Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replace more Logrus usage with Slog #46757

Merged
merged 8 commits into from
Sep 19, 2024
Merged

Replace more Logrus usage with Slog #46757

Show file tree
Hide file tree
Changes from 6 commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
c9c8f60
Remove logrus from lib/auth/machineid
strideynet Sep 19, 2024
d4ed13b
Switch authclient.Config.Log and TunnelAuthDialerConfig.Log to Slog
strideynet Sep 19, 2024
d55f86c
Add *slog.Logger to auth.Server
strideynet Sep 19, 2024
74e0ed6
Remove logrus usage in `lib/auth/access.go`
strideynet Sep 19, 2024
648a35b
Replace logrus with slog in lib/auth/accountrecovery.go
strideynet Sep 19, 2024
4ddb45a
Replace logrus with slog in `lib/auth/apiserver.go`
strideynet Sep 19, 2024
144ea1e
Add missing logger to auth.Server
strideynet Sep 19, 2024
f6ee5b4
Fix test
strideynet Sep 19, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 4 additions & 3 deletions integration/tctl_terraform_env_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ import (
"bytes"
"context"
"encoding/base64"
"log/slog"
"os"
"path/filepath"
"strings"
Expand Down Expand Up @@ -235,7 +236,7 @@ func getAuthClientForProxy(t *testing.T, tc *helpers.TeleInstance, username stri
TLS: tlsConfig,
SSH: sshConfig,
AuthServers: []utils.NetAddr{*authAddr},
Log: utils.NewLoggerForTests(),
Log: utils.NewSlogLoggerForTests(),
CircuitBreakerConfig: breaker.Config{},
DialTimeout: 0,
DialOpts: nil,
Expand All @@ -258,7 +259,7 @@ func getAuthClientForProxy(t *testing.T, tc *helpers.TeleInstance, username stri
dialer, err := reversetunnelclient.NewTunnelAuthDialer(reversetunnelclient.TunnelAuthDialerConfig{
Resolver: resolver,
ClientConfig: clientConfig.SSH,
Log: clientConfig.Log,
Log: slog.Default(),
InsecureSkipTLSVerify: clientConfig.Insecure,
GetClusterCAs: client.ClusterCAsFromCertPool(clientConfig.TLS.RootCAs),
})
Expand Down Expand Up @@ -288,7 +289,7 @@ func getAuthClientForAuth(t *testing.T, tc *helpers.TeleInstance, username strin
clientConfig := &authclient.Config{
TLS: tlsConfig,
AuthServers: []utils.NetAddr{*authAddr},
Log: utils.NewLoggerForTests(),
Log: utils.NewSlogLoggerForTests(),
CircuitBreakerConfig: breaker.Config{},
DialTimeout: 0,
DialOpts: nil,
Expand Down
42 changes: 29 additions & 13 deletions lib/auth/access.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ func (a *Server) CreateRole(ctx context.Context, role types.Role) (types.Role, e
},
ConnectionMetadata: authz.ConnectionMetadata(ctx),
}); err != nil {
log.WithError(err).Warnf("Failed to emit role create event.")
a.logger.WarnContext(ctx, "Failed to emit role create event.", "error", err)
}
return created, nil
}
Expand All @@ -74,7 +74,7 @@ func (a *Server) UpdateRole(ctx context.Context, role types.Role) (types.Role, e
},
ConnectionMetadata: authz.ConnectionMetadata(ctx),
}); err != nil {
log.WithError(err).Warnf("Failed to emit role create event.")
a.logger.WarnContext(ctx, "Failed to emit role update event.", "error", err)
}
return created, nil
}
Expand All @@ -97,7 +97,7 @@ func (a *Server) UpsertRole(ctx context.Context, role types.Role) (types.Role, e
},
ConnectionMetadata: authz.ConnectionMetadata(ctx),
}); err != nil {
log.WithError(err).Warnf("Failed to emit role create event.")
a.logger.WarnContext(ctx, "Failed to emit role create event.", "error", err)
}
return upserted, nil
}
Expand All @@ -119,7 +119,10 @@ func (a *Server) DeleteRole(ctx context.Context, name string) error {
if slices.Contains(u.GetRoles(), name) {
// Mask the actual error here as it could be used to enumerate users
// within the system.
log.Warnf("Failed to delete role: role %v is used by user %v.", name, u.GetName())
a.logger.WarnContext(
ctx, "Failed to delete role: role is still in use by a user",
"role", name, "user", u.GetName(),
)
return trace.Wrap(errDeleteRoleUser)
}
}
Expand All @@ -129,11 +132,14 @@ func (a *Server) DeleteRole(ctx context.Context, name string) error {
if err != nil {
return trace.Wrap(err)
}
for _, a := range cas {
if slices.Contains(a.GetRoles(), name) {
for _, ca := range cas {
if slices.Contains(ca.GetRoles(), name) {
// Mask the actual error here as it could be used to enumerate users
// within the system.
log.Warnf("Failed to delete role: role %v is used by user cert authority %v", name, a.GetClusterName())
a.logger.WarnContext(
ctx, "Failed to delete role: role is still in use by a user cert authority",
"role", name, "ca", ca.GetClusterName(),
)
return trace.Wrap(errDeleteRoleCA)
}
}
Expand All @@ -149,17 +155,27 @@ func (a *Server) DeleteRole(ctx context.Context, name string) error {

for _, accessList := range accessLists {
if slices.Contains(accessList.Spec.Grants.Roles, name) {
log.Warnf("Failed to delete role: role %v is granted by access list %s", name, accessList.GetName())
a.logger.WarnContext(
ctx, "Failed to delete role: role is granted by access list",
"role", name, "access_list", accessList.GetName(),
)
return trace.Wrap(errDeleteRoleAccessList)
}

if slices.Contains(accessList.Spec.MembershipRequires.Roles, name) {
log.Warnf("Failed to delete role: role %v is required by members of access list %s", name, accessList.GetName())
a.logger.WarnContext(
ctx, "Failed to delete role: role is required by members of access list",
"role", name, "access_list", accessList.GetName(),
)
return trace.Wrap(errDeleteRoleAccessList)
}

if slices.Contains(accessList.Spec.OwnershipRequires.Roles, name) {
log.Warnf("Failed to delete role: role %v is required by owners of access list %s", name, accessList.GetName())
a.logger.WarnContext(
ctx,
"Failed to delete role: role is required by owners of access list",
"role", name, "access_list", accessList.GetName(),
)
return trace.Wrap(errDeleteRoleAccessList)
}
}
Expand All @@ -184,7 +200,7 @@ func (a *Server) DeleteRole(ctx context.Context, name string) error {
},
ConnectionMetadata: authz.ConnectionMetadata(ctx),
}); err != nil {
log.WithError(err).Warnf("Failed to emit role delete event.")
a.logger.WarnContext(ctx, "Failed to emit role delete event", "error", err)
}
return nil
}
Expand Down Expand Up @@ -217,7 +233,7 @@ func (a *Server) UpsertLock(ctx context.Context, lock types.Lock) error {
Target: lock.Target(),
},
}); err != nil {
log.WithError(err).Warning("Failed to emit lock create event.")
a.logger.WarnContext(ctx, "Failed to emit lock create event.", "error", err)
}
return nil
}
Expand Down Expand Up @@ -245,7 +261,7 @@ func (a *Server) DeleteLock(ctx context.Context, lockName string) error {
Target: lock.Target(),
},
}); err != nil {
log.WithError(err).Warning("Failed to emit lock delete event.")
a.logger.WarnContext(ctx, "Failed to emit lock delete event.", "error", err)
}
return nil
}
Loading
Loading