Skip to content

Logging for failed GetSecrets in Workflows#20556

Merged
prashantkumar1982 merged 4 commits intodevelopfrom
secrets_logging
Dec 8, 2025
Merged

Logging for failed GetSecrets in Workflows#20556
prashantkumar1982 merged 4 commits intodevelopfrom
secrets_logging

Conversation

@prashantkumar1982
Copy link
Contributor

@prashantkumar1982 prashantkumar1982 commented Dec 8, 2025

No description provided.

@github-actions
Copy link
Contributor

github-actions bot commented Dec 8, 2025

I see you updated files related to core. Please run pnpm changeset in the root directory to add a changeset as well as in the text include at least one of the following tags:

  • #added For any new functionality added.
  • #breaking_change For any functionality that requires manual action for the node to boot.
  • #bugfix For bug fixes.
  • #changed For any change to the existing functionality.
  • #db_update For any feature that introduces updates to database schema.
  • #deprecation_notice For any upcoming deprecation functionality.
  • #internal For changesets that need to be excluded from the final changelog.
  • #nops For any feature that is NOP facing and needs to be in the official Release Notes for the release.
  • #removed For any functionality/config that is removed.
  • #updated For any functionality that is updated.
  • #wip For any change that is not ready yet and external communication about it should be held off till it is feature complete.

@prashantkumar1982 prashantkumar1982 marked this pull request as ready for review December 8, 2025 16:42
@prashantkumar1982 prashantkumar1982 requested a review from a team as a code owner December 8, 2025 16:42
Copilot AI review requested due to automatic review settings December 8, 2025 16:42
krehermann
krehermann previously approved these changes Dec 8, 2025
View reviewed changes
cedric-cordenier
cedric-cordenier reviewed Dec 8, 2025
View reviewed changes
core/services/workflows/v2/secrets.go Outdated
getSecretsDuration := time.Since(start).Milliseconds()
if err != nil {
// Log errors when secrets fetching fails, for troubleshooting and debugging
s.lggr.Infow("Secrets fetching failed for request", "request", request, "error", err, "requestLatency", getSecretsDuration)
Copy link
Contributor

@cedric-cordenier cedric-cordenier Dec 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this be Errorw?

Copy link
Contributor

@cedric-cordenier cedric-cordenier Dec 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually do we need this -- we will already emit an error here that should cover this: https://github.com/smartcontractkit/chainlink/pull/20556/files#diff-db37590ea3c9bdb89e68e879d48c0e51c03a6a0ba2c8a50f34b35e7f6eea0f7aL210

Copy link
Contributor

@cedric-cordenier cedric-cordenier Dec 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmmm there might be a small gap actually

Copy link
Contributor Author

@prashantkumar1982 prashantkumar1982 Dec 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Errorw seems like if there's a user error, then we will litter logs with error logs.
Also, a request failing doesn't always mean something's wrong with our server.

Yes, that line you mentioned captures a lot, but there's some more error paths above, so I thought we should just capture all failures at the top level too.

Copy link
Contributor

@cedric-cordenier cedric-cordenier Dec 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We could do a warn then -- I'm not a fan of having this as an Info because it would be hard to filter by status and find this

Copilot AI reviewed Dec 8, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds error logging to the GetSecrets method in the workflow secrets fetcher to improve troubleshooting and debugging capabilities when secret fetching operations fail. The change also optimizes the duration calculation by computing it once and reusing it for both logging and metrics recording.

  • Adds error logging for failed secret fetch operations with request details and latency
  • Refactors duration calculation to avoid redundant time.Since() calls

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

core/services/workflows/v2/secrets.go Outdated
getSecretsDuration := time.Since(start).Milliseconds()
if err != nil {
// Log errors when secrets fetching fails, for troubleshooting and debugging
s.lggr.Infow("Secrets fetching failed for request", "request", request, "error", err, "requestLatency", getSecretsDuration)
Copy link

Copilot AI Dec 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Logging the entire request object may expose sensitive information. The GetSecretsRequest contains secret identifiers (Id, Namespace, Owner) which could be considered sensitive metadata about what secrets are being accessed. Consider logging only non-sensitive fields or a sanitized representation of the request instead.

Suggested fix:

s.lggr.Errorw("Secrets fetching failed for request", "callbackId", request.CallbackId, "numRequests", len(request.Requests), "error", err, "requestLatency", getSecretsDuration)
Suggested change
s.lggr.Infow("Secrets fetching failed for request", "request", request, "error", err, "requestLatency", getSecretsDuration)
s.lggr.Infow("Secrets fetching failed for request", "callbackId", request.CallbackId, "numRequests", len(request.Requests), "error", err, "requestLatency", getSecretsDuration)

Copilot uses AI. Check for mistakes.
core/services/workflows/v2/secrets.go Outdated
getSecretsDuration := time.Since(start).Milliseconds()
if err != nil {
// Log errors when secrets fetching fails, for troubleshooting and debugging
s.lggr.Infow("Secrets fetching failed for request", "request", request, "error", err, "requestLatency", getSecretsDuration)
Copy link

Copilot AI Dec 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Error logging should use lggr.Errorw instead of lggr.Infow. Throughout the codebase (e.g., lines 214 and 223 in this same file, and in workflow_registry.go), errors are consistently logged at the Error level using lggr.Errorw. Using Info level for error conditions can lead to these failures being missed during monitoring and troubleshooting.

Suggested fix:

s.lggr.Errorw("Secrets fetching failed for request", "request", request, "error", err, "requestLatency", getSecretsDuration)
Suggested change
s.lggr.Infow("Secrets fetching failed for request", "request", request, "error", err, "requestLatency", getSecretsDuration)
s.lggr.Errorw("Secrets fetching failed for request", "request", request, "error", err, "requestLatency", getSecretsDuration)

Copilot uses AI. Check for mistakes.
DylanTinianov
DylanTinianov previously approved these changes Dec 8, 2025
View reviewed changes
@cl-sonarqube-production
Copy link

cl-sonarqube-production bot commented Dec 8, 2025

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

@prashantkumar1982 prashantkumar1982 added this pull request to the merge queue Dec 8, 2025
Merged via the queue into develop with commit 2eb4054 Dec 8, 2025
218 checks passed
@prashantkumar1982 prashantkumar1982 deleted the secrets_logging branch December 8, 2025 18:22
krehermann pushed a commit that referenced this pull request Dec 11, 2025
@prashantkumar1982 @krehermann
Logging for failed GetSecrets in Workflows (#20556)
147a48f 
* Logging for failed GetSecrets in Workflows

* nit

* nit

(cherry picked from commit 2eb4054)
@chainchad chainchad mentioned this pull request Dec 11, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@bolekk bolekk bolekk approved these changes

@cedric-cordenier cedric-cordenier cedric-cordenier approved these changes

@krehermann krehermann krehermann left review comments

@DylanTinianov DylanTinianov DylanTinianov left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@prashantkumar1982 @bolekk @krehermann @cedric-cordenier @DylanTinianov