outpost: improve logging output, ensure fields match api server
This commit is contained in:
parent
c1caf84d92
commit
1abcff39c7
|
@ -49,12 +49,14 @@ func NewAPIController(pbURL url.URL, token string) *APIController {
|
||||||
// create the API client, with the transport
|
// create the API client, with the transport
|
||||||
apiClient := client.New(transport, strfmt.Default)
|
apiClient := client.New(transport, strfmt.Default)
|
||||||
|
|
||||||
|
log := log.WithField("logger", "authentik.outpost.ak-api-controller")
|
||||||
|
|
||||||
// Because we don't know the outpost UUID, we simply do a list and pick the first
|
// Because we don't know the outpost UUID, we simply do a list and pick the first
|
||||||
// The service account this token belongs to should only have access to a single outpost
|
// The service account this token belongs to should only have access to a single outpost
|
||||||
outposts, err := apiClient.Outposts.OutpostsOutpostsList(outposts.NewOutpostsOutpostsListParams(), auth)
|
outposts, err := apiClient.Outposts.OutpostsOutpostsList(outposts.NewOutpostsOutpostsListParams(), auth)
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
panic(err)
|
log.WithError(err).Panic("Failed to fetch configuration")
|
||||||
}
|
}
|
||||||
outpost := outposts.Payload.Results[0]
|
outpost := outposts.Payload.Results[0]
|
||||||
doGlobalSetup(outpost.Config.(map[string]interface{}))
|
doGlobalSetup(outpost.Config.(map[string]interface{}))
|
||||||
|
@ -64,7 +66,7 @@ func NewAPIController(pbURL url.URL, token string) *APIController {
|
||||||
Auth: auth,
|
Auth: auth,
|
||||||
token: token,
|
token: token,
|
||||||
|
|
||||||
logger: log.WithField("component", "ak-api-controller"),
|
logger: log,
|
||||||
|
|
||||||
reloadOffset: time.Duration(rand.Intn(10)) * time.Second,
|
reloadOffset: time.Duration(rand.Intn(10)) * time.Second,
|
||||||
|
|
||||||
|
|
|
@ -40,7 +40,7 @@ func (ac *APIController) initWS(pbURL url.URL, outpostUUID strfmt.UUID) {
|
||||||
}
|
}
|
||||||
ws.Dial(fmt.Sprintf(pathTemplate, scheme, pbURL.Host, outpostUUID.String()), header)
|
ws.Dial(fmt.Sprintf(pathTemplate, scheme, pbURL.Host, outpostUUID.String()), header)
|
||||||
|
|
||||||
ac.logger.WithField("component", "ak-ws").WithField("outpost", outpostUUID.String()).Debug("connecting to authentik")
|
ac.logger.WithField("logger", "authentik.outpost.ak-ws").WithField("outpost", outpostUUID.String()).Debug("connecting to authentik")
|
||||||
|
|
||||||
ac.wsConn = ws
|
ac.wsConn = ws
|
||||||
// Send hello message with our version
|
// Send hello message with our version
|
||||||
|
@ -52,7 +52,7 @@ func (ac *APIController) initWS(pbURL url.URL, outpostUUID strfmt.UUID) {
|
||||||
}
|
}
|
||||||
err := ws.WriteJSON(msg)
|
err := ws.WriteJSON(msg)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
ac.logger.WithField("component", "ak-ws").WithError(err).Warning("Failed to hello to authentik")
|
ac.logger.WithField("logger", "authentik.outpost.ak-ws").WithError(err).Warning("Failed to hello to authentik")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -13,7 +13,12 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
func doGlobalSetup(config map[string]interface{}) {
|
func doGlobalSetup(config map[string]interface{}) {
|
||||||
log.SetFormatter(&log.JSONFormatter{})
|
log.SetFormatter(&log.JSONFormatter{
|
||||||
|
FieldMap: log.FieldMap{
|
||||||
|
log.FieldKeyMsg: "event",
|
||||||
|
log.FieldKeyTime: "timestamp",
|
||||||
|
},
|
||||||
|
})
|
||||||
switch config[ConfigLogLevel].(string) {
|
switch config[ConfigLogLevel].(string) {
|
||||||
case "debug":
|
case "debug":
|
||||||
log.SetLevel(log.DebugLevel)
|
log.SetLevel(log.DebugLevel)
|
||||||
|
|
|
@ -31,7 +31,7 @@ func (s *Server) bundleProviders(providers []*models.ProxyOutpostConfig) []*prov
|
||||||
bundles[idx] = &providerBundle{
|
bundles[idx] = &providerBundle{
|
||||||
s: s,
|
s: s,
|
||||||
Host: externalHost.Host,
|
Host: externalHost.Host,
|
||||||
log: log.WithField("component", "proxy-bundle").WithField("provider", provider.Name),
|
log: log.WithField("logger", "authentik.outpost.proxy-bundle").WithField("provider", provider.Name),
|
||||||
}
|
}
|
||||||
bundles[idx].Build(provider)
|
bundles[idx].Build(provider)
|
||||||
}
|
}
|
||||||
|
|
|
@ -129,7 +129,7 @@ func (pb *providerBundle) Build(provider *models.ProxyOutpostConfig) {
|
||||||
log.Printf("%s", err)
|
log.Printf("%s", err)
|
||||||
os.Exit(1)
|
os.Exit(1)
|
||||||
}
|
}
|
||||||
oauthproxy, err := NewOAuthProxy(opts)
|
oauthproxy, err := NewOAuthProxy(opts, provider)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Errorf("ERROR: Failed to initialise OAuth2 Proxy: %v", err)
|
log.Errorf("ERROR: Failed to initialise OAuth2 Proxy: %v", err)
|
||||||
os.Exit(1)
|
os.Exit(1)
|
||||||
|
|
|
@ -95,7 +95,7 @@ type loggingHandler struct {
|
||||||
func LoggingHandler(h http.Handler) http.Handler {
|
func LoggingHandler(h http.Handler) http.Handler {
|
||||||
return loggingHandler{
|
return loggingHandler{
|
||||||
handler: h,
|
handler: h,
|
||||||
logger: log.WithField("component", "proxy-http-server"),
|
logger: log.WithField("logger", "authentik.outpost.proxy-http-server"),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -104,19 +104,17 @@ func (h loggingHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
|
||||||
url := *req.URL
|
url := *req.URL
|
||||||
responseLogger := &responseLogger{w: w}
|
responseLogger := &responseLogger{w: w}
|
||||||
h.handler.ServeHTTP(responseLogger, req)
|
h.handler.ServeHTTP(responseLogger, req)
|
||||||
duration := float64(time.Since(t)) / float64(time.Second)
|
duration := float64(time.Since(t)) / float64(time.Millisecond)
|
||||||
h.logger.WithFields(log.Fields{
|
h.logger.WithFields(log.Fields{
|
||||||
"Client": req.RemoteAddr,
|
"host": req.RemoteAddr,
|
||||||
"Host": req.Host,
|
"vhost": req.Host,
|
||||||
"Protocol": req.Proto,
|
"request_protocol": req.Proto,
|
||||||
"RequestDuration": fmt.Sprintf("%0.3f", duration),
|
"runtime": fmt.Sprintf("%0.3f", duration),
|
||||||
"RequestMethod": req.Method,
|
"method": req.Method,
|
||||||
"ResponseSize": responseLogger.Size(),
|
"size": responseLogger.Size(),
|
||||||
"StatusCode": responseLogger.Status(),
|
"status": responseLogger.Status(),
|
||||||
"Timestamp": t,
|
"upstream": responseLogger.upstream,
|
||||||
"Upstream": responseLogger.upstream,
|
"request_useragent": req.UserAgent(),
|
||||||
"UserAgent": req.UserAgent(),
|
"request_username": responseLogger.authInfo,
|
||||||
"Username": responseLogger.authInfo,
|
|
||||||
}).Info(url.RequestURI())
|
}).Info(url.RequestURI())
|
||||||
// logger.PrintReq(responseLogger.authInfo, responseLogger.upstream, req, url, t, , )
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -21,6 +21,7 @@ import (
|
||||||
"github.com/oauth2-proxy/oauth2-proxy/pkg/sessions"
|
"github.com/oauth2-proxy/oauth2-proxy/pkg/sessions"
|
||||||
"github.com/oauth2-proxy/oauth2-proxy/pkg/upstream"
|
"github.com/oauth2-proxy/oauth2-proxy/pkg/upstream"
|
||||||
"github.com/oauth2-proxy/oauth2-proxy/providers"
|
"github.com/oauth2-proxy/oauth2-proxy/providers"
|
||||||
|
"goauthentik.io/outpost/pkg/models"
|
||||||
|
|
||||||
log "github.com/sirupsen/logrus"
|
log "github.com/sirupsen/logrus"
|
||||||
)
|
)
|
||||||
|
@ -92,8 +93,8 @@ type OAuthProxy struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewOAuthProxy creates a new instance of OAuthProxy from the options provided
|
// NewOAuthProxy creates a new instance of OAuthProxy from the options provided
|
||||||
func NewOAuthProxy(opts *options.Options) (*OAuthProxy, error) {
|
func NewOAuthProxy(opts *options.Options, provider *models.ProxyOutpostConfig) (*OAuthProxy, error) {
|
||||||
logger := log.WithField("component", "proxy").WithField("client-id", opts.ClientID)
|
logger := log.WithField("logger", "authentik.outpost.proxy").WithField("provider", provider.Name)
|
||||||
sessionStore, err := sessions.NewSessionStore(&opts.Session, &opts.Cookie)
|
sessionStore, err := sessions.NewSessionStore(&opts.Session, &opts.Cookie)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("error initialising session store: %v", err)
|
return nil, fmt.Errorf("error initialising session store: %v", err)
|
||||||
|
@ -434,6 +435,7 @@ func (p *OAuthProxy) addHeadersForProxying(rw http.ResponseWriter, req *http.Req
|
||||||
authVal := b64.StdEncoding.EncodeToString([]byte(username + ":" + password))
|
authVal := b64.StdEncoding.EncodeToString([]byte(username + ":" + password))
|
||||||
req.Header["Authorization"] = []string{fmt.Sprintf("Basic %s", authVal)}
|
req.Header["Authorization"] = []string{fmt.Sprintf("Basic %s", authVal)}
|
||||||
}
|
}
|
||||||
|
rw.Header().Set("GAP-Auth", session.PreferredUsername)
|
||||||
// Check if user has additional headers set that we should sent
|
// Check if user has additional headers set that we should sent
|
||||||
if additionalHeaders, ok := userAttributes["additionalHeaders"].(map[string]string); ok {
|
if additionalHeaders, ok := userAttributes["additionalHeaders"].(map[string]string); ok {
|
||||||
if additionalHeaders == nil {
|
if additionalHeaders == nil {
|
||||||
|
|
|
@ -6,6 +6,7 @@ import (
|
||||||
"errors"
|
"errors"
|
||||||
"net"
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
log "github.com/sirupsen/logrus"
|
log "github.com/sirupsen/logrus"
|
||||||
|
@ -30,7 +31,7 @@ func NewServer(ac *ak.APIController) *Server {
|
||||||
}
|
}
|
||||||
return &Server{
|
return &Server{
|
||||||
Handlers: make(map[string]*providerBundle),
|
Handlers: make(map[string]*providerBundle),
|
||||||
logger: log.WithField("component", "proxy-http-server"),
|
logger: log.WithField("logger", "authentik.outpost.proxy-http-server"),
|
||||||
defaultCert: defaultCert,
|
defaultCert: defaultCert,
|
||||||
ak: ac,
|
ak: ac,
|
||||||
}
|
}
|
||||||
|
@ -50,12 +51,15 @@ func (s *Server) handler(w http.ResponseWriter, r *http.Request) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
s.logger.WithField("host", r.Host).Debug("Host header does not match any we know of")
|
// Get a list of all host keys we know
|
||||||
s.logger.Printf("%v+\n", s.Handlers)
|
hostKeys := make([]string, 0, len(s.Handlers))
|
||||||
w.WriteHeader(400)
|
for k := range s.Handlers {
|
||||||
|
hostKeys = append(hostKeys, k)
|
||||||
|
}
|
||||||
|
s.logger.WithField("host", r.Host).WithField("known-hosts", strings.Join(hostKeys, ", ")).Debug("Host header does not match any we know of")
|
||||||
|
w.WriteHeader(404)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
s.logger.WithField("host", r.Host).Debug("passing request from host head")
|
|
||||||
handler.ServeHTTP(w, r)
|
handler.ServeHTTP(w, r)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Reference in a new issue