From d572ccdb2a4b5d8b850f24da06e5caa4bc4a9730 Mon Sep 17 00:00:00 2001 From: Karl Persson Date: Wed, 4 Jan 2023 16:25:42 +0100 Subject: [PATCH] AuthN: tune logging (#60917) * AuthN: remove comment * AuthN: Only start trace if valid authentication client is used --- pkg/services/authn/authnimpl/service.go | 25 +++++-------------------- 1 file changed, 5 insertions(+), 20 deletions(-) diff --git a/pkg/services/authn/authnimpl/service.go b/pkg/services/authn/authnimpl/service.go index e156992c9a7..70d1324fbbd 100644 --- a/pkg/services/authn/authnimpl/service.go +++ b/pkg/services/authn/authnimpl/service.go @@ -77,43 +77,28 @@ type Service struct { } func (s *Service) Authenticate(ctx context.Context, client string, r *authn.Request) (*authn.Identity, bool, error) { - ctx, span := s.tracer.Start(ctx, "authn.Authenticate") - defer span.End() - - span.SetAttributes("authn.client", client, attribute.Key("authn.client").String(client)) - logger := s.log.FromContext(ctx) - c, ok := s.clients[client] if !ok { - logger.Debug("auth client not found", "client", client) - span.AddEvents([]string{"message"}, []tracing.EventValue{{Str: "auth client is not configured"}}) return nil, false, nil } if !c.Test(ctx, r) { - logger.Debug("auth client cannot handle request", "client", client) - span.AddEvents([]string{"message"}, []tracing.EventValue{{Str: "auth client cannot handle request"}}) return nil, false, nil } + ctx, span := s.tracer.Start(ctx, "authn.Authenticate") + defer span.End() + span.SetAttributes("authn.client", client, attribute.Key("authn.client").String(client)) + r.OrgID = orgIDFromRequest(r) identity, err := c.Authenticate(ctx, r) if err != nil { - logger.Warn("auth client could not authenticate request", "client", client, "error", err) + s.log.FromContext(ctx).Warn("auth client could not authenticate request", "client", client, "error", err) span.AddEvents([]string{"message"}, []tracing.EventValue{{Str: "auth client could not authenticate request"}}) return nil, true, err } - // FIXME: We want to perform common authentication operations here. - // We will add them as we start to implement clients that requires them. - // Those operations can be Syncing user, syncing teams, create a session etc. - // We would need to check what operations a client support and also if they are requested - // because for e.g. basic auth we want to create a session if the call is coming from the - // login handler, but if we want to perform basic auth during a request (called from contexthandler) we don't - // want a session to be created. - params := c.ClientParams() - for _, hook := range s.postAuthHooks { if err := hook(ctx, params, identity, r); err != nil { return nil, false, err