lib/auth/access.go b/lib/auth/access.go
@@ -51,7 +51,7 @@ func (a *Server) CreateRole(ctx context.Context, role types.Role) (types.Role, e
 		},
 		ConnectionMetadata: authz.ConnectionMetadata(ctx),
 	}); err != nil {
-		log.WithError(err).Warnf("Failed to emit role create event.")
+		a.logger.WarnContext(ctx, "Failed to emit role create event.", "error", err)
 	}
 	return created, nil
 }
@@ -74,7 +74,7 @@ func (a *Server) UpdateRole(ctx context.Context, role types.Role) (types.Role, e
 		},
 		ConnectionMetadata: authz.ConnectionMetadata(ctx),
 	}); err != nil {
-		log.WithError(err).Warnf("Failed to emit role create event.")
+		a.logger.WarnContext(ctx, "Failed to emit role update event.", "error", err)
 	}
 	return created, nil
 }
@@ -97,7 +97,7 @@ func (a *Server) UpsertRole(ctx context.Context, role types.Role) (types.Role, e
 		},
 		ConnectionMetadata: authz.ConnectionMetadata(ctx),
 	}); err != nil {
-		log.WithError(err).Warnf("Failed to emit role create event.")
+		a.logger.WarnContext(ctx, "Failed to emit role create event.", "error", err)
 	}
 	return upserted, nil
 }
@@ -119,7 +119,10 @@ func (a *Server) DeleteRole(ctx context.Context, name string) error {
 		if slices.Contains(u.GetRoles(), name) {
 			// Mask the actual error here as it could be used to enumerate users
 			// within the system.
-			log.Warnf("Failed to delete role: role %v is used by user %v.", name, u.GetName())
+			a.logger.WarnContext(
+				ctx, "Failed to delete role: role is still in use by a user",
+				"role", name, "user", u.GetName(),
+			)
 			return trace.Wrap(errDeleteRoleUser)
 		}
 	}
@@ -129,11 +132,14 @@ func (a *Server) DeleteRole(ctx context.Context, name string) error {
 	if err != nil {
 		return trace.Wrap(err)
 	}
-	for _, a := range cas {
-		if slices.Contains(a.GetRoles(), name) {
+	for _, ca := range cas {
+		if slices.Contains(ca.GetRoles(), name) {
 			// Mask the actual error here as it could be used to enumerate users
 			// within the system.
-			log.Warnf("Failed to delete role: role %v is used by user cert authority %v", name, a.GetClusterName())
+			a.logger.WarnContext(
+				ctx, "Failed to delete role: role is still in use by a user cert authority",
+				"role", name, "ca", ca.GetClusterName(),
+			)
 			return trace.Wrap(errDeleteRoleCA)
 		}
 	}
@@ -149,17 +155,27 @@ func (a *Server) DeleteRole(ctx context.Context, name string) error {
 
 		for _, accessList := range accessLists {
 			if slices.Contains(accessList.Spec.Grants.Roles, name) {
-				log.Warnf("Failed to delete role: role %v is granted by access list %s", name, accessList.GetName())
+				a.logger.WarnContext(
+					ctx, "Failed to delete role: role is granted by access list",
+					"role", name, "access_list", accessList.GetName(),
+				)
 				return trace.Wrap(errDeleteRoleAccessList)
 			}
 
 			if slices.Contains(accessList.Spec.MembershipRequires.Roles, name) {
-				log.Warnf("Failed to delete role: role %v is required by members of access list %s", name, accessList.GetName())
+				a.logger.WarnContext(
+					ctx, "Failed to delete role: role is required by members of access list",
+					"role", name, "access_list", accessList.GetName(),
+				)
 				return trace.Wrap(errDeleteRoleAccessList)
 			}
 
 			if slices.Contains(accessList.Spec.OwnershipRequires.Roles, name) {
-				log.Warnf("Failed to delete role: role %v is required by owners of access list %s", name, accessList.GetName())
+				a.logger.WarnContext(
+					ctx,
+					"Failed to delete role: role is required by owners of access list",
+					"role", name, "access_list", accessList.GetName(),
+				)
 				return trace.Wrap(errDeleteRoleAccessList)
 			}
 		}
@@ -184,7 +200,7 @@ func (a *Server) DeleteRole(ctx context.Context, name string) error {
 		},
 		ConnectionMetadata: authz.ConnectionMetadata(ctx),
 	}); err != nil {
-		log.WithError(err).Warnf("Failed to emit role delete event.")
+		a.logger.WarnContext(ctx, "Failed to emit role delete event", "error", err)
 	}
 	return nil
 }
@@ -217,7 +233,7 @@ func (a *Server) UpsertLock(ctx context.Context, lock types.Lock) error {
 			Target: lock.Target(),
 		},
 	}); err != nil {
-		log.WithError(err).Warning("Failed to emit lock create event.")
+		a.logger.WarnContext(ctx, "Failed to emit lock create event.", "error", err)
 	}
 	return nil
 }
@@ -245,7 +261,7 @@ func (a *Server) DeleteLock(ctx context.Context, lockName string) error {
 			Target: lock.Target(),
 		},
 	}); err != nil {
-		log.WithError(err).Warning("Failed to emit lock delete event.")
+		a.logger.WarnContext(ctx, "Failed to emit lock delete event.", "error", err)
 	}
 	return nil
 }