Convert lib/auth/join to slog

lib/auth/join/join.go

@@ -26,7 +26,6 @@ import (
 
 	"github.com/gravitational/trace"
 	"github.com/jonboulle/clockwork"
-	log "github.com/sirupsen/logrus"
 	"go.opentelemetry.io/otel"
 	"golang.org/x/crypto/ssh"
 
@@ -261,13 +260,13 @@ func Register(ctx context.Context, params RegisterParams) (result *RegisterResul
 	// If an explicit AuthClient has been provided, we want to go straight to
 	// using that rather than trying both proxy and auth dialing.
 	if params.AuthClient != nil {
-		log.Info("Attempting registration with existing auth client.")
+		slog.InfoContext(ctx, "Attempting registration with existing auth client.")
 		result, err := registerThroughAuthClient(ctx, token, params, params.AuthClient)
 		if err != nil {
-			log.WithError(err).Error("Registration with existing auth client failed.")
+			slog.ErrorContext(ctx, "Registration with existing auth client failed.", "error", err)
 			return nil, trace.Wrap(err)
 		}
-		log.Info("Successfully registered with existing auth client.")
+		slog.InfoContext(ctx, "Successfully registered with existing auth client.")
 		return result, nil
 	}
 
@@ -282,35 +281,35 @@ func Register(ctx context.Context, params RegisterParams) (result *RegisterResul
 	registerMethods := []registerMethod{registerThroughAuth, registerThroughProxy}
 
 	if !params.ProxyServer.IsEmpty() {
-		log.WithField("proxy-server", params.ProxyServer).Debugf("Registering node to the cluster.")
+		slog.DebugContext(ctx, "Registering node to the cluster.", "proxy_server", params.ProxyServer)
 
 		registerMethods = []registerMethod{registerThroughProxy}
 
 		if proxyServerIsAuth(params.ProxyServer) {
-			log.Debugf("The specified proxy server appears to be an auth server.")
+			slog.DebugContext(ctx, "The specified proxy server appears to be an auth server.")
 		}
 	} else {
-		log.WithField("auth-servers", params.AuthServers).Debugf("Registering node to the cluster.")
+		slog.DebugContext(ctx, "Registering node to the cluster.", "auth_servers", params.AuthServers)
 
 		if params.GetHostCredentials == nil {
-			log.Debugf("Missing client, it is not possible to register through proxy.")
+			slog.DebugContext(ctx, "Missing client, it is not possible to register through proxy.")
 			registerMethods = []registerMethod{registerThroughAuth}
 		} else if authServerIsProxy(params.AuthServers) {
-			log.Debugf("The first specified auth server appears to be a proxy.")
+			slog.DebugContext(ctx, "The first specified auth server appears to be a proxy.")
 			registerMethods = []registerMethod{registerThroughProxy, registerThroughAuth}
 		}
 	}
 
 	var collectedErrs []error
 	for _, method := range registerMethods {
-		log.Infof("Attempting registration %s.", method.desc)
+		slog.InfoContext(ctx, "Attempting registration.", "method", method.desc)
 		result, err := method.call(ctx, token, params)
 		if err != nil {
 			collectedErrs = append(collectedErrs, err)
-			log.WithError(err).Debugf("Registration %s failed.", method.desc)
+			slog.DebugContext(ctx, "Registration failed.", "method", method.desc, "error", err)
 			continue
 		}
-		log.Infof("Successfully registered %s.", method.desc)
+		slog.InfoContext(ctx, "Successfully registered.", "method", method.desc)
 		return result, nil
 	}
 	return nil, trace.NewAggregate(collectedErrs...)
@@ -411,19 +410,19 @@ func registerThroughAuth(
 	// depending on the configured values for Insecure, CAPins and CAPath.
 	switch {
 	case params.Insecure:
-		log.Warnf("Insecure mode enabled. Auth Server cert will not be validated and CAPins and CAPath value will be ignored.")
-		client, err = insecureRegisterClient(params)
+		slog.WarnContext(ctx, "Insecure mode enabled. Auth Server cert will not be validated and CAPins and CAPath value will be ignored.")
+		client, err = insecureRegisterClient(ctx, params)
 	case len(params.CAPins) != 0:
 		// CAPins takes precedence over CAPath
 		client, err = pinRegisterClient(ctx, params)
 	case params.CAPath != "":
-		client, err = caPathRegisterClient(params)
+		client, err = caPathRegisterClient(ctx, params)
 	default:
 		// We fall back to insecure mode here - this is a little odd but is
 		// necessary to preserve the behavior of registration. At a later date,
 		// we may consider making this an error asking the user to provide
 		// Insecure, CAPins or CAPath.
-		client, err = insecureRegisterClient(params)
+		client, err = insecureRegisterClient(ctx, params)
 	}
 	if err != nil {
 		return nil, trace.Wrap(err, "building auth client")
@@ -487,11 +486,11 @@ func getHostAddresses(params RegisterParams) []string {
 // insecureRegisterClient attempts to connects to the Auth Server using the
 // CA on disk. If no CA is found on disk, Teleport will not verify the Auth
 // Server it is connecting to.
-func insecureRegisterClient(params RegisterParams) (*authclient.Client, error) {
-	log.Warnf("Joining cluster without validating the identity of the Auth " +
-		"Server. This may open you up to a Man-In-The-Middle (MITM) attack if an " +
-		"attacker can gain privileged network access. To remedy this, use the CA pin " +
-		"value provided when join token was generated to validate the identity of " +
+func insecureRegisterClient(ctx context.Context, params RegisterParams) (*authclient.Client, error) {
+	slog.WarnContext(ctx, "Joining cluster without validating the identity of the Auth "+
+		"Server. This may open you up to a Man-In-The-Middle (MITM) attack if an "+
+		"attacker can gain privileged network access. To remedy this, use the CA pin "+
+		"value provided when join token was generated to validate the identity of "+
 		"the Auth Server or point to a valid Certificate via the CA Path option.")
 
 	tlsConfig := utils.TLSConfig(params.CipherSuites)
@@ -504,6 +503,7 @@ func insecureRegisterClient(params RegisterParams) (*authclient.Client, error) {
 			client.LoadTLS(tlsConfig),
 		},
 		CircuitBreakerConfig: params.CircuitBreakerConfig,
+		Context:              ctx,
 	})
 	if err != nil {
 		return nil, trace.Wrap(err, "creating insecure auth client")
@@ -531,6 +531,7 @@ func pinRegisterClient(
 			client.LoadTLS(tlsConfig),
 		},
 		CircuitBreakerConfig: params.CircuitBreakerConfig,
+		Context:              ctx,
 	})
 	if err != nil {
 		return nil, trace.Wrap(err)
@@ -564,7 +565,7 @@ func pinRegisterClient(
 		}
 
 	}
-	log.Infof("Joining remote cluster %v with CA pin.", certs[0].Subject.CommonName)
+	slog.InfoContext(ctx, "Joining remote cluster with CA pin.", "cluster", certs[0].Subject.CommonName)
 
 	// Create another client, but this time with the CA provided to validate
 	// that the Auth Server was issued a certificate by the same CA.
@@ -582,6 +583,7 @@ func pinRegisterClient(
 			client.LoadTLS(tlsConfig),
 		},
 		CircuitBreakerConfig: params.CircuitBreakerConfig,
+		Context:              ctx,
 	})
 	if err != nil {
 		return nil, trace.Wrap(err)
@@ -590,7 +592,7 @@ func pinRegisterClient(
 	return authClient, nil
 }
 
-func caPathRegisterClient(params RegisterParams) (*authclient.Client, error) {
+func caPathRegisterClient(ctx context.Context, params RegisterParams) (*authclient.Client, error) {
 	tlsConfig := utils.TLSConfig(params.CipherSuites)
 	tlsConfig.Time = params.Clock.Now
 
@@ -604,22 +606,23 @@ func caPathRegisterClient(params RegisterParams) (*authclient.Client, error) {
 	// we may wish to consider changing this to return an error - but this is a
 	// breaking change.
 	if trace.IsNotFound(err) {
-		log.Warnf("Falling back to insecurely joining because a missing or empty CA Path was provided.")
-		return insecureRegisterClient(params)
+		slog.WarnContext(ctx, "Falling back to insecurely joining because a missing or empty CA Path was provided.")
+		return insecureRegisterClient(ctx, params)
 	}
 
 	certPool := x509.NewCertPool()
 	certPool.AddCert(cert)
 	tlsConfig.RootCAs = certPool
 
-	log.Infof("Joining remote cluster %v, validating connection with certificate on disk.", cert.Subject.CommonName)
+	slog.InfoContext(ctx, "Joining remote cluster, validating connection with certificate on disk.", "cluster", cert.Subject.CommonName)
 
 	client, err := authclient.NewClient(client.Config{
 		Addrs: getHostAddresses(params),
 		Credentials: []client.Credentials{
 			client.LoadTLS(tlsConfig),
 		},
 		CircuitBreakerConfig: params.CircuitBreakerConfig,
+		Context:              ctx,
 	})
 	if err != nil {
 		return nil, trace.Wrap(err)
@@ -659,7 +662,7 @@ func registerUsingTokenRequestForParams(token string, hostKeys *newHostKeys, par
 func registerUsingIAMMethod(
 	ctx context.Context, joinServiceClient joinServiceClient, token string, hostKeys *newHostKeys, params RegisterParams,
 ) (*proto.Certs, error) {
-	log.Infof("Attempting to register %s with IAM method using regional STS endpoint", params.ID.Role)
+	slog.InfoContext(ctx, "Attempting to register with IAM method using region STS endpoint.", "role", params.ID.Role)
 	// Call RegisterUsingIAMMethod and pass a callback to respond to the challenge with a signed join request.
 	certs, err := joinServiceClient.RegisterUsingIAMMethod(ctx, func(challenge string) (*proto.RegisterUsingIAMMethodRequest, error) {
 		// create the signed sts:GetCallerIdentity request and include the challenge
@@ -677,11 +680,11 @@ func registerUsingIAMMethod(
 		}, nil
 	})
 	if err != nil {
-		log.WithError(err).Infof("Failed to register %s using regional STS endpoint", params.ID.Role)
+		slog.InfoContext(ctx, "Failed to register using regional STS endpoint", "role", params.ID.Role, "error", err)
 		return nil, trace.Wrap(err, "registering via IAM method streaming RPC")
 	}
 
-	log.Infof("Successfully registered %s with IAM method using regional STS endpoint", params.ID.Role)
+	slog.InfoContext(ctx, "Successfully registered with IAM method using regional STS endpoint.", "role", params.ID.Role)
 	return certs, nil
 }