Skip to content

Commit

Permalink
Improve logging for Guard server (#20)
Browse files Browse the repository at this point in the history
  • Loading branch information
@tamalsaha
tamalsaha authored Aug 30, 2017
1 parent 207d7c5 commit a4ba6df
Show file tree
Hide file tree
Showing 8 changed files with 320 additions and 10 deletions.
4 changes: 3 additions & 1 deletion glide.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions lib/github.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ func checkGithub(name, token string) (auth.TokenReview, int) {

user, _, err := client.Users.Get(ctx, "")
if err != nil {
return Error(fmt.Sprintf("Failed to load user's Github profile. Reason: %v.", err)), http.StatusUnauthorized
return Error(fmt.Sprintf("Failed to load user's Github profile for Org %s. Reason: %v.", name, err)), http.StatusUnauthorized
}
data := auth.TokenReview{}
data.Status = auth.TokenReviewStatus{
Expand All @@ -35,7 +35,7 @@ func checkGithub(name, token string) (auth.TokenReview, int) {
for {
teams, _, err := client.Organizations.ListUserTeams(ctx, &github.ListOptions{Page: page, PerPage: pageSize})
if err != nil {
return Error(fmt.Sprintf("Failed to load user's teams. Reason: %v.", err)), http.StatusUnauthorized
return Error(fmt.Sprintf("Failed to load user's teams for Org %s. Reason: %v.", name, err)), http.StatusUnauthorized
}
for _, team := range teams {
if team.Organization.GetLogin() == name {
Expand Down
11 changes: 7 additions & 4 deletions lib/google.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ import (
"net/http"
"strings"

"github.com/appscode/go/log"
"golang.org/x/oauth2"
gdir "google.golang.org/api/admin/directory/v1"
gauth "google.golang.org/api/oauth2/v1"
Expand All @@ -20,11 +21,13 @@ func checkGoogle(name, token string) (auth.TokenReview, int) {

authSvc, err := gauth.New(client)
if err != nil {
return Error(fmt.Sprintf("Failed to create oauth2/v1 api client. Reason: %v.", err)), http.StatusUnauthorized
return Error(fmt.Sprintf("Failed to create oauth2/v1 api client for domain %s. Reason: %v.", name, err)), http.StatusUnauthorized
}
r1, err := authSvc.Userinfo.Get().Do()
if err != nil {
return Error(fmt.Sprintf("Failed to load user info. Reason: %v.", err)), http.StatusUnauthorized
msg := fmt.Sprintf("Failed to load user info for domain %s. Reason: %v.", name, err)
log.Errorln(msg)
return Error(msg), http.StatusUnauthorized
}

data := auth.TokenReview{}
Expand All @@ -37,15 +40,15 @@ func checkGoogle(name, token string) (auth.TokenReview, int) {

svc, err := gdir.New(client)
if err != nil {
return Error(fmt.Sprintf("Failed to create admin/directory/v1 client. Reason: %v.", err)), http.StatusUnauthorized
return Error(fmt.Sprintf("Failed to create admin/directory/v1 client for domain %s. Reason: %v.", name, err)), http.StatusUnauthorized
}

groups := []string{}
var pageToken string
for {
r2, err := svc.Groups.List().UserKey(r1.Email).PageToken(pageToken).Do()
if err != nil {
return Error(fmt.Sprintf("Failed to load user's groups. Reason: %v.", err)), http.StatusUnauthorized
return Error(fmt.Sprintf("Failed to load user's groups for domain %s. Reason: %v.", name, err)), http.StatusUnauthorized
}
for _, group := range r2.Groups {
if strings.HasSuffix(group.Email, "@"+name) {
Expand Down
3 changes: 2 additions & 1 deletion lib/handler.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,17 +5,18 @@ import (
"net/http"
"strings"

"github.com/appscode/go/log"
auth "k8s.io/client-go/pkg/apis/authentication/v1beta1"
)

func Authenticate(w http.ResponseWriter, req *http.Request) {
crt := req.TLS.PeerCertificates[0]

if len(crt.Subject.Organization) == 0 {
Write(w, Error("Client certificate is missing organization"), http.StatusBadRequest)
return
}
org := crt.Subject.Organization[0]
log.Infoln("Received token review request for %s@%s", crt.Subject.CommonName, org)

data := auth.TokenReview{}
err := json.NewDecoder(req.Body).Decode(&data)
Expand Down
6 changes: 4 additions & 2 deletions lib/types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import (
"encoding/json"
"net/http"

"github.com/appscode/go/log"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
auth "k8s.io/client-go/pkg/apis/authentication/v1beta1"
)
Expand All @@ -25,15 +26,16 @@ func Write(w http.ResponseWriter, data auth.TokenReview, code int) {
}

// Error returns a `TokenReview` response with the specified error message.
func Error(error string) auth.TokenReview {
func Error(err string) auth.TokenReview {
log.Errorln(err)
return auth.TokenReview{
TypeMeta: metav1.TypeMeta{
APIVersion: apiVersion,
Kind: "TokenReview",
},
Status: auth.TokenReviewStatus{
Authenticated: false,
Error: error,
Error: err,
},
}
}
21 changes: 21 additions & 0 deletions vendor/github.com/appscode/go/context/context.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

140 changes: 140 additions & 0 deletions vendor/github.com/appscode/go/log/context.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit a4ba6df

Please sign in to comment.