outpost: improve logging output, ensure fields match api server

This commit is contained in:
Jens Langhammer 2021-02-11 23:48:54 +01:00
parent c1caf84d92
commit 1abcff39c7
8 changed files with 39 additions and 28 deletions

View file

@ -49,12 +49,14 @@ func NewAPIController(pbURL url.URL, token string) *APIController {
// create the API client, with the transport // create the API client, with the transport
apiClient := client.New(transport, strfmt.Default) apiClient := client.New(transport, strfmt.Default)
log := log.WithField("logger", "authentik.outpost.ak-api-controller")
// Because we don't know the outpost UUID, we simply do a list and pick the first // Because we don't know the outpost UUID, we simply do a list and pick the first
// The service account this token belongs to should only have access to a single outpost // The service account this token belongs to should only have access to a single outpost
outposts, err := apiClient.Outposts.OutpostsOutpostsList(outposts.NewOutpostsOutpostsListParams(), auth) outposts, err := apiClient.Outposts.OutpostsOutpostsList(outposts.NewOutpostsOutpostsListParams(), auth)
if err != nil { if err != nil {
panic(err) log.WithError(err).Panic("Failed to fetch configuration")
} }
outpost := outposts.Payload.Results[0] outpost := outposts.Payload.Results[0]
doGlobalSetup(outpost.Config.(map[string]interface{})) doGlobalSetup(outpost.Config.(map[string]interface{}))
@ -64,7 +66,7 @@ func NewAPIController(pbURL url.URL, token string) *APIController {
Auth: auth, Auth: auth,
token: token, token: token,
logger: log.WithField("component", "ak-api-controller"), logger: log,
reloadOffset: time.Duration(rand.Intn(10)) * time.Second, reloadOffset: time.Duration(rand.Intn(10)) * time.Second,

View file

@ -40,7 +40,7 @@ func (ac *APIController) initWS(pbURL url.URL, outpostUUID strfmt.UUID) {
} }
ws.Dial(fmt.Sprintf(pathTemplate, scheme, pbURL.Host, outpostUUID.String()), header) ws.Dial(fmt.Sprintf(pathTemplate, scheme, pbURL.Host, outpostUUID.String()), header)
ac.logger.WithField("component", "ak-ws").WithField("outpost", outpostUUID.String()).Debug("connecting to authentik") ac.logger.WithField("logger", "authentik.outpost.ak-ws").WithField("outpost", outpostUUID.String()).Debug("connecting to authentik")
ac.wsConn = ws ac.wsConn = ws
// Send hello message with our version // Send hello message with our version
@ -52,7 +52,7 @@ func (ac *APIController) initWS(pbURL url.URL, outpostUUID strfmt.UUID) {
} }
err := ws.WriteJSON(msg) err := ws.WriteJSON(msg)
if err != nil { if err != nil {
ac.logger.WithField("component", "ak-ws").WithError(err).Warning("Failed to hello to authentik") ac.logger.WithField("logger", "authentik.outpost.ak-ws").WithError(err).Warning("Failed to hello to authentik")
} }
} }

View file

@ -13,7 +13,12 @@ import (
) )
func doGlobalSetup(config map[string]interface{}) { func doGlobalSetup(config map[string]interface{}) {
log.SetFormatter(&log.JSONFormatter{}) log.SetFormatter(&log.JSONFormatter{
FieldMap: log.FieldMap{
log.FieldKeyMsg: "event",
log.FieldKeyTime: "timestamp",
},
})
switch config[ConfigLogLevel].(string) { switch config[ConfigLogLevel].(string) {
case "debug": case "debug":
log.SetLevel(log.DebugLevel) log.SetLevel(log.DebugLevel)

View file

@ -31,7 +31,7 @@ func (s *Server) bundleProviders(providers []*models.ProxyOutpostConfig) []*prov
bundles[idx] = &providerBundle{ bundles[idx] = &providerBundle{
s: s, s: s,
Host: externalHost.Host, Host: externalHost.Host,
log: log.WithField("component", "proxy-bundle").WithField("provider", provider.Name), log: log.WithField("logger", "authentik.outpost.proxy-bundle").WithField("provider", provider.Name),
} }
bundles[idx].Build(provider) bundles[idx].Build(provider)
} }

View file

@ -129,7 +129,7 @@ func (pb *providerBundle) Build(provider *models.ProxyOutpostConfig) {
log.Printf("%s", err) log.Printf("%s", err)
os.Exit(1) os.Exit(1)
} }
oauthproxy, err := NewOAuthProxy(opts) oauthproxy, err := NewOAuthProxy(opts, provider)
if err != nil { if err != nil {
log.Errorf("ERROR: Failed to initialise OAuth2 Proxy: %v", err) log.Errorf("ERROR: Failed to initialise OAuth2 Proxy: %v", err)
os.Exit(1) os.Exit(1)

View file

@ -95,7 +95,7 @@ type loggingHandler struct {
func LoggingHandler(h http.Handler) http.Handler { func LoggingHandler(h http.Handler) http.Handler {
return loggingHandler{ return loggingHandler{
handler: h, handler: h,
logger: log.WithField("component", "proxy-http-server"), logger: log.WithField("logger", "authentik.outpost.proxy-http-server"),
} }
} }
@ -104,19 +104,17 @@ func (h loggingHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
url := *req.URL url := *req.URL
responseLogger := &responseLogger{w: w} responseLogger := &responseLogger{w: w}
h.handler.ServeHTTP(responseLogger, req) h.handler.ServeHTTP(responseLogger, req)
duration := float64(time.Since(t)) / float64(time.Second) duration := float64(time.Since(t)) / float64(time.Millisecond)
h.logger.WithFields(log.Fields{ h.logger.WithFields(log.Fields{
"Client": req.RemoteAddr, "host": req.RemoteAddr,
"Host": req.Host, "vhost": req.Host,
"Protocol": req.Proto, "request_protocol": req.Proto,
"RequestDuration": fmt.Sprintf("%0.3f", duration), "runtime": fmt.Sprintf("%0.3f", duration),
"RequestMethod": req.Method, "method": req.Method,
"ResponseSize": responseLogger.Size(), "size": responseLogger.Size(),
"StatusCode": responseLogger.Status(), "status": responseLogger.Status(),
"Timestamp": t, "upstream": responseLogger.upstream,
"Upstream": responseLogger.upstream, "request_useragent": req.UserAgent(),
"UserAgent": req.UserAgent(), "request_username": responseLogger.authInfo,
"Username": responseLogger.authInfo,
}).Info(url.RequestURI()) }).Info(url.RequestURI())
// logger.PrintReq(responseLogger.authInfo, responseLogger.upstream, req, url, t, , )
} }

View file

@ -21,6 +21,7 @@ import (
"github.com/oauth2-proxy/oauth2-proxy/pkg/sessions" "github.com/oauth2-proxy/oauth2-proxy/pkg/sessions"
"github.com/oauth2-proxy/oauth2-proxy/pkg/upstream" "github.com/oauth2-proxy/oauth2-proxy/pkg/upstream"
"github.com/oauth2-proxy/oauth2-proxy/providers" "github.com/oauth2-proxy/oauth2-proxy/providers"
"goauthentik.io/outpost/pkg/models"
log "github.com/sirupsen/logrus" log "github.com/sirupsen/logrus"
) )
@ -92,8 +93,8 @@ type OAuthProxy struct {
} }
// NewOAuthProxy creates a new instance of OAuthProxy from the options provided // NewOAuthProxy creates a new instance of OAuthProxy from the options provided
func NewOAuthProxy(opts *options.Options) (*OAuthProxy, error) { func NewOAuthProxy(opts *options.Options, provider *models.ProxyOutpostConfig) (*OAuthProxy, error) {
logger := log.WithField("component", "proxy").WithField("client-id", opts.ClientID) logger := log.WithField("logger", "authentik.outpost.proxy").WithField("provider", provider.Name)
sessionStore, err := sessions.NewSessionStore(&opts.Session, &opts.Cookie) sessionStore, err := sessions.NewSessionStore(&opts.Session, &opts.Cookie)
if err != nil { if err != nil {
return nil, fmt.Errorf("error initialising session store: %v", err) return nil, fmt.Errorf("error initialising session store: %v", err)
@ -434,6 +435,7 @@ func (p *OAuthProxy) addHeadersForProxying(rw http.ResponseWriter, req *http.Req
authVal := b64.StdEncoding.EncodeToString([]byte(username + ":" + password)) authVal := b64.StdEncoding.EncodeToString([]byte(username + ":" + password))
req.Header["Authorization"] = []string{fmt.Sprintf("Basic %s", authVal)} req.Header["Authorization"] = []string{fmt.Sprintf("Basic %s", authVal)}
} }
rw.Header().Set("GAP-Auth", session.PreferredUsername)
// Check if user has additional headers set that we should sent // Check if user has additional headers set that we should sent
if additionalHeaders, ok := userAttributes["additionalHeaders"].(map[string]string); ok { if additionalHeaders, ok := userAttributes["additionalHeaders"].(map[string]string); ok {
if additionalHeaders == nil { if additionalHeaders == nil {

View file

@ -6,6 +6,7 @@ import (
"errors" "errors"
"net" "net"
"net/http" "net/http"
"strings"
"time" "time"
log "github.com/sirupsen/logrus" log "github.com/sirupsen/logrus"
@ -30,7 +31,7 @@ func NewServer(ac *ak.APIController) *Server {
} }
return &Server{ return &Server{
Handlers: make(map[string]*providerBundle), Handlers: make(map[string]*providerBundle),
logger: log.WithField("component", "proxy-http-server"), logger: log.WithField("logger", "authentik.outpost.proxy-http-server"),
defaultCert: defaultCert, defaultCert: defaultCert,
ak: ac, ak: ac,
} }
@ -50,12 +51,15 @@ func (s *Server) handler(w http.ResponseWriter, r *http.Request) {
return return
} }
} }
s.logger.WithField("host", r.Host).Debug("Host header does not match any we know of") // Get a list of all host keys we know
s.logger.Printf("%v+\n", s.Handlers) hostKeys := make([]string, 0, len(s.Handlers))
w.WriteHeader(400) for k := range s.Handlers {
hostKeys = append(hostKeys, k)
}
s.logger.WithField("host", r.Host).WithField("known-hosts", strings.Join(hostKeys, ", ")).Debug("Host header does not match any we know of")
w.WriteHeader(404)
return return
} }
s.logger.WithField("host", r.Host).Debug("passing request from host head")
handler.ServeHTTP(w, r) handler.ServeHTTP(w, r)
} }