IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

AuthN: tune logging (#60917)

Browse Source 
* AuthN: remove comment

* AuthN: Only start trace if valid authentication client is used
This commit is contained in:
Karl Persson
2023-01-04 16:25:42 +01:00
committed by GitHub
parent bb35f37b66
commit d572ccdb2a
1 changed files with 5 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
pkg/services/authn/authnimpl/service.go
View File

@@ -77,43 +77,28 @@ type Service struct {
}
func (s *Service) Authenticate(ctx context.Context, client string, r *authn.Request) (*authn.Identity, bool, error) {
ctx, span := s.tracer.Start(ctx, "authn.Authenticate")
defer span.End()
span.SetAttributes("authn.client", client, attribute.Key("authn.client").String(client))
logger := s.log.FromContext(ctx)
c, ok := s.clients[client]
if !ok {
logger.Debug("auth client not found", "client", client)
span.AddEvents([]string{"message"}, []tracing.EventValue{{Str: "auth client is not configured"}})
return nil, false, nil
}
if !c.Test(ctx, r) {
logger.Debug("auth client cannot handle request", "client", client)
span.AddEvents([]string{"message"}, []tracing.EventValue{{Str: "auth client cannot handle request"}})
return nil, false, nil
}
ctx, span := s.tracer.Start(ctx, "authn.Authenticate")
defer span.End()
span.SetAttributes("authn.client", client, attribute.Key("authn.client").String(client))
r.OrgID = orgIDFromRequest(r)
identity, err := c.Authenticate(ctx, r)
if err != nil {
logger.Warn("auth client could not authenticate request", "client", client, "error", err)
s.log.FromContext(ctx).Warn("auth client could not authenticate request", "client", client, "error", err)
span.AddEvents([]string{"message"}, []tracing.EventValue{{Str: "auth client could not authenticate request"}})
return nil, true, err
}
// FIXME: We want to perform common authentication operations here.
// We will add them as we start to implement clients that requires them.
// Those operations can be Syncing user, syncing teams, create a session etc.
// We would need to check what operations a client support and also if they are requested
// because for e.g. basic auth we want to create a session if the call is coming from the
// login handler, but if we want to perform basic auth during a request (called from contexthandler) we don't
// want a session to be created.
params := c.ClientParams()
for _, hook := range s.postAuthHooks {
if err := hook(ctx, params, identity, r); err != nil {
return nil, false, err