Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(oidc): Add log client IP address #20901

Open
wants to merge 7 commits into
base: master
Choose a base branch
from
Open

chore(oidc): Add log client IP address #20901

wants to merge 7 commits into from

Conversation

omerap12
Copy link
Contributor

Adds client IP address and port ("IP:port") when failing to verify token.
Fixes: #20388

@omerap12 omerap12 requested a review from a team as a code owner November 21, 2024 18:09
@bunnyshell Bunnyshell
Copy link

bunnyshell bot commented Nov 21, 2024
edited
Loading

❗ Preview Environment deployment failed on Bunnyshell

See: Environment Details | Pipeline Logs

Available commands (reply to this comment):

  • 🚀 /bns:deploy to redeploy the environment
  • /bns:delete to remove the environment

@omerap12 omerap12 changed the title oidc: Add log client IP address chore (oidc): Add log client IP address Nov 21, 2024
@omerap12 omerap12 changed the title chore (oidc): Add log client IP address chore(oidc): Add log client IP address Nov 21, 2024
@codecov Codecov
Copy link

codecov bot commented Nov 21, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 64.70588% with 6 lines in your changes missing coverage. Please review.

Project coverage is 55.10%. Comparing base (32cc663) to head (28074ec).

Files with missing lines Patch % Lines
util/oidc/oidc.go 64.70% 6 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #20901      +/-   ##
==========================================
+ Coverage   55.04%   55.10%   +0.06%     
==========================================
  Files         324      324              
  Lines       55421    55429       +8     
==========================================
+ Hits        30504    30542      +38     
+ Misses      22303    22273      -30     
  Partials     2614     2614

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

andrii-korotkov-verkada
andrii-korotkov-verkada reviewed Nov 22, 2024
View reviewed changes
util/oidc/provider.go
@@ -130,9 +130,6 @@ func (p *providerImpl) Verify(tokenString string, argoSettings *settings.ArgoCDS
if err == nil {
break
}
// We store the error for each audience so that we can return a more detailed error message to the user.
// If this gets merged, we'll be able to detect failures unrelated to audiences and short-circuit this loop
// to avoid logging irrelevant warnings: https://github.com/coreos/go-oidc/pull/406
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why remove this?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The issue specifies this comment should be removed

util/oidc/oidc.go Outdated
@@ -376,6 +376,7 @@ func (a *ClientApp) HandleCallback(w http.ResponseWriter, r *http.Request) {
idToken, err := a.provider.Verify(idTokenRAW, a.settings)
if err != nil {
log.Warnf("Failed to verify token: %s", err)
log.Infof("Client IP: %s", r.RemoteAddr)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's have one log statement and/or add client ip as a structured field for the warn message. I find two logs of different kind from the same block confusing. However, we may also log ip address regardless in the outside block together with some other metadata.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Understood. I recommend including the IP address in all warning messages, not just this one.

@omerap12
oidc: Add log client IP address
5620378 
Signed-off-by: Omer Aplatony <omerap12@gmail.com>
@omerap12
Copy link
Contributor Author

Just an idea, with this we can add/remove fields as we want in one place.

@omerap12
Refactor OIDC logging and error handling
4cd2228 
Signed-off-by: Omer Aplatony <omerap12@gmail.com>
@omerap12
Fix logger error messages in oidc.go
f8fdd89 
Signed-off-by: Omer Aplatony <omerap12@gmail.com>
@omerap12
Remove unused logger variable in HandleLogin function
42d878a 
Signed-off-by: Omer Aplatony <omerap12@gmail.com>
andrii-korotkov-verkada
andrii-korotkov-verkada reviewed Nov 22, 2024
View reviewed changes
util/oidc/oidc.go Show resolved Hide resolved
util/oidc/oidc.go Show resolved Hide resolved
@omerap12
Copy link
Contributor Author

What about now? @andrii-korotkov-verkada
Also, why not add metadata logging to all log types, such as errorf and infof?

@andrii-korotkov-verkada
Copy link
Contributor

why not add metadata logging to all log types, such as errorf and infof?

Oh absolutely, go for it.

@omerap12
Add logger to HandleLogin and HandleCallback functions
28074ec 
Signed-off-by: Omer Aplatony <omerap12@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrii-korotkov-verkada andrii-korotkov-verkada andrii-korotkov-verkada approved these changes

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
ready-for-review
Projects
Argo CD Review
Status: Ready for final review
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Provide client info in argocd server errors
2 participants
@omerap12 @andrii-korotkov-verkada