From 0181e484a71fe98864a2c96866b3594970116612 Mon Sep 17 00:00:00 2001 From: apmmachine <58790750+apmmachine@users.noreply.github.com> Date: Tue, 13 Sep 2022 01:35:12 -0400 Subject: [PATCH 1/5] [Automation] Update elastic stack version to 8.5.0-37418cf3 for testing (#1855) Co-authored-by: apmmachine --- dev-tools/integration/.env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev-tools/integration/.env b/dev-tools/integration/.env index ba2f075611..68ea81a6c9 100644 --- a/dev-tools/integration/.env +++ b/dev-tools/integration/.env @@ -1,4 +1,4 @@ -ELASTICSEARCH_VERSION=8.5.0-589a4a10-SNAPSHOT +ELASTICSEARCH_VERSION=8.5.0-37418cf3-SNAPSHOT ELASTICSEARCH_USERNAME=elastic ELASTICSEARCH_PASSWORD=changeme TEST_ELASTICSEARCH_HOSTS=localhost:9200 \ No newline at end of file From ee6e5ca89812af568edc5afb6d2d558fd4e0c3d3 Mon Sep 17 00:00:00 2001 From: apmmachine <58790750+apmmachine@users.noreply.github.com> Date: Wed, 14 Sep 2022 01:46:34 -0400 Subject: [PATCH 2/5] [Automation] Update elastic stack version to 8.5.0-fcf3d4c2 for testing (#1862) Co-authored-by: apmmachine --- dev-tools/integration/.env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev-tools/integration/.env b/dev-tools/integration/.env index 68ea81a6c9..b9ca5e343c 100644 --- a/dev-tools/integration/.env +++ b/dev-tools/integration/.env @@ -1,4 +1,4 @@ -ELASTICSEARCH_VERSION=8.5.0-37418cf3-SNAPSHOT +ELASTICSEARCH_VERSION=8.5.0-fcf3d4c2-SNAPSHOT ELASTICSEARCH_USERNAME=elastic ELASTICSEARCH_PASSWORD=changeme TEST_ELASTICSEARCH_HOSTS=localhost:9200 \ No newline at end of file From 215815d5f7c853b18d89f2edc35e62964b218af5 Mon Sep 17 00:00:00 2001 From: apmmachine <58790750+apmmachine@users.noreply.github.com> Date: Thu, 15 Sep 2022 01:35:00 -0400 Subject: [PATCH 3/5] [Automation] Update elastic stack version to 8.5.0-c7913db3 for testing (#1868) Co-authored-by: apmmachine --- dev-tools/integration/.env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev-tools/integration/.env b/dev-tools/integration/.env index b9ca5e343c..8d460e721f 100644 --- a/dev-tools/integration/.env +++ b/dev-tools/integration/.env @@ -1,4 +1,4 @@ -ELASTICSEARCH_VERSION=8.5.0-fcf3d4c2-SNAPSHOT +ELASTICSEARCH_VERSION=8.5.0-c7913db3-SNAPSHOT ELASTICSEARCH_USERNAME=elastic ELASTICSEARCH_PASSWORD=changeme TEST_ELASTICSEARCH_HOSTS=localhost:9200 \ No newline at end of file From c51c26f955fa6acbeeeb1807ba6daabee70d09c5 Mon Sep 17 00:00:00 2001 From: Josh Dover <1813008+joshdover@users.noreply.github.com> Date: Thu, 15 Sep 2022 20:18:01 +0200 Subject: [PATCH 4/5] Add error detail to catch-all HTTP response (#1854) --- CHANGELOG.next.asciidoc | 1 + internal/pkg/api/error.go | 1 + 2 files changed, 2 insertions(+) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index cc4ec9c3d7..d10b586b08 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -4,6 +4,7 @@ - Give a grace period when starting the unenroll monitor. {issue}1500[1500] - Fixes a race condition between the unenroller goroutine and the main goroutine for the coordinator monitor. {issues}1738[1738] - Remove events from agent checkin body. {issue}1774[1774] +- Add error detail to catch-all HTTP error response. {pull}1854[1854] ==== New Features diff --git a/internal/pkg/api/error.go b/internal/pkg/api/error.go index e349adf172..a044d6cdb7 100644 --- a/internal/pkg/api/error.go +++ b/internal/pkg/api/error.go @@ -161,6 +161,7 @@ func NewHTTPErrResp(err error) HTTPErrResp { return HTTPErrResp{ StatusCode: http.StatusBadRequest, Error: "BadRequest", + Message: err.Error(), Level: zerolog.InfoLevel, } } From 33b812cd1676f7a29e3e19f3bd787dcfc2622682 Mon Sep 17 00:00:00 2001 From: Josh Dover <1813008+joshdover@users.noreply.github.com> Date: Thu, 15 Sep 2022 20:18:31 +0200 Subject: [PATCH 5/5] Make authc log debug and add cache hit field (#1870) --- CHANGELOG.next.asciidoc | 1 + internal/pkg/api/auth.go | 15 ++++++++++----- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index d10b586b08..8eade50a03 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -4,6 +4,7 @@ - Give a grace period when starting the unenroll monitor. {issue}1500[1500] - Fixes a race condition between the unenroller goroutine and the main goroutine for the coordinator monitor. {issues}1738[1738] - Remove events from agent checkin body. {issue}1774[1774] +- Improve authc debug logging. {pull}1870[1870] - Add error detail to catch-all HTTP error response. {pull}1854[1854] ==== New Features diff --git a/internal/pkg/api/auth.go b/internal/pkg/api/auth.go index d83c7d8aec..9e9151c726 100644 --- a/internal/pkg/api/auth.go +++ b/internal/pkg/api/auth.go @@ -33,6 +33,8 @@ var ( func authAPIKey(r *http.Request, bulker bulk.Bulk, c cache.Cache) (*apikey.APIKey, error) { span, ctx := apm.StartSpan(r.Context(), "authAPIKey", "auth") defer span.End() + start := time.Now() + reqID := r.Header.Get(logger.HeaderRequestID) key, err := apikey.ExtractAPIKey(r) if err != nil { @@ -41,15 +43,17 @@ func authAPIKey(r *http.Request, bulker bulk.Bulk, c cache.Cache) (*apikey.APIKe if c.ValidAPIKey(*key) { span.Context.SetLabel("api_key_cache_hit", true) + log.Debug(). + Str("id", key.ID). + Str(ECSHTTPRequestID, reqID). + Int64(ECSEventDuration, time.Since(start).Nanoseconds()). + Bool("fleet.api_key.cache_hit", true). + Msg("ApiKey authenticated") return key, nil } else { span.Context.SetLabel("api_key_cache_hit", false) } - reqID := r.Header.Get(logger.HeaderRequestID) - - start := time.Now() - info, err := bulker.APIKeyAuth(ctx, *key) if err != nil { @@ -62,7 +66,7 @@ func authAPIKey(r *http.Request, bulker bulk.Bulk, c cache.Cache) (*apikey.APIKe return nil, err } - log.Trace(). + log.Debug(). Str("id", key.ID). Str(ECSHTTPRequestID, reqID). Int64(ECSEventDuration, time.Since(start).Nanoseconds()). @@ -70,6 +74,7 @@ func authAPIKey(r *http.Request, bulker bulk.Bulk, c cache.Cache) (*apikey.APIKe Strs("roles", info.Roles). Bool("enabled", info.Enabled). RawJSON("meta", info.Metadata). + Bool("fleet.api_key.cache_hit", false). Msg("ApiKey authenticated") c.SetAPIKey(*key, info.Enabled)