From ceb6f8b4092e42fc0e6465707dd3d84b6d94acca Mon Sep 17 00:00:00 2001 From: Karl Persson Date: Tue, 10 Oct 2023 16:30:20 +0200 Subject: [PATCH] Authn: error logs (#76264) * Reduce to debug for session need rotation error * try to extract log level from error and fallback to warning --- pkg/services/authn/authnimpl/service.go | 22 ++++++++++++++-------- pkg/services/authn/error.go | 2 +- 2 files changed, 15 insertions(+), 9 deletions(-) diff --git a/pkg/services/authn/authnimpl/service.go b/pkg/services/authn/authnimpl/service.go index 2a2e165eac9..4c50c97e9ff 100644 --- a/pkg/services/authn/authnimpl/service.go +++ b/pkg/services/authn/authnimpl/service.go @@ -226,17 +226,12 @@ func (s *Service) authenticate(ctx context.Context, c authn.Client, r *authn.Req r.OrgID = orgIDFromRequest(r) identity, err := c.Authenticate(ctx, r) if err != nil { - log := s.log.FromContext(ctx).Warn - if errors.Is(err, authn.ErrTokenNeedsRotation) { - log = s.log.FromContext(ctx).Debug - } - - log("Failed to authenticate request", "client", c.Name(), "error", err) + s.errorLogFunc(ctx, err)("Failed to authenticate request", "client", c.Name(), "error", err) return nil, err } if err := s.runPostAuthHooks(ctx, identity, r); err != nil { - s.log.FromContext(ctx).Warn("Failed to run post auth hook", "client", c.Name(), "id", identity.ID, "error", err) + s.errorLogFunc(ctx, err)("Failed to run post auth hook", "client", c.Name(), "id", identity.ID, "error", err) return nil, err } @@ -246,7 +241,7 @@ func (s *Service) authenticate(ctx context.Context, c authn.Client, r *authn.Req if hc, ok := c.(authn.HookClient); ok { if err := hc.Hook(ctx, identity, r); err != nil { - s.log.FromContext(ctx).Warn("Failed to run post client auth hook", "client", c.Name(), "id", identity.ID, "error", err) + s.errorLogFunc(ctx, err)("Failed to run post client auth hook", "client", c.Name(), "id", identity.ID, "error", err) return nil, err } } @@ -355,6 +350,17 @@ func (s *Service) SyncIdentity(ctx context.Context, identity *authn.Identity) er return s.runPostAuthHooks(ctx, identity, r) } +func (s *Service) errorLogFunc(ctx context.Context, err error) func(msg string, ctx ...any) { + l := s.log.FromContext(ctx) + + var grfErr errutil.Error + if errors.As(err, &grfErr) { + return grfErr.LogLevel.LogFunc(l) + } + + return l.Warn +} + func orgIDFromRequest(r *authn.Request) int64 { if r.HTTPRequest == nil { return 0 diff --git a/pkg/services/authn/error.go b/pkg/services/authn/error.go index 33fbdba1320..053ceeacfab 100644 --- a/pkg/services/authn/error.go +++ b/pkg/services/authn/error.go @@ -3,7 +3,7 @@ package authn import "github.com/grafana/grafana/pkg/util/errutil" var ( - ErrTokenNeedsRotation = errutil.Unauthorized("session.token.rotate") + ErrTokenNeedsRotation = errutil.Unauthorized("session.token.rotate", errutil.WithLogLevel(errutil.LevelDebug)) ErrUnsupportedClient = errutil.BadRequest("auth.client.unsupported") ErrClientNotConfigured = errutil.BadRequest("auth.client.notConfigured") ErrUnsupportedIdentity = errutil.NotImplemented("auth.identity.unsupported")