mirror of
https://github.com/grafana/grafana.git
synced 2025-01-16 11:42:35 -06:00
Chore: capitalise log message for auth packages (#74332)
This commit is contained in:
Serge Zaitsev
GitHub
parent
58f6648505
commit
8187d8cb66
@ -109,7 +109,7 @@ func (s *SocialAzureAD) UserInfo(ctx context.Context, client *http.Client, token
|
||||
}
|
||||
|
||||
if s.allowAssignGrafanaAdmin && s.skipOrgRoleSync {
|
||||
s.log.Debug("allowAssignGrafanaAdmin and skipOrgRoleSync are both set, Grafana Admin role will not be synced, consider setting one or the other")
|
||||
s.log.Debug("AllowAssignGrafanaAdmin and skipOrgRoleSync are both set, Grafana Admin role will not be synced, consider setting one or the other")
|
||||
}
|
||||
|
||||
return &BasicUserInfo{
|
||||
@ -260,7 +260,7 @@ type getAzureGroupResponse struct {
|
||||
// See https://docs.microsoft.com/en-us/azure/active-directory/develop/id-tokens#groups-overage-claim
|
||||
func (s *SocialAzureAD) extractGroups(ctx context.Context, client *http.Client, claims *azureClaims, token *oauth2.Token) ([]string, error) {
|
||||
if !s.forceUseGraphAPI {
|
||||
s.log.Debug("checking the claim for groups")
|
||||
s.log.Debug("Checking the claim for groups")
|
||||
if len(claims.Groups) > 0 {
|
||||
return claims.Groups, nil
|
||||
}
|
||||
|
||||
@ -172,7 +172,7 @@ func (s *SocialGenericOAuth) UserInfo(ctx context.Context, client *http.Client,
|
||||
}
|
||||
|
||||
if s.allowAssignGrafanaAdmin && s.skipOrgRoleSync {
|
||||
s.log.Debug("allowAssignGrafanaAdmin and skipOrgRoleSync are both set, Grafana Admin role will not be synced, consider setting one or the other")
|
||||
s.log.Debug("AllowAssignGrafanaAdmin and skipOrgRoleSync are both set, Grafana Admin role will not be synced, consider setting one or the other")
|
||||
}
|
||||
|
||||
if userInfo.Email == "" {
|
||||
|
||||
@ -231,7 +231,7 @@ func (s *SocialGithub) UserInfo(ctx context.Context, client *http.Client, token
|
||||
|
||||
// we skip allowing assignment of GrafanaAdmin if skipOrgRoleSync is present
|
||||
if s.allowAssignGrafanaAdmin && s.skipOrgRoleSync {
|
||||
s.log.Debug("allowAssignGrafanaAdmin and skipOrgRoleSync are both set, Grafana Admin role will not be synced, consider setting one or the other")
|
||||
s.log.Debug("AllowAssignGrafanaAdmin and skipOrgRoleSync are both set, Grafana Admin role will not be synced, consider setting one or the other")
|
||||
}
|
||||
|
||||
userInfo := &BasicUserInfo{
|
||||
|
||||
@ -173,7 +173,7 @@ func (s *SocialGitlab) UserInfo(ctx context.Context, client *http.Client, token
|
||||
}
|
||||
|
||||
if s.allowAssignGrafanaAdmin && s.skipOrgRoleSync {
|
||||
s.log.Debug("allowAssignGrafanaAdmin and skipOrgRoleSync are both set, Grafana Admin role will not be synced, consider setting one or the other")
|
||||
s.log.Debug("AllowAssignGrafanaAdmin and skipOrgRoleSync are both set, Grafana Admin role will not be synced, consider setting one or the other")
|
||||
}
|
||||
|
||||
return userInfo, nil
|
||||
|
||||
@ -93,7 +93,7 @@ func (s *SocialOkta) UserInfo(ctx context.Context, client *http.Client, token *o
|
||||
}
|
||||
}
|
||||
if s.allowAssignGrafanaAdmin && s.skipOrgRoleSync {
|
||||
s.log.Debug("allowAssignGrafanaAdmin and skipOrgRoleSync are both set, Grafana Admin role will not be synced, consider setting one or the other")
|
||||
s.log.Debug("AllowAssignGrafanaAdmin and skipOrgRoleSync are both set, Grafana Admin role will not be synced, consider setting one or the other")
|
||||
}
|
||||
|
||||
return &BasicUserInfo{
|
||||
|
||||
@ -116,7 +116,7 @@ func HasGlobalAccess(ac AccessControl, service Service, c *contextmodel.ReqConte
|
||||
if userCopy.Permissions[GlobalOrgID] == nil {
|
||||
permissions, err := service.GetUserPermissions(c.Req.Context(), &userCopy, Options{})
|
||||
if err != nil {
|
||||
c.Logger.Error("failed fetching permissions for user", "userID", userCopy.UserID, "error", err)
|
||||
c.Logger.Error("Failed fetching permissions for user", "userID", userCopy.UserID, "error", err)
|
||||
}
|
||||
userCopy.Permissions[GlobalOrgID] = GroupScopesByAction(permissions)
|
||||
}
|
||||
|
||||
@ -34,13 +34,13 @@ func (a *AccessControl) Evaluate(ctx context.Context, user identity.Requester, e
|
||||
metrics.MAccessEvaluationCount.Inc()
|
||||
|
||||
if user == nil || user.IsNil() {
|
||||
a.log.Warn("no entity set for access control evaluation")
|
||||
a.log.Warn("No entity set for access control evaluation")
|
||||
return false, nil
|
||||
}
|
||||
|
||||
namespace, identifier := user.GetNamespacedID()
|
||||
if len(user.GetPermissions()) == 0 {
|
||||
a.log.Warn("no permissions set for entity", "namespace", namespace, "id", identifier, "orgID", user.GetOrgID(), "login", user.GetLogin())
|
||||
a.log.Warn("No permissions set for entity", "namespace", namespace, "id", identifier, "orgID", user.GetOrgID(), "login", user.GetLogin())
|
||||
return false, nil
|
||||
}
|
||||
|
||||
|
||||
@ -151,18 +151,18 @@ func (s *Service) getCachedUserPermissions(ctx context.Context, user identity.Re
|
||||
if !options.ReloadCache {
|
||||
permissions, ok := s.cache.Get(key)
|
||||
if ok {
|
||||
s.log.Debug("using cached permissions", "key", key)
|
||||
s.log.Debug("Using cached permissions", "key", key)
|
||||
return permissions.([]accesscontrol.Permission), nil
|
||||
}
|
||||
}
|
||||
|
||||
s.log.Debug("fetch permissions from store", "key", key)
|
||||
s.log.Debug("Fetch permissions from store", "key", key)
|
||||
permissions, err := s.getUserPermissions(ctx, user, options)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
s.log.Debug("cache permissions", "key", key)
|
||||
s.log.Debug("Cache permissions", "key", key)
|
||||
s.cache.Set(key, permissions, cacheTTL)
|
||||
|
||||
return permissions, nil
|
||||
@ -386,7 +386,7 @@ func (s *Service) searchUserPermissionsFromCache(orgID int64, searchOptions acce
|
||||
}
|
||||
key, err := permissionCacheKey(tempUser)
|
||||
if err != nil {
|
||||
s.log.Debug("could not obtain cache key to search user permissions", "error", err.Error())
|
||||
s.log.Debug("Could not obtain cache key to search user permissions", "error", err.Error())
|
||||
return nil, false
|
||||
}
|
||||
|
||||
@ -395,7 +395,7 @@ func (s *Service) searchUserPermissionsFromCache(orgID int64, searchOptions acce
|
||||
return nil, false
|
||||
}
|
||||
|
||||
s.log.Debug("using cached permissions", "key", key)
|
||||
s.log.Debug("Using cached permissions", "key", key)
|
||||
filteredPermissions := make([]accesscontrol.Permission, 0)
|
||||
for _, permission := range permissions.([]accesscontrol.Permission) {
|
||||
if PermissionMatchesSearchOptions(permission, searchOptions) {
|
||||
@ -418,7 +418,7 @@ func PermissionMatchesSearchOptions(permission accesscontrol.Permission, searchO
|
||||
|
||||
func (s *Service) SaveExternalServiceRole(ctx context.Context, cmd accesscontrol.SaveExternalServiceRoleCommand) error {
|
||||
if !s.features.IsEnabled(featuremgmt.FlagExternalServiceAuth) {
|
||||
s.log.Debug("registering an external service role is behind a feature flag, enable it to use this feature.")
|
||||
s.log.Debug("Registering an external service role is behind a feature flag, enable it to use this feature.")
|
||||
return nil
|
||||
}
|
||||
|
||||
@ -431,7 +431,7 @@ func (s *Service) SaveExternalServiceRole(ctx context.Context, cmd accesscontrol
|
||||
|
||||
func (s *Service) DeleteExternalServiceRole(ctx context.Context, externalServiceID string) error {
|
||||
if !s.features.IsEnabled(featuremgmt.FlagExternalServiceAuth) {
|
||||
s.log.Debug("deleting an external service role is behind a feature flag, enable it to use this feature.")
|
||||
s.log.Debug("Deleting an external service role is behind a feature flag, enable it to use this feature.")
|
||||
return nil
|
||||
}
|
||||
|
||||
|
||||
@ -71,7 +71,7 @@ func match(scope, target string) bool {
|
||||
//Prefix match
|
||||
if last == '*' {
|
||||
if strings.HasPrefix(target, prefix) {
|
||||
logger.Debug("matched scope", "user scope", scope, "target scope", target)
|
||||
logger.Debug("Matched scope", "user scope", scope, "target scope", target)
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
||||
@ -25,12 +25,12 @@ func MigrateScopeSplit(db db.DB, log log.Logger) error {
|
||||
if errFind := db.WithTransactionalDbSession(ctx, func(sess *sqlstore.DBSession) error {
|
||||
return sess.SQL("SELECT * FROM permission WHERE NOT scope = '' AND identifier = ''").Find(&permissions)
|
||||
}); errFind != nil {
|
||||
log.Error("could not search for permissions to update", "migration", "scopeSplit", "error", errFind)
|
||||
log.Error("Could not search for permissions to update", "migration", "scopeSplit", "error", errFind)
|
||||
return errFind
|
||||
}
|
||||
|
||||
if len(permissions) == 0 {
|
||||
log.Debug("no permission require a scope split", "migration", "scopeSplit")
|
||||
log.Debug("No permission require a scope split", "migration", "scopeSplit")
|
||||
return nil
|
||||
}
|
||||
|
||||
@ -68,16 +68,16 @@ func MigrateScopeSplit(db db.DB, log log.Logger) error {
|
||||
// Batch update the permissions
|
||||
if errBatchUpdate := db.GetSqlxSession().WithTransaction(ctx, func(tx *session.SessionTx) error {
|
||||
if _, errDel := tx.Exec(ctx, delQuery, delArgs...); errDel != nil {
|
||||
log.Error("error deleting permissions", "migration", "scopeSplit", "error", errDel)
|
||||
log.Error("Error deleting permissions", "migration", "scopeSplit", "error", errDel)
|
||||
return errDel
|
||||
}
|
||||
if _, errInsert := tx.Exec(ctx, insertQuery, insertArgs...); errInsert != nil {
|
||||
log.Error("error saving permissions", "migration", "scopeSplit", "error", errInsert)
|
||||
log.Error("Error saving permissions", "migration", "scopeSplit", "error", errInsert)
|
||||
return errInsert
|
||||
}
|
||||
return nil
|
||||
}); errBatchUpdate != nil {
|
||||
log.Error("error updating permission batch", "migration", "scopeSplit", "start", start, "end", end)
|
||||
log.Error("Error updating permission batch", "migration", "scopeSplit", "start", start, "end", end)
|
||||
return errBatchUpdate
|
||||
}
|
||||
|
||||
@ -85,11 +85,11 @@ func MigrateScopeSplit(db db.DB, log log.Logger) error {
|
||||
return nil
|
||||
})
|
||||
if errBatchUpdate != nil {
|
||||
log.Error("could not migrate permissions", "migration", "scopeSplit", "total", len(permissions), "succeeded", cnt, "left", len(permissions)-cnt, "error", errBatchUpdate)
|
||||
log.Error("Could not migrate permissions", "migration", "scopeSplit", "total", len(permissions), "succeeded", cnt, "left", len(permissions)-cnt, "error", errBatchUpdate)
|
||||
return errBatchUpdate
|
||||
}
|
||||
|
||||
log.Debug("migrated permissions", "migration", "scopeSplit", "total", len(permissions), "succeeded", cnt, "in", time.Since(t))
|
||||
log.Debug("Migrated permissions", "migration", "scopeSplit", "total", len(permissions), "succeeded", cnt, "in", time.Since(t))
|
||||
return nil
|
||||
}
|
||||
|
||||
|
||||
@ -44,7 +44,7 @@ type Resolvers struct {
|
||||
}
|
||||
|
||||
func (s *Resolvers) AddScopeAttributeResolver(prefix string, resolver ScopeAttributeResolver) {
|
||||
s.log.Debug("adding scope attribute resolver", "prefix", prefix)
|
||||
s.log.Debug("Adding scope attribute resolver", "prefix", prefix)
|
||||
s.attributeResolvers[prefix] = resolver
|
||||
}
|
||||
|
||||
@ -54,7 +54,7 @@ func (s *Resolvers) GetScopeAttributeMutator(orgID int64) ScopeAttributeMutator
|
||||
// Check cache before computing the scope
|
||||
if cachedScope, ok := s.cache.Get(key); ok {
|
||||
scopes := cachedScope.([]string)
|
||||
s.log.Debug("used cache to resolve scope", "scope", scope, "resolved_scopes", scopes)
|
||||
s.log.Debug("Used cache to resolve scope", "scope", scope, "resolved_scopes", scopes)
|
||||
return scopes, nil
|
||||
}
|
||||
|
||||
@ -66,7 +66,7 @@ func (s *Resolvers) GetScopeAttributeMutator(orgID int64) ScopeAttributeMutator
|
||||
}
|
||||
// Cache result
|
||||
s.cache.Set(key, scopes, ttl)
|
||||
s.log.Debug("resolved scope", "scope", scope, "resolved_scopes", scopes)
|
||||
s.log.Debug("Resolved scope", "scope", scope, "resolved_scopes", scopes)
|
||||
return scopes, nil
|
||||
}
|
||||
return nil, ErrResolverNotFound
|
||||
|
||||
@ -138,7 +138,7 @@ func (a *AnonDeviceService) tagDeviceUI(ctx context.Context, httpReq *http.Reque
|
||||
}
|
||||
|
||||
if setting.Env == setting.Dev {
|
||||
a.log.Debug("tagging device for UI", "deviceID", deviceID, "device", device, "key", key)
|
||||
a.log.Debug("Tagging device for UI", "deviceID", deviceID, "device", device, "key", key)
|
||||
}
|
||||
|
||||
if _, ok := a.localCache.Get(key); ok {
|
||||
@ -177,7 +177,7 @@ func (a *AnonDeviceService) TagDevice(ctx context.Context, httpReq *http.Request
|
||||
addr := web.RemoteAddr(httpReq)
|
||||
ip, err := network.GetIPFromAddress(addr)
|
||||
if err != nil {
|
||||
a.log.Debug("failed to parse ip from address", "addr", addr)
|
||||
a.log.Debug("Failed to parse ip from address", "addr", addr)
|
||||
return nil
|
||||
}
|
||||
|
||||
@ -195,7 +195,7 @@ func (a *AnonDeviceService) TagDevice(ctx context.Context, httpReq *http.Request
|
||||
|
||||
err = a.tagDeviceUI(ctx, httpReq, *taggedDevice)
|
||||
if err != nil {
|
||||
a.log.Debug("failed to tag device for UI", "error", err)
|
||||
a.log.Debug("Failed to tag device for UI", "error", err)
|
||||
}
|
||||
|
||||
key, err := taggedDevice.Key()
|
||||
@ -204,7 +204,7 @@ func (a *AnonDeviceService) TagDevice(ctx context.Context, httpReq *http.Request
|
||||
}
|
||||
|
||||
if setting.Env == setting.Dev {
|
||||
a.log.Debug("tagging device", "device", taggedDevice, "key", key)
|
||||
a.log.Debug("Tagging device", "device", taggedDevice, "key", key)
|
||||
}
|
||||
|
||||
if _, ok := a.localCache.Get(key); ok {
|
||||
|
||||
@ -102,7 +102,7 @@ func (s *UserAuthTokenService) CreateToken(ctx context.Context, user *user.User,
|
||||
userAuthToken.UnhashedToken = token
|
||||
|
||||
ctxLogger := s.log.FromContext(ctx)
|
||||
ctxLogger.Debug("user auth token created", "tokenId", userAuthToken.Id, "userId", userAuthToken.UserId, "clientIP", userAuthToken.ClientIp, "userAgent", userAuthToken.UserAgent, "authToken", userAuthToken.AuthToken)
|
||||
ctxLogger.Debug("User auth token created", "tokenId", userAuthToken.Id, "userId", userAuthToken.UserId, "clientIP", userAuthToken.ClientIp, "userAgent", userAuthToken.UserAgent, "authToken", userAuthToken.AuthToken)
|
||||
|
||||
var userToken auth.UserToken
|
||||
err = userAuthToken.toUserToken(&userToken)
|
||||
@ -134,7 +134,7 @@ func (s *UserAuthTokenService) LookupToken(ctx context.Context, unhashedToken st
|
||||
ctxLogger := s.log.FromContext(ctx)
|
||||
|
||||
if model.RevokedAt > 0 {
|
||||
ctxLogger.Debug("user token has been revoked", "user ID", model.UserId, "token ID", model.Id)
|
||||
ctxLogger.Debug("User token has been revoked", "user ID", model.UserId, "token ID", model.Id)
|
||||
return nil, &auth.TokenRevokedError{
|
||||
UserID: model.UserId,
|
||||
TokenID: model.Id,
|
||||
@ -142,7 +142,7 @@ func (s *UserAuthTokenService) LookupToken(ctx context.Context, unhashedToken st
|
||||
}
|
||||
|
||||
if model.CreatedAt <= s.createdAfterParam() || model.RotatedAt <= s.rotatedAfterParam() {
|
||||
ctxLogger.Debug("user token has expired", "user ID", model.UserId, "token ID", model.Id)
|
||||
ctxLogger.Debug("User token has expired", "user ID", model.UserId, "token ID", model.Id)
|
||||
return nil, &auth.TokenExpiredError{
|
||||
UserID: model.UserId,
|
||||
TokenID: model.Id,
|
||||
@ -170,9 +170,9 @@ func (s *UserAuthTokenService) LookupToken(ctx context.Context, unhashedToken st
|
||||
}
|
||||
|
||||
if affectedRows == 0 {
|
||||
ctxLogger.Debug("prev seen token unchanged", "tokenId", model.Id, "userId", model.UserId, "clientIP", model.ClientIp, "userAgent", model.UserAgent, "authToken", model.AuthToken)
|
||||
ctxLogger.Debug("Prev seen token unchanged", "tokenId", model.Id, "userId", model.UserId, "clientIP", model.ClientIp, "userAgent", model.UserAgent, "authToken", model.AuthToken)
|
||||
} else {
|
||||
ctxLogger.Debug("prev seen token", "tokenId", model.Id, "userId", model.UserId, "clientIP", model.ClientIp, "userAgent", model.UserAgent, "authToken", model.AuthToken)
|
||||
ctxLogger.Debug("Prev seen token", "tokenId", model.Id, "userId", model.UserId, "clientIP", model.ClientIp, "userAgent", model.UserAgent, "authToken", model.AuthToken)
|
||||
}
|
||||
}
|
||||
|
||||
@ -196,9 +196,9 @@ func (s *UserAuthTokenService) LookupToken(ctx context.Context, unhashedToken st
|
||||
}
|
||||
|
||||
if affectedRows == 0 {
|
||||
ctxLogger.Debug("seen wrong token", "tokenId", model.Id, "userId", model.UserId, "clientIP", model.ClientIp, "userAgent", model.UserAgent, "authToken", model.AuthToken)
|
||||
ctxLogger.Debug("Seen wrong token", "tokenId", model.Id, "userId", model.UserId, "clientIP", model.ClientIp, "userAgent", model.UserAgent, "authToken", model.AuthToken)
|
||||
} else {
|
||||
ctxLogger.Debug("seen token", "tokenId", model.Id, "userId", model.UserId, "clientIP", model.ClientIp, "userAgent", model.UserAgent, "authToken", model.AuthToken)
|
||||
ctxLogger.Debug("Seen token", "tokenId", model.Id, "userId", model.UserId, "clientIP", model.ClientIp, "userAgent", model.UserAgent, "authToken", model.AuthToken)
|
||||
}
|
||||
}
|
||||
|
||||
@ -326,7 +326,7 @@ func (s *UserAuthTokenService) TryRotateToken(ctx context.Context, token *auth.U
|
||||
}
|
||||
|
||||
ctxLogger := s.log.FromContext(ctx)
|
||||
ctxLogger.Debug("token needs rotation", "tokenId", model.Id, "authTokenSeen", model.AuthTokenSeen, "rotatedAt", rotatedAt)
|
||||
ctxLogger.Debug("Token needs rotation", "tokenId", model.Id, "authTokenSeen", model.AuthTokenSeen, "rotatedAt", rotatedAt)
|
||||
|
||||
clientIPStr := clientIP.String()
|
||||
if len(clientIP) == 0 {
|
||||
@ -369,7 +369,7 @@ func (s *UserAuthTokenService) TryRotateToken(ctx context.Context, token *auth.U
|
||||
}
|
||||
|
||||
if affected > 0 {
|
||||
ctxLogger.Debug("auth token rotated", "affected", affected, "auth_token_id", model.Id, "userId", model.UserId)
|
||||
ctxLogger.Debug("Auth token rotated", "affected", affected, "auth_token_id", model.Id, "userId", model.UserId)
|
||||
model.UnhashedToken = newToken
|
||||
var result auth.UserToken
|
||||
if err := model.toUserToken(&result); err != nil {
|
||||
@ -425,11 +425,11 @@ func (s *UserAuthTokenService) RevokeToken(ctx context.Context, token *auth.User
|
||||
ctxLogger := s.log.FromContext(ctx)
|
||||
|
||||
if rowsAffected == 0 {
|
||||
ctxLogger.Debug("user auth token not found/revoked", "tokenId", model.Id, "userId", model.UserId, "clientIP", model.ClientIp, "userAgent", model.UserAgent)
|
||||
ctxLogger.Debug("User auth token not found/revoked", "tokenId", model.Id, "userId", model.UserId, "clientIP", model.ClientIp, "userAgent", model.UserAgent)
|
||||
return auth.ErrUserTokenNotFound
|
||||
}
|
||||
|
||||
ctxLogger.Debug("user auth token revoked", "tokenId", model.Id, "userId", model.UserId, "clientIP", model.ClientIp, "userAgent", model.UserAgent, "soft", soft)
|
||||
ctxLogger.Debug("User auth token revoked", "tokenId", model.Id, "userId", model.UserId, "clientIP", model.ClientIp, "userAgent", model.UserAgent, "soft", soft)
|
||||
|
||||
return nil
|
||||
}
|
||||
@ -447,7 +447,7 @@ func (s *UserAuthTokenService) RevokeAllUserTokens(ctx context.Context, userId i
|
||||
return err
|
||||
}
|
||||
|
||||
s.log.FromContext(ctx).Debug("all user tokens for user revoked", "userId", userId, "count", affected)
|
||||
s.log.FromContext(ctx).Debug("All user tokens for user revoked", "userId", userId, "count", affected)
|
||||
|
||||
return err
|
||||
})
|
||||
@ -477,7 +477,7 @@ func (s *UserAuthTokenService) BatchRevokeAllUserTokens(ctx context.Context, use
|
||||
return err
|
||||
}
|
||||
|
||||
s.log.FromContext(ctx).Debug("all user tokens for given users revoked", "usersCount", len(userIds), "count", affected)
|
||||
s.log.FromContext(ctx).Debug("All user tokens for given users revoked", "usersCount", len(userIds), "count", affected)
|
||||
|
||||
return err
|
||||
})
|
||||
|
||||
@ -18,7 +18,7 @@ func (s *UserAuthTokenService) Run(ctx context.Context) error {
|
||||
}
|
||||
})
|
||||
if err != nil {
|
||||
s.log.Error("failed to lock and execute cleanup of expired auth token", "error", err)
|
||||
s.log.Error("Failed to lock and execute cleanup of expired auth token", "error", err)
|
||||
}
|
||||
|
||||
for {
|
||||
@ -30,7 +30,7 @@ func (s *UserAuthTokenService) Run(ctx context.Context) error {
|
||||
}
|
||||
})
|
||||
if err != nil {
|
||||
s.log.Error("failed to lock and execute cleanup of expired auth token", "error", err)
|
||||
s.log.Error("Failed to lock and execute cleanup of expired auth token", "error", err)
|
||||
}
|
||||
|
||||
case <-ctx.Done():
|
||||
@ -43,7 +43,7 @@ func (s *UserAuthTokenService) deleteExpiredTokens(ctx context.Context, maxInact
|
||||
createdBefore := getTime().Add(-maxLifetime)
|
||||
rotatedBefore := getTime().Add(-maxInactiveLifetime)
|
||||
|
||||
s.log.Debug("starting cleanup of expired auth tokens", "createdBefore", createdBefore, "rotatedBefore", rotatedBefore)
|
||||
s.log.Debug("Starting cleanup of expired auth tokens", "createdBefore", createdBefore, "rotatedBefore", rotatedBefore)
|
||||
|
||||
var affected int64
|
||||
err := s.sqlStore.WithDbSession(ctx, func(dbSession *db.Session) error {
|
||||
@ -55,11 +55,11 @@ func (s *UserAuthTokenService) deleteExpiredTokens(ctx context.Context, maxInact
|
||||
|
||||
affected, err = res.RowsAffected()
|
||||
if err != nil {
|
||||
s.log.Error("failed to cleanup expired auth tokens", "error", err)
|
||||
s.log.Error("Failed to cleanup expired auth tokens", "error", err)
|
||||
return nil
|
||||
}
|
||||
|
||||
s.log.Debug("cleanup of expired auth tokens done", "count", affected)
|
||||
s.log.Debug("Cleanup of expired auth tokens done", "count", affected)
|
||||
|
||||
return nil
|
||||
})
|
||||
|
||||
@ -33,7 +33,7 @@ func (s *PermissionsSync) SyncPermissionsHook(ctx context.Context, identity *aut
|
||||
permissions, err := s.ac.GetUserPermissions(ctx, identity.SignedInUser(),
|
||||
accesscontrol.Options{ReloadCache: false})
|
||||
if err != nil {
|
||||
s.log.FromContext(ctx).Error("failed to fetch permissions from db", "error", err, "user_id", identity.ID)
|
||||
s.log.FromContext(ctx).Error("Failed to fetch permissions from db", "error", err, "user_id", identity.ID)
|
||||
return errSyncPermissionsForbidden
|
||||
}
|
||||
|
||||
|
||||
@ -40,7 +40,7 @@ func (a *Anonymous) Name() string {
|
||||
func (a *Anonymous) Authenticate(ctx context.Context, r *authn.Request) (*authn.Identity, error) {
|
||||
o, err := a.orgService.GetByName(ctx, &org.GetOrgByNameQuery{Name: a.cfg.AnonymousOrgName})
|
||||
if err != nil {
|
||||
a.log.FromContext(ctx).Error("failed to find organization", "name", a.cfg.AnonymousOrgName, "error", err)
|
||||
a.log.FromContext(ctx).Error("Failed to find organization", "name", a.cfg.AnonymousOrgName, "error", err)
|
||||
return nil, err
|
||||
}
|
||||
|
||||
@ -54,14 +54,14 @@ func (a *Anonymous) Authenticate(ctx context.Context, r *authn.Request) (*authn.
|
||||
go func() {
|
||||
defer func() {
|
||||
if err := recover(); err != nil {
|
||||
a.log.Warn("tag anon session panic", "err", err)
|
||||
a.log.Warn("Tag anon session panic", "err", err)
|
||||
}
|
||||
}()
|
||||
|
||||
newCtx, cancel := context.WithTimeout(context.Background(), timeoutTag)
|
||||
defer cancel()
|
||||
if err := a.anonDeviceService.TagDevice(newCtx, httpReqCopy, anonymous.AnonDevice); err != nil {
|
||||
a.log.Warn("failed to tag anonymous session", "error", err)
|
||||
a.log.Warn("Failed to tag anonymous session", "error", err)
|
||||
}
|
||||
}()
|
||||
|
||||
|
||||
@ -155,11 +155,11 @@ func (s *APIKey) Hook(ctx context.Context, identity *authn.Identity, r *authn.Re
|
||||
go func(apikeyID int64) {
|
||||
defer func() {
|
||||
if err := recover(); err != nil {
|
||||
s.log.Error("panic during user last seen sync", "err", err)
|
||||
s.log.Error("Panic during user last seen sync", "err", err)
|
||||
}
|
||||
}()
|
||||
if err := s.apiKeyService.UpdateAPIKeyLastUsedDate(context.Background(), apikeyID); err != nil {
|
||||
s.log.Warn("failed to update last use date for api key", "id", apikeyID)
|
||||
s.log.Warn("Failed to update last use date for api key", "id", apikeyID)
|
||||
}
|
||||
}(id)
|
||||
|
||||
|
||||
@ -75,7 +75,7 @@ func (c *LDAP) AuthenticatePassword(ctx context.Context, r *authn.Request, usern
|
||||
|
||||
// disableUser will disable users if they logged in via LDAP previously
|
||||
func (c *LDAP) disableUser(ctx context.Context, username string) (*authn.Identity, error) {
|
||||
c.logger.Debug("user was not found in the LDAP directory tree", "username", username)
|
||||
c.logger.Debug("User was not found in the LDAP directory tree", "username", username)
|
||||
retErr := errIdentityNotFound.Errorf("no user found: %w", multildap.ErrDidNotFindUser)
|
||||
|
||||
// Retrieve the user from store based on the login
|
||||
@ -98,7 +98,7 @@ func (c *LDAP) disableUser(ctx context.Context, username string) (*authn.Identit
|
||||
}
|
||||
|
||||
// Disable the user
|
||||
c.logger.Debug("user was removed from the LDAP directory tree, disabling it", "username", username, "authID", authinfo.AuthId)
|
||||
c.logger.Debug("User was removed from the LDAP directory tree, disabling it", "username", username, "authID", authinfo.AuthId)
|
||||
if errDisable := c.userService.Disable(ctx, &user.DisableUserCommand{UserID: dbUser.ID, IsDisabled: true}); errDisable != nil {
|
||||
return nil, errDisable
|
||||
}
|
||||
|
||||
@ -87,7 +87,7 @@ func (c *Proxy) Authenticate(ctx context.Context, r *authn.Request) (*authn.Iden
|
||||
if entry, err := c.cache.Get(ctx, cacheKey); err == nil {
|
||||
uid, err := strconv.ParseInt(string(entry), 10, 64)
|
||||
if err != nil {
|
||||
c.log.FromContext(ctx).Warn("failed to parse user id from cache", "error", err, "userId", string(entry))
|
||||
c.log.FromContext(ctx).Warn("Failed to parse user id from cache", "error", err, "userId", string(entry))
|
||||
} else {
|
||||
usr, err := c.userSrv.GetSignedInUserWithCacheCtx(ctx, &user.GetSignedInUserQuery{
|
||||
UserID: uid,
|
||||
@ -142,7 +142,7 @@ func (c *Proxy) Hook(ctx context.Context, identity *authn.Identity, r *authn.Req
|
||||
c.log.FromContext(ctx).Debug("Cache proxy user", "userId", id)
|
||||
bytes := []byte(strconv.FormatInt(id, 10))
|
||||
if err := c.cache.Set(ctx, identity.ClientParams.CacheAuthProxyKey, bytes, time.Duration(c.cfg.AuthProxySyncTTL)*time.Minute); err != nil {
|
||||
c.log.Warn("failed to cache proxy user", "error", err, "userId", id)
|
||||
c.log.Warn("Failed to cache proxy user", "error", err, "userId", id)
|
||||
}
|
||||
|
||||
return nil
|
||||
|
||||
@ -78,14 +78,14 @@ func (s *Session) Authenticate(ctx context.Context, r *authn.Request) (*authn.Id
|
||||
go func() {
|
||||
defer func() {
|
||||
if err := recover(); err != nil {
|
||||
s.log.Warn("tag anon session panic", "err", err)
|
||||
s.log.Warn("Tag anon session panic", "err", err)
|
||||
}
|
||||
}()
|
||||
|
||||
newCtx, cancel := context.WithTimeout(context.Background(), timeoutTag)
|
||||
defer cancel()
|
||||
if err := s.anonDeviceService.TagDevice(newCtx, httpReqCopy, anonymous.AuthedDevice); err != nil {
|
||||
s.log.Warn("failed to tag anonymous session", "error", err)
|
||||
s.log.Warn("Failed to tag anonymous session", "error", err)
|
||||
}
|
||||
}()
|
||||
}
|
||||
@ -133,18 +133,18 @@ func (s *Session) Hook(ctx context.Context, identity *authn.Identity, r *authn.R
|
||||
// addr := reqContext.RemoteAddr()
|
||||
ip, err := network.GetIPFromAddress(addr)
|
||||
if err != nil {
|
||||
s.log.Debug("failed to get client IP address", "addr", addr, "err", err)
|
||||
s.log.Debug("Failed to get client IP address", "addr", addr, "err", err)
|
||||
ip = nil
|
||||
}
|
||||
rotated, newToken, err := s.sessionService.TryRotateToken(ctx, identity.SessionToken, ip, userAgent)
|
||||
if err != nil {
|
||||
s.log.Error("failed to rotate token", "error", err)
|
||||
s.log.Error("Failed to rotate token", "error", err)
|
||||
return
|
||||
}
|
||||
|
||||
if rotated {
|
||||
identity.SessionToken = newToken
|
||||
s.log.Debug("rotated session token", "user", identity.ID)
|
||||
s.log.Debug("Rotated session token", "user", identity.ID)
|
||||
|
||||
authn.WriteSessionCookie(w, s.cfg, identity.SessionToken)
|
||||
}
|
||||
|
||||
@ -302,7 +302,7 @@ func (s *Service) GetUserFromLDAP(c *contextmodel.ReqContext) response.Response
|
||||
u.OrgRoles = append(u.OrgRoles, LDAPRoleDTO{GroupDN: userGroup})
|
||||
}
|
||||
|
||||
s.log.Debug("mapping org roles", "orgsRoles", u.OrgRoles)
|
||||
s.log.Debug("Mapping org roles", "orgsRoles", u.OrgRoles)
|
||||
if err := u.fetchOrgs(c.Req.Context(), s.orgService); err != nil {
|
||||
return response.Error(http.StatusBadRequest, "An organization was not found - Please verify your LDAP configuration", err)
|
||||
}
|
||||
|
||||
@ -452,7 +452,7 @@ func (server *Server) buildGrafanaUser(user *ldap.Entry) (*login.ExternalUserInf
|
||||
|
||||
// Skipping org role sync
|
||||
if server.cfg.LDAPSkipOrgRoleSync {
|
||||
server.log.Debug("skipping organization role mapping.")
|
||||
server.log.Debug("Skipping organization role mapping.")
|
||||
return extUser, nil
|
||||
}
|
||||
|
||||
|
||||
@ -99,6 +99,6 @@ func (s *Service) cleanup(ctx context.Context) {
|
||||
})
|
||||
|
||||
if err != nil {
|
||||
s.logger.Error("failed to lock and execute cleanup of old login attempts", "error", err)
|
||||
s.logger.Error("Failed to lock and execute cleanup of old login attempts", "error", err)
|
||||
}
|
||||
}
|
||||
|
||||
@ -372,11 +372,11 @@ func (s *OAuth2ServiceImpl) handleKeyOptions(ctx context.Context, keyOption *oau
|
||||
if keyOption.PublicPEM != "" {
|
||||
pemEncoded, err := base64.StdEncoding.DecodeString(keyOption.PublicPEM)
|
||||
if err != nil {
|
||||
s.logger.Error("cannot decode base64 encoded PEM string", "error", err)
|
||||
s.logger.Error("Cannot decode base64 encoded PEM string", "error", err)
|
||||
}
|
||||
_, err = utils.ParsePublicKeyPem(pemEncoded)
|
||||
if err != nil {
|
||||
s.logger.Error("cannot parse PEM encoded string", "error", err)
|
||||
s.logger.Error("Cannot parse PEM encoded string", "error", err)
|
||||
return nil, err
|
||||
}
|
||||
return &oauthserver.KeyResult{
|
||||
@ -462,7 +462,7 @@ func (s *OAuth2ServiceImpl) createServiceAccount(ctx context.Context, extSvcName
|
||||
return oauthserver.NoServiceAccountID, err
|
||||
}
|
||||
|
||||
s.logger.Debug("create tailored role for service account", "external service name", extSvcName, "name", slug, "service_account_id", sa.Id, "permissions", permissions)
|
||||
s.logger.Debug("Create tailored role for service account", "external service name", extSvcName, "name", slug, "service_account_id", sa.Id, "permissions", permissions)
|
||||
if err := s.acService.SaveExternalServiceRole(ctx, ac.SaveExternalServiceRoleCommand{
|
||||
OrgID: ac.GlobalOrgID,
|
||||
Global: true,
|
||||
|
||||
@ -72,9 +72,9 @@ func (s *OAuth2ServiceImpl) HandleTokenRequest(rw http.ResponseWriter, req *http
|
||||
func (s *OAuth2ServiceImpl) writeAccessError(ctx context.Context, rw http.ResponseWriter, accessRequest fosite.AccessRequester, err error) {
|
||||
var fositeErr *fosite.RFC6749Error
|
||||
if errors.As(err, &fositeErr) {
|
||||
s.logger.Error("description", fositeErr.DescriptionField, "hint", fositeErr.HintField, "error", fositeErr.ErrorField)
|
||||
s.logger.Error("Description", fositeErr.DescriptionField, "hint", fositeErr.HintField, "error", fositeErr.ErrorField)
|
||||
} else {
|
||||
s.logger.Error("error", err)
|
||||
s.logger.Error("Error", err)
|
||||
}
|
||||
s.oauthProvider.WriteAccessError(ctx, rw, accessRequest, err)
|
||||
}
|
||||
|
||||
@ -67,7 +67,7 @@ func (o *Service) GetCurrentOAuthToken(ctx context.Context, usr identity.Request
|
||||
|
||||
userID, err := identity.IntIdentifier(namespace, id)
|
||||
if err != nil {
|
||||
logger.Error("failed to convert user id to int", "namespace", namespace, "userId", id, "error", err)
|
||||
logger.Error("Failed to convert user id to int", "namespace", namespace, "userId", id, "error", err)
|
||||
return nil
|
||||
}
|
||||
|
||||
@ -76,9 +76,9 @@ func (o *Service) GetCurrentOAuthToken(ctx context.Context, usr identity.Request
|
||||
if err != nil {
|
||||
if errors.Is(err, user.ErrUserNotFound) {
|
||||
// Not necessarily an error. User may be logged in another way.
|
||||
logger.Debug("no oauth token for user found", "userId", userID, "username", usr.GetLogin())
|
||||
logger.Debug("No oauth token for user found", "userId", userID, "username", usr.GetLogin())
|
||||
} else {
|
||||
logger.Error("failed to get oauth token for user", "userId", userID, "username", usr.GetLogin(), "error", err)
|
||||
logger.Error("Failed to get oauth token for user", "userId", userID, "username", usr.GetLogin(), "error", err)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
@ -125,7 +125,7 @@ func (o *Service) HasOAuthEntry(ctx context.Context, usr identity.Requester) (*l
|
||||
// Not necessarily an error. User may be logged in another way.
|
||||
return nil, false, nil
|
||||
}
|
||||
logger.Error("failed to fetch oauth token for user", "userId", userID, "username", usr.GetLogin(), "error", err)
|
||||
logger.Error("Failed to fetch oauth token for user", "userId", userID, "username", usr.GetLogin(), "error", err)
|
||||
return nil, false, err
|
||||
}
|
||||
if !strings.Contains(authInfo.AuthModule, "oauth") {
|
||||
@ -139,7 +139,7 @@ func (o *Service) HasOAuthEntry(ctx context.Context, usr identity.Requester) (*l
|
||||
func (o *Service) TryTokenRefresh(ctx context.Context, usr *login.UserAuth) error {
|
||||
lockKey := fmt.Sprintf("oauth-refresh-token-%d", usr.UserId)
|
||||
_, err, _ := o.singleFlightGroup.Do(lockKey, func() (any, error) {
|
||||
logger.Debug("singleflight request for getting a new access token", "key", lockKey)
|
||||
logger.Debug("Singleflight request for getting a new access token", "key", lockKey)
|
||||
|
||||
return o.tryGetOrRefreshAccessToken(ctx, usr)
|
||||
})
|
||||
@ -163,13 +163,13 @@ func buildOAuthTokenFromAuthInfo(authInfo *login.UserAuth) *oauth2.Token {
|
||||
|
||||
func checkOAuthRefreshToken(authInfo *login.UserAuth) error {
|
||||
if !strings.Contains(authInfo.AuthModule, "oauth") {
|
||||
logger.Warn("the specified user's auth provider is not oauth",
|
||||
logger.Warn("The specified user's auth provider is not oauth",
|
||||
"authmodule", authInfo.AuthModule, "userid", authInfo.UserId)
|
||||
return ErrNotAnOAuthProvider
|
||||
}
|
||||
|
||||
if authInfo.OAuthRefreshToken == "" {
|
||||
logger.Debug("no refresh token available",
|
||||
logger.Debug("No refresh token available",
|
||||
"authmodule", authInfo.AuthModule, "userid", authInfo.UserId)
|
||||
return ErrNoRefreshTokenFound
|
||||
}
|
||||
@ -199,13 +199,13 @@ func (o *Service) tryGetOrRefreshAccessToken(ctx context.Context, usr *login.Use
|
||||
authProvider := usr.AuthModule
|
||||
connect, err := o.SocialService.GetConnector(authProvider)
|
||||
if err != nil {
|
||||
logger.Error("failed to get oauth connector", "provider", authProvider, "error", err)
|
||||
logger.Error("Failed to get oauth connector", "provider", authProvider, "error", err)
|
||||
return nil, err
|
||||
}
|
||||
|
||||
client, err := o.SocialService.GetOAuthHttpClient(authProvider)
|
||||
if err != nil {
|
||||
logger.Error("failed to get oauth http client", "provider", authProvider, "error", err)
|
||||
logger.Error("Failed to get oauth http client", "provider", authProvider, "error", err)
|
||||
return nil, err
|
||||
}
|
||||
ctx = context.WithValue(ctx, oauth2.HTTPClient, client)
|
||||
@ -215,7 +215,7 @@ func (o *Service) tryGetOrRefreshAccessToken(ctx context.Context, usr *login.Use
|
||||
// TokenSource handles refreshing the token if it has expired
|
||||
token, err := connect.TokenSource(ctx, persistedToken).Token()
|
||||
if err != nil {
|
||||
logger.Error("failed to retrieve oauth access token",
|
||||
logger.Error("Failed to retrieve oauth access token",
|
||||
"provider", usr.AuthModule, "userId", usr.UserId, "error", err)
|
||||
return nil, err
|
||||
}
|
||||
@ -230,7 +230,7 @@ func (o *Service) tryGetOrRefreshAccessToken(ctx context.Context, usr *login.Use
|
||||
}
|
||||
|
||||
if o.Cfg.Env == setting.Dev {
|
||||
logger.Debug("oauth got token",
|
||||
logger.Debug("Oauth got token",
|
||||
"user", usr.UserId,
|
||||
"auth_module", usr.AuthModule,
|
||||
"expiry", fmt.Sprintf("%v", token.Expiry),
|
||||
@ -240,10 +240,10 @@ func (o *Service) tryGetOrRefreshAccessToken(ctx context.Context, usr *login.Use
|
||||
}
|
||||
|
||||
if err := o.AuthInfoService.UpdateAuthInfo(ctx, updateAuthCommand); err != nil {
|
||||
logger.Error("failed to update auth info during token refresh", "userId", usr.UserId, "error", err)
|
||||
logger.Error("Failed to update auth info during token refresh", "userId", usr.UserId, "error", err)
|
||||
return nil, err
|
||||
}
|
||||
logger.Debug("updated oauth info for user", "userId", usr.UserId)
|
||||
logger.Debug("Updated oauth info for user", "userId", usr.UserId)
|
||||
}
|
||||
|
||||
return token, nil
|
||||
|
||||
@ -313,7 +313,7 @@ func (s *ServiceAccountsStoreImpl) SearchOrgServiceAccounts(ctx context.Context,
|
||||
"is_disabled = ?")
|
||||
whereParams = append(whereParams, s.sqlStore.GetDialect().BooleanStr(true))
|
||||
default:
|
||||
s.log.Warn("invalid filter user for service account filtering", "service account search filtering", query.Filter)
|
||||
s.log.Warn("Invalid filter user for service account filtering", "service account search filtering", query.Filter)
|
||||
}
|
||||
|
||||
if len(whereConditions) > 0 {
|
||||
@ -380,7 +380,7 @@ func (s *ServiceAccountsStoreImpl) MigrateApiKeysToServiceAccounts(ctx context.C
|
||||
for _, key := range basicKeys {
|
||||
err := s.CreateServiceAccountFromApikey(ctx, key)
|
||||
if err != nil {
|
||||
s.log.Error("migating to service accounts failed with error", err.Error())
|
||||
s.log.Error("Migating to service accounts failed with error", err.Error())
|
||||
migrationResult.Failed++
|
||||
migrationResult.FailedDetails = append(migrationResult.FailedDetails, fmt.Sprintf("API key name: %s - Error: %s", key.Name, err.Error()))
|
||||
migrationResult.FailedApikeyIDs = append(migrationResult.FailedApikeyIDs, key.ID)
|
||||
@ -405,7 +405,7 @@ func (s *ServiceAccountsStoreImpl) MigrateApiKey(ctx context.Context, orgId int6
|
||||
if keyId == key.ID {
|
||||
err := s.CreateServiceAccountFromApikey(ctx, key)
|
||||
if err != nil {
|
||||
s.log.Error("converting to service account failed with error", "keyId", keyId, "error", err)
|
||||
s.log.Error("Converting to service account failed with error", "keyId", keyId, "error", err)
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
@ -81,7 +81,7 @@ func ProvideServiceAccountsService(
|
||||
s.secretScanService, errSecret = secretscan.NewService(s.store, cfg)
|
||||
if errSecret != nil {
|
||||
s.secretScanEnabled = false
|
||||
s.log.Warn("failed to initialize secret scan service. secret scan is disabled",
|
||||
s.log.Warn("Failed to initialize secret scan service. secret scan is disabled",
|
||||
"error", errSecret.Error())
|
||||
}
|
||||
}
|
||||
@ -90,7 +90,7 @@ func ProvideServiceAccountsService(
|
||||
}
|
||||
|
||||
func (sa *ServiceAccountsService) Run(ctx context.Context) error {
|
||||
sa.backgroundLog.Debug("service initialized")
|
||||
sa.backgroundLog.Debug("Service initialized")
|
||||
|
||||
if _, err := sa.getUsageMetrics(ctx); err != nil {
|
||||
sa.log.Warn("Failed to get usage metrics", "error", err.Error())
|
||||
@ -101,7 +101,7 @@ func (sa *ServiceAccountsService) Run(ctx context.Context) error {
|
||||
|
||||
// Enforce a minimum interval of 1 minute.
|
||||
if sa.secretScanEnabled && sa.secretScanInterval < time.Minute {
|
||||
sa.backgroundLog.Warn("secret scan interval is too low, increasing to " +
|
||||
sa.backgroundLog.Warn("Secret scan interval is too low, increasing to " +
|
||||
defaultSecretScanInterval.String())
|
||||
|
||||
sa.secretScanInterval = defaultSecretScanInterval
|
||||
@ -112,7 +112,7 @@ func (sa *ServiceAccountsService) Run(ctx context.Context) error {
|
||||
if !sa.secretScanEnabled {
|
||||
tokenCheckTicker.Stop()
|
||||
} else {
|
||||
sa.backgroundLog.Debug("enabled token secret check and executing first check")
|
||||
sa.backgroundLog.Debug("Enabled token secret check and executing first check")
|
||||
if err := sa.secretScanService.CheckTokens(ctx); err != nil {
|
||||
sa.backgroundLog.Warn("Failed to check for leaked tokens", "error", err.Error())
|
||||
}
|
||||
@ -127,17 +127,17 @@ func (sa *ServiceAccountsService) Run(ctx context.Context) error {
|
||||
return fmt.Errorf("context error in service account background service: %w", ctx.Err())
|
||||
}
|
||||
|
||||
sa.backgroundLog.Debug("stopped service account background service")
|
||||
sa.backgroundLog.Debug("Stopped service account background service")
|
||||
|
||||
return nil
|
||||
case <-updateStatsTicker.C:
|
||||
sa.backgroundLog.Debug("updating usage metrics")
|
||||
sa.backgroundLog.Debug("Updating usage metrics")
|
||||
|
||||
if _, err := sa.getUsageMetrics(ctx); err != nil {
|
||||
sa.backgroundLog.Warn("Failed to get usage metrics", "error", err.Error())
|
||||
}
|
||||
case <-tokenCheckTicker.C:
|
||||
sa.backgroundLog.Debug("checking for leaked tokens")
|
||||
sa.backgroundLog.Debug("Checking for leaked tokens")
|
||||
|
||||
if err := sa.secretScanService.CheckTokens(ctx); err != nil {
|
||||
sa.backgroundLog.Warn("Failed to check for leaked tokens", "error", err.Error())
|
||||
|
||||
@ -101,7 +101,7 @@ func (s *Service) CheckTokens(ctx context.Context) error {
|
||||
|
||||
hashes, hashMap := s.filterCheckableTokens(tokens)
|
||||
if len(hashes) == 0 {
|
||||
s.logger.Debug("no active tokens to check")
|
||||
s.logger.Debug("No active tokens to check")
|
||||
|
||||
return nil
|
||||
}
|
||||
@ -121,7 +121,7 @@ func (s *Service) CheckTokens(ctx context.Context) error {
|
||||
if s.revoke {
|
||||
if err := s.store.RevokeServiceAccountToken(
|
||||
ctx, leakedToken.OrgID, *leakedToken.ServiceAccountId, leakedToken.ID); err != nil {
|
||||
s.logger.Error("failed to delete leaked token. Revoke manually.",
|
||||
s.logger.Error("Failed to delete leaked token. Revoke manually.",
|
||||
"error", err, "url", secretscanToken.URL, "reported_at", secretscanToken.ReportedAt,
|
||||
"token_id", leakedToken.ID, "token", leakedToken.Name, "org", leakedToken.OrgID,
|
||||
"serviceAccount", *leakedToken.ServiceAccountId)
|
||||
@ -130,11 +130,11 @@ func (s *Service) CheckTokens(ctx context.Context) error {
|
||||
|
||||
if s.webHookNotify {
|
||||
if err := s.webHookClient.Notify(ctx, &secretscanToken, leakedToken.Name, s.revoke); err != nil {
|
||||
s.logger.Warn("failed to call token leak webhook", "error", err)
|
||||
s.logger.Warn("Failed to call token leak webhook", "error", err)
|
||||
}
|
||||
}
|
||||
|
||||
s.logger.Warn("found leaked token",
|
||||
s.logger.Warn("Found leaked token",
|
||||
"url", secretscanToken.URL, "reported_at", secretscanToken.ReportedAt,
|
||||
"token_id", leakedToken.ID, "token", leakedToken.Name, "org", leakedToken.OrgID,
|
||||
"serviceAccount", *leakedToken.ServiceAccountId, "revoked", s.revoke)
|
||||
|
||||
@ -135,7 +135,7 @@ func pluginInfoCollector(pluginStore plugins.Store, pluginSettings pluginsetting
|
||||
// plugin settings
|
||||
settings, err := pluginSettings.GetPluginSettings(ctx, &pluginsettings.GetArgs{})
|
||||
if err != nil {
|
||||
logger.Debug("failed to fetch plugin settings:", "err", err)
|
||||
logger.Debug("Failed to fetch plugin settings:", "err", err)
|
||||
}
|
||||
|
||||
settingMap := make(map[string][]*pluginsettings.InfoDTO)
|
||||
|
||||
@ -119,7 +119,7 @@ func (s *Service) create(ctx context.Context, collectors []string, usr identity.
|
||||
ctx, cancel := context.WithTimeout(context.Background(), bundleCreationTimeout)
|
||||
defer func() {
|
||||
if err := recover(); err != nil {
|
||||
s.log.Error("support bundle collection panic", "err", err)
|
||||
s.log.Error("Support bundle collection panic", "err", err)
|
||||
}
|
||||
cancel()
|
||||
}()
|
||||
@ -157,14 +157,14 @@ func (s *Service) remove(ctx context.Context, uid string) error {
|
||||
func (s *Service) cleanup(ctx context.Context) {
|
||||
bundles, err := s.list(ctx)
|
||||
if err != nil {
|
||||
s.log.Error("failed to list bundles to clean up", "error", err)
|
||||
s.log.Error("Failed to list bundles to clean up", "error", err)
|
||||
}
|
||||
|
||||
if err == nil {
|
||||
for _, b := range bundles {
|
||||
if time.Now().Unix() >= b.ExpiresAt {
|
||||
if err := s.remove(ctx, b.UID); err != nil {
|
||||
s.log.Error("failed to cleanup bundle", "error", err)
|
||||
s.log.Error("Failed to cleanup bundle", "error", err)
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -176,7 +176,7 @@ func (s *Service) getUsageStats(ctx context.Context) (map[string]interface{}, er
|
||||
|
||||
count, err := s.store.StatsCount(ctx)
|
||||
if err != nil {
|
||||
s.log.Warn("unable to get support bundle counter", "error", err)
|
||||
s.log.Warn("Unable to get support bundle counter", "error", err)
|
||||
}
|
||||
|
||||
m["stats.bundles.count"] = count
|
||||
|
||||
@ -30,7 +30,7 @@ func (s *Service) startBundleWork(ctx context.Context, collectors []string, uid
|
||||
go func() {
|
||||
defer func() {
|
||||
if err := recover(); err != nil {
|
||||
s.log.Error("support bundle collector panic", "err", err, "stack", string(debug.Stack()))
|
||||
s.log.Error("Support bundle collector panic", "err", err, "stack", string(debug.Stack()))
|
||||
result <- bundleResult{err: ErrCollectorPanicked}
|
||||
}
|
||||
}()
|
||||
@ -47,19 +47,19 @@ func (s *Service) startBundleWork(ctx context.Context, collectors []string, uid
|
||||
case <-ctx.Done():
|
||||
s.log.Warn("Context cancelled while collecting support bundle")
|
||||
if err := s.store.Update(ctx, uid, supportbundles.StateTimeout, nil); err != nil {
|
||||
s.log.Error("failed to update bundle after timeout")
|
||||
s.log.Error("Failed to update bundle after timeout")
|
||||
}
|
||||
return
|
||||
case r := <-result:
|
||||
if r.err != nil {
|
||||
s.log.Error("failed to make bundle", "error", r.err, "uid", uid)
|
||||
s.log.Error("Failed to make bundle", "error", r.err, "uid", uid)
|
||||
if err := s.store.Update(ctx, uid, supportbundles.StateError, nil); err != nil {
|
||||
s.log.Error("failed to update bundle after error")
|
||||
s.log.Error("Failed to update bundle after error")
|
||||
}
|
||||
return
|
||||
}
|
||||
if err := s.store.Update(ctx, uid, supportbundles.StateComplete, r.tarBytes); err != nil {
|
||||
s.log.Error("failed to update bundle after completion")
|
||||
s.log.Error("Failed to update bundle after completion")
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user