Skip to content

Commit

Permalink
Make authc log debug and add cache hit field (#1870)
Browse files Browse the repository at this point in the history 
(cherry picked from commit 33b812c)

# Conflicts:
#	CHANGELOG.next.asciidoc
  • Loading branch information
@joshdover @mergify
joshdover authored and mergify[bot] committed Sep 15, 2022
1 parent fd9c8db commit af0c9f8
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 5 deletions.
5 changes: 5 additions & 0 deletions CHANGELOG.next.asciidoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,11 @@
- Give a grace period when starting the unenroll monitor. {issue}1500[1500]
- Fixes a race condition between the unenroller goroutine and the main goroutine for the coordinator monitor. {issues}1738[1738]
- Remove events from agent checkin body. {issue}1774[1774]
<<<<<<< HEAD
=======
- Improve authc debug logging. {pull}1870[1870]
- Add error detail to catch-all HTTP error response. {pull}1854[1854]
>>>>>>> 33b812c (Make authc log debug and add cache hit field (#1870))
==== New Features

Expand Down
15 changes: 10 additions & 5 deletions internal/pkg/api/auth.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,8 @@ var (
func authAPIKey(r *http.Request, bulker bulk.Bulk, c cache.Cache) (*apikey.APIKey, error) {
span, ctx := apm.StartSpan(r.Context(), "authAPIKey", "auth")
defer span.End()
start := time.Now()
reqID := r.Header.Get(logger.HeaderRequestID)

key, err := apikey.ExtractAPIKey(r)
if err != nil {
Expand All @@ -41,15 +43,17 @@ func authAPIKey(r *http.Request, bulker bulk.Bulk, c cache.Cache) (*apikey.APIKe

if c.ValidAPIKey(*key) {
span.Context.SetLabel("api_key_cache_hit", true)
log.Debug().
Str("id", key.ID).
Str(ECSHTTPRequestID, reqID).
Int64(ECSEventDuration, time.Since(start).Nanoseconds()).
Bool("fleet.api_key.cache_hit", true).
Msg("ApiKey authenticated")
return key, nil
} else {
span.Context.SetLabel("api_key_cache_hit", false)
}

reqID := r.Header.Get(logger.HeaderRequestID)

start := time.Now()

info, err := bulker.APIKeyAuth(ctx, *key)

if err != nil {
Expand All @@ -62,14 +66,15 @@ func authAPIKey(r *http.Request, bulker bulk.Bulk, c cache.Cache) (*apikey.APIKe
return nil, err
}

log.Trace().
log.Debug().
Str("id", key.ID).
Str(ECSHTTPRequestID, reqID).
Int64(ECSEventDuration, time.Since(start).Nanoseconds()).
Str("userName", info.UserName).
Strs("roles", info.Roles).
Bool("enabled", info.Enabled).
RawJSON("meta", info.Metadata).
Bool("fleet.api_key.cache_hit", false).
Msg("ApiKey authenticated")

c.SetAPIKey(*key, info.Enabled)
Expand Down

0 comments on commit af0c9f8

Please sign in to comment.