Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feat/add debug log settings #44

Closed
wants to merge 4 commits into from
Closed

Feat/add debug log settings #44

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
cfb7be1
fix a minor issue in cerberus_cache syntax
SamMHD Mar 1, 2024
abd2e48
added access log support to authenticator
SamMHD Mar 1, 2024
7499949
pass settings to authenticator
SamMHD Mar 2, 2024
ac3d40f
added check request duration to debug access logs
SamMHD Mar 6, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions internal/settings/consts.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
package settings

const (
LogLevelDebug = "debug"
LogLevelInfo = "info"
)
1 change: 1 addition & 0 deletions internal/settings/flags.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ func (s Settings) BindFlags(fs *flag.FlagSet) {
flag.StringVar(&s.MetricsAddress, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.")
flag.StringVar(&s.ProbeAddress, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.")
flag.StringVar(&s.AuthServerAddress, "address", ":8082", "The address the authorization service binds to.")
flag.StringVar(&s.AccessLogLevel, "access-log-level", "info", "The Cerberus access log level (debug will print all requests and headers)")

flag.StringVar(&s.TLS.CertPath, "tls-cert-path", "", "grpc Authentication server TLS certificate")
flag.StringVar(&s.TLS.KeyPath, "tls-key-path", "", "grpc Authentication server TLS key")
Expand Down
1 change: 1 addition & 0 deletions internal/settings/settings.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ type Settings struct {
AuthServerAddress string `yaml:"bindAddress" env:"BIND_ADDRESS" env-default:":8082" env-description:"The address the authorization service binds to."`
MetricsAddress string `yaml:"metricsBindAddress" env:"METRICS_BIND_ADDRESS" env-default:":8080" env-description:"The address the metric endpoint binds to."`
ProbeAddress string `yaml:"healthProbeBindAddress" env:"PROBE_BIND_ADDRESS" env-default:":8081" env-description:"The address the probe endpoint binds to."`
AccessLogLevel string `yaml:"accessLogLevel" env:"ACCESS_LOG_LEVEL" env-default:"info" env-description:"The Cerberus access log level (debug will print all requests and headers)"`

TLS struct {
CertPath string `yaml:"certPath" env:"AUTH_SERVER_TLS_CERT_PATH" env-default:"" env-description:"grpc Authentication server TLS certificate file path"`
Expand Down
1 change: 1 addition & 0 deletions main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -243,6 +243,7 @@ func setupAuthenticationServer(st settings.Settings) (net.Listener, *grpc.Server

authenticator := auth.NewAuthenticator(
setupLog.WithName("cerberus.authenticator"),
st,
)

auth.RegisterServer(srv, authenticator)
Expand Down
17 changes: 16 additions & 1 deletion pkg/auth/authenticator.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package auth

import (
"context"
"fmt"
"net/http"
"net/url"
"strings"
Expand All @@ -11,6 +12,7 @@ import (
"github.com/asaskevich/govalidator"
"github.com/go-logr/logr"
"github.com/snapp-incubator/Cerberus/api/v1alpha1"
"github.com/snapp-incubator/Cerberus/internal/settings"
"github.com/snapp-incubator/Cerberus/internal/tracing"
"go.opentelemetry.io/otel/attribute"
otelcodes "go.opentelemetry.io/otel/codes"
Expand All @@ -25,6 +27,7 @@ const downstreamDeadlineOffset = 50 * time.Microsecond
// Authenticator can generate cache from Kubernetes API server
// and it implements envoy.CheckRequest interface
type Authenticator struct {
settings settings.Settings
logger logr.Logger
httpClient *http.Client

Expand Down Expand Up @@ -145,6 +148,17 @@ func (a *Authenticator) Check(ctx context.Context, request *Request) (finalRespo
start_time := time.Now()
wsvc, ns, reason := readRequestContext(request)

// access logs
defer func() {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In the most usages of loggers there's a convention that developers leverage log levels filtering to the logging library and most of the time there's not a condition to check print a log or not.
for example you always call logs but a configuration value sets the logging library to print the value or not.
This is a logrus example:
https://stackoverflow.com/questions/47514812/how-to-use-debug-log-in-golang

Copy link
Collaborator Author

@SamMHD SamMHD Mar 30, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dear, It's not production ready yet. we will change it later. sorry for early review request. and btw, we won't merge this as we already discovered the issue with propagation.

Just debugging and reason beyond this if clause is that current logging library used in Cerberus does not support debug level

if a.settings.AccessLogLevel == settings.LogLevelDebug {
a.logger.Info("check request result",
"request", fmt.Sprintf("%#v", *request),
"response", fmt.Sprintf("%#v", *finalResponse),
"duration", fmt.Sprintf("%vms", time.Since(start_time).Milliseconds()),
)
}
}()

// generate opentelemetry span with given parameters
parentCtx := tracing.ReadParentSpanFromRequest(ctx, request.Request)
ctx, span := tracing.StartSpan(parentCtx, "CheckFunction",
Expand Down Expand Up @@ -228,12 +242,13 @@ func defineValidators() []AuthenticationValidation {

// NewAuthenticator creates new Authenticator object with given logger.
// currently it's not returning any error
func NewAuthenticator(logger logr.Logger) *Authenticator {
func NewAuthenticator(logger logr.Logger, st settings.Settings) *Authenticator {
a := Authenticator{
logger: logger,
httpClient: &http.Client{},
}
a.validators = defineValidators()
a.settings = st
return &a
}

Expand Down
4 changes: 2 additions & 2 deletions pkg/auth/authenticator_cache.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -102,11 +102,11 @@ func retrieveObjects(
l client.ObjectList,
c client.Client,
ctx context.Context,
listOpts ...*client.ListOptions,
listOpts ...client.ListOption,
) error {
t := time.Now()
metricsLabel := reflect.TypeOf(l).Elem().String()
err := c.List(ctx, l)
err := c.List(ctx, l, listOpts...)
fetchObjectListLatency.With(AddKindLabel(nil, metricsLabel)).Observe(time.Since(t).Seconds())
return err
}
Expand Down
Loading