From 8356d29fcda0a3bc37d4562ddaee43a5e68e3578 Mon Sep 17 00:00:00 2001 From: Joel Speed Date: Wed, 6 Oct 2021 17:12:03 +0100 Subject: [PATCH] Fixup main --- logger.go | 6 +++--- main.go | 13 +++++++++++-- oauthproxy.go | 24 ++++++++++++------------ validator.go | 2 +- watcher.go | 8 ++++---- 5 files changed, 31 insertions(+), 22 deletions(-) diff --git a/logger.go b/logger.go index b55466c8..4285aabe 100644 --- a/logger.go +++ b/logger.go @@ -6,7 +6,7 @@ import ( ) var ( - infoLogger = klog.V(logger.CoreInfo) - debugLogger = klog.V(logger.CoreDebug) - traceLogger = klog.V(logger.CoreTrace) + infoLogger = func() klog.Verbose { return klog.V(logger.CoreInfo) } + debugLogger = func() klog.Verbose { return klog.V(logger.CoreDebug) } + traceLogger = func() klog.Verbose { return klog.V(logger.CoreTrace) } ) diff --git a/main.go b/main.go index 6030279e..339a9670 100644 --- a/main.go +++ b/main.go @@ -52,12 +52,12 @@ func main() { // When running with trace logging, start by logging the observed config. // This will help users to determine if they have configured the proxy correctly. // NOTE: This data is not scrubbed and may contain secrets! - if traceLogger.Enabled() { + if traceLogger().Enabled() { config, err := json.Marshal(opts) if err != nil { klog.Fatalf("ERROR: %v", err) } - traceLogger.Infof("Observed configuration: %s", string(config)) + traceLogger().Infof("Observed configuration: %s", string(config)) } if *convertConfig { @@ -199,4 +199,13 @@ func configureKlog(logLevel int) { } klog.SetOutput(logger.StdKlogErrorLogger) klog.SetOutputBySeverity("INFO", logger.StdKlogInfoLogger) + + klog.V(1).Infof("Klog level 1") + klog.V(2).Infof("Klog level 2") + klog.V(3).Infof("Klog level 3") + klog.V(4).Infof("Klog level 4") + klog.V(5).Infof("Klog level 5") + klog.V(6).Infof("Klog level 6") + klog.V(7).Infof("Klog level 7") + klog.V(8).Infof("Klog level 8") } diff --git a/oauthproxy.go b/oauthproxy.go index de54f2bb..82a4c6d6 100644 --- a/oauthproxy.go +++ b/oauthproxy.go @@ -106,7 +106,7 @@ func NewOAuthProxy(opts *options.Options, validator func(string) bool) (*OAuthPr var basicAuthValidator basic.Validator if opts.HtpasswdFile != "" { - infoLogger.Infof("using htpasswd file: %s", opts.HtpasswdFile) + infoLogger().Infof("using htpasswd file: %s", opts.HtpasswdFile) var err error basicAuthValidator, err = basic.NewHTPasswdValidator(opts.HtpasswdFile) if err != nil { @@ -135,9 +135,9 @@ func NewOAuthProxy(opts *options.Options, validator func(string) bool) (*OAuthPr } if opts.SkipJwtBearerTokens { - infoLogger.Infof("Skipping JWT tokens from configured OIDC issuer: %q", opts.Providers[0].OIDCConfig.IssuerURL) + infoLogger().Infof("Skipping JWT tokens from configured OIDC issuer: %q", opts.Providers[0].OIDCConfig.IssuerURL) for _, issuer := range opts.ExtraJwtIssuers { - infoLogger.Infof("Skipping JWT tokens from extra JWT issuer: %q", issuer) + infoLogger().Infof("Skipping JWT tokens from extra JWT issuer: %q", issuer) } } redirectURL := opts.GetRedirectURL() @@ -145,13 +145,13 @@ func NewOAuthProxy(opts *options.Options, validator func(string) bool) (*OAuthPr redirectURL.Path = fmt.Sprintf("%s/callback", opts.ProxyPrefix) } - infoLogger.Infof("OAuthProxy configured for %s Client ID: %s", opts.GetProvider().Data().ProviderName, opts.Providers[0].ClientID) + infoLogger().Infof("OAuthProxy configured for %s Client ID: %s", opts.GetProvider().Data().ProviderName, opts.Providers[0].ClientID) refresh := "disabled" if opts.Cookie.Refresh != time.Duration(0) { refresh = fmt.Sprintf("after %s", opts.Cookie.Refresh) } - infoLogger.Infof("Cookie settings: name:%s secure(https):%v httponly:%v expiry:%s domains:%s path:%s samesite:%s refresh:%s", opts.Cookie.Name, opts.Cookie.Secure, opts.Cookie.HTTPOnly, opts.Cookie.Expire, strings.Join(opts.Cookie.Domains, ","), opts.Cookie.Path, opts.Cookie.SameSite, refresh) + infoLogger().Infof("Cookie settings: name:%s secure(https):%v httponly:%v expiry:%s domains:%s path:%s samesite:%s refresh:%s", opts.Cookie.Name, opts.Cookie.Secure, opts.Cookie.HTTPOnly, opts.Cookie.Expire, strings.Join(opts.Cookie.Domains, ","), opts.Cookie.Path, opts.Cookie.SameSite, refresh) trustedIPs := ip.NewNetSet() for _, ipStr := range opts.TrustedIPs { @@ -425,7 +425,7 @@ func buildRoutesAllowlist(opts *options.Options) ([]allowedRoute, error) { if err != nil { return nil, err } - infoLogger.Infof("Skipping auth - Method: ALL | Path: %s", path) + infoLogger().Infof("Skipping auth - Method: ALL | Path: %s", path) routes = append(routes, allowedRoute{ method: "", pathRegex: compiledRegex, @@ -451,7 +451,7 @@ func buildRoutesAllowlist(opts *options.Options) ([]allowedRoute, error) { if err != nil { return nil, err } - infoLogger.Infof("Skipping auth - Method: %s | Path: %s", method, path) + infoLogger().Infof("Skipping auth - Method: %s | Path: %s", method, path) routes = append(routes, allowedRoute{ method: method, pathRegex: compiledRegex, @@ -491,7 +491,7 @@ func (p *OAuthProxy) ErrorPage(rw http.ResponseWriter, req *http.Request, code i redirectURL = "/" } - debugLogger.Infof("Rendering error page (status %d) for application error: %v", code, appError) + debugLogger().Infof("Rendering error page (status %d) for application error: %v", code, appError) scope := middlewareapi.GetRequestScope(req) p.pageWriter.WriteErrorPage(rw, pagewriter.ErrorPageOpts{ @@ -507,7 +507,7 @@ func (p *OAuthProxy) ErrorPage(rw http.ResponseWriter, req *http.Request, code i func (p *OAuthProxy) IsAllowedRequest(req *http.Request) bool { isPreflightRequestAllowed := p.skipAuthPreflight && req.Method == "OPTIONS" if isPreflightRequestAllowed { - traceLogger.Infof("Request %s: Allowed as preflight request", middlewareapi.GetRequestScope(req).RequestID) + traceLogger().Infof("Request %s: Allowed as preflight request", middlewareapi.GetRequestScope(req).RequestID) } return isPreflightRequestAllowed || p.isAllowedRoute(req) || p.isTrustedIP(req) } @@ -516,7 +516,7 @@ func (p *OAuthProxy) IsAllowedRequest(req *http.Request) bool { func (p *OAuthProxy) isAllowedRoute(req *http.Request) bool { for _, route := range p.allowedRoutes { if (route.method == "" || req.Method == route.method) && route.pathRegex.MatchString(req.URL.Path) { - traceLogger.Infof("Request %s: Allowed by route match", middlewareapi.GetRequestScope(req).RequestID) + traceLogger().Infof("Request %s: Allowed by route match", middlewareapi.GetRequestScope(req).RequestID) return true } } @@ -541,7 +541,7 @@ func (p *OAuthProxy) isTrustedIP(req *http.Request) bool { } if p.trustedIPs.Has(remoteAddr) { - traceLogger.Infof("Request %s: allowed by trusted IP", middlewareapi.GetRequestScope(req).RequestID) + traceLogger().Infof("Request %s: allowed by trusted IP", middlewareapi.GetRequestScope(req).RequestID) return true } return false @@ -767,7 +767,7 @@ func (p *OAuthProxy) OAuthCallback(rw http.ResponseWriter, req *http.Request) { p.provider.ValidateSession(req.Context(), session) if !p.redirectValidator.IsValidRedirect(appRedirect) { - debugLogger.Infof("Request %s: Rejected invalid redirect: %s", middlewareapi.GetRequestScope(req).RequestID, appRedirect) + debugLogger().Infof("Request %s: Rejected invalid redirect: %s", middlewareapi.GetRequestScope(req).RequestID, appRedirect) appRedirect = "/" } diff --git a/validator.go b/validator.go index 4bf7376a..ebb75737 100644 --- a/validator.go +++ b/validator.go @@ -25,7 +25,7 @@ func NewUserMap(usersFile string, done <-chan bool, onUpdate func()) *UserMap { m := make(map[string]bool) atomic.StorePointer(&um.m, unsafe.Pointer(&m)) // #nosec G103 if usersFile != "" { - infoLogger.Infof("Using authenticated emails file %s", usersFile) + infoLogger().Infof("Using authenticated emails file %s", usersFile) WatchForUpdates(usersFile, done, func() { um.LoadAuthenticatedEmailsFile() onUpdate() diff --git a/watcher.go b/watcher.go index cfa4d98c..adf74d88 100644 --- a/watcher.go +++ b/watcher.go @@ -26,7 +26,7 @@ func WaitForReplacement(filename string, op fsnotify.Op, for { if _, err := os.Stat(filename); err == nil { if err := watcher.Add(filename); err == nil { - infoLogger.Infof("watching resumed for %s", filename) + infoLogger().Infof("watching resumed for %s", filename) return } } @@ -51,7 +51,7 @@ func WatchForUpdates(filename string, done <-chan bool, action func()) { for { select { case <-done: - infoLogger.Infof("Shutting down watcher for: %s", filename) + infoLogger().Infof("Shutting down watcher for: %s", filename) return case event := <-watcher.Events: // On Arch Linux, it appears Chmod events precede Remove events, @@ -60,7 +60,7 @@ func WatchForUpdates(filename string, done <-chan bool, action func()) { // UserMap.LoadAuthenticatedEmailsFile()) crashes when the file // can't be opened. if event.Op&(fsnotify.Remove|fsnotify.Rename|fsnotify.Chmod) != 0 { - infoLogger.Infof("Watching interrupted on event: %s", event) + infoLogger().Infof("Watching interrupted on event: %s", event) err = watcher.Remove(filename) if err != nil { klog.Errorf("error removing watcher on %s: %v", filename, err) @@ -77,5 +77,5 @@ func WatchForUpdates(filename string, done <-chan bool, action func()) { if err = watcher.Add(filename); err != nil { klog.Fatalf("Failed to add %s to watcher: %v", filename, err) } - infoLogger.Infof("Watching %s for updates", filename) + infoLogger().Infof("Watching %s for updates", filename) }