Skip to content

Commit

Permalink
[8.4](backport #1870) Make authc log debug and add cache hit field (#…
Browse files Browse the repository at this point in the history 
…1873)

Co-authored-by: Josh Dover <1813008+joshdover@users.noreply.github.com>
  • Loading branch information
@mergify @joshdover
mergify[bot] and joshdover committed Sep 20, 2022
1 parent 6a61e6e commit 903344c
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 5 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.next.asciidoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
- Give a grace period when starting the unenroll monitor. {issue}1500[1500]
- Fixes a race condition between the unenroller goroutine and the main goroutine for the coordinator monitor. {issues}1738[1738]
- Remove events from agent checkin body. {issue}1774[1774]
- Improve authc debug logging. {pull}1870[1870]
- Add error detail to catch-all HTTP error response. {pull}1854[1854]
==== New Features
Expand Down
15 changes: 10 additions & 5 deletions internal/pkg/api/auth.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,8 @@ var (
func authAPIKey(r *http.Request, bulker bulk.Bulk, c cache.Cache) (*apikey.APIKey, error) {
span, ctx := apm.StartSpan(r.Context(), "authAPIKey", "auth")
defer span.End()
start := time.Now()
reqID := r.Header.Get(logger.HeaderRequestID)

key, err := apikey.ExtractAPIKey(r)
if err != nil {
Expand All @@ -41,15 +43,17 @@ func authAPIKey(r *http.Request, bulker bulk.Bulk, c cache.Cache) (*apikey.APIKe

if c.ValidAPIKey(*key) {
span.Context.SetLabel("api_key_cache_hit", true)
log.Debug().
Str("id", key.ID).
Str(ECSHTTPRequestID, reqID).
Int64(ECSEventDuration, time.Since(start).Nanoseconds()).
Bool("fleet.api_key.cache_hit", true).
Msg("ApiKey authenticated")
return key, nil
} else {
span.Context.SetLabel("api_key_cache_hit", false)
}

reqID := r.Header.Get(logger.HeaderRequestID)

start := time.Now()

info, err := bulker.APIKeyAuth(ctx, *key)

if err != nil {
Expand All @@ -62,14 +66,15 @@ func authAPIKey(r *http.Request, bulker bulk.Bulk, c cache.Cache) (*apikey.APIKe
return nil, err
}

log.Trace().
log.Debug().
Str("id", key.ID).
Str(ECSHTTPRequestID, reqID).
Int64(ECSEventDuration, time.Since(start).Nanoseconds()).
Str("userName", info.UserName).
Strs("roles", info.Roles).
Bool("enabled", info.Enabled).
RawJSON("meta", info.Metadata).
Bool("fleet.api_key.cache_hit", false).
Msg("ApiKey authenticated")

c.SetAPIKey(*key, info.Enabled)
Expand Down

0 comments on commit 903344c

Please sign in to comment.