Skip to content

support setting a logger programatically #134

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Jul 17, 2025
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 15 additions & 15 deletions pkg/authz/authz.go
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ func WithAuthorization(handler, failed http.Handler, restMapper meta.RESTMapper,

matchingRules := (*matcher).Match(input.Request)
if len(matchingRules) == 0 {
klog.V(3).InfoSDepth(1,
klog.FromContext(ctx).V(3).Info(
"request did not match any authorization rule",
"verb", input.Request.Verb,
"APIGroup", input.Request.APIGroup,
Expand All @@ -49,13 +49,13 @@ func WithAuthorization(handler, failed http.Handler, restMapper meta.RESTMapper,
// Apply CEL condition filtering
filteredRules, err := rules.FilterRulesWithCELConditions(matchingRules, input)
if err != nil {
klog.V(2).ErrorS(err, "error evaluating CEL conditions", "input", input)
klog.FromContext(ctx).V(2).Error(err, "error evaluating CEL conditions", "input", input)
handleError(w, failed, req, err)
return
}

if len(filteredRules) == 0 {
klog.V(3).InfoSDepth(1,
klog.FromContext(ctx).V(3).Info(
"request matched authorization rule/s but failed CEL conditions",
"verb", input.Request.Verb,
"APIGroup", input.Request.APIGroup,
Expand All @@ -65,40 +65,40 @@ func WithAuthorization(handler, failed http.Handler, restMapper meta.RESTMapper,
return
}

klog.V(3).InfoSDepth(1,
klog.FromContext(ctx).V(3).Info(
"request matched authorization rule/s and passed CEL conditions",
"verb", input.Request.Verb,
"APIGroup", input.Request.APIGroup,
"APIVersion", input.Request.APIVersion,
"Resource", input.Request.Resource)
klog.V(4).InfoSDepth(1, "authorization input details", "input", input)
klog.FromContext(ctx).V(4).Info("authorization input details", "input", input)

// run all checks for this request
if err := runAllMatchingChecks(ctx, filteredRules, input, permissionsClient); err != nil {
klog.V(2).ErrorS(err, "input failed authorization checks", "input", input)
klog.FromContext(ctx).V(2).Error(err, "input failed authorization checks", "input", input)
handleError(w, failed, req, err)
return
}
klog.V(3).InfoSDepth(1, "input passed all authorization checks", "input", input)
klog.FromContext(ctx).V(3).Info("input passed all authorization checks", "input", input)

// if this request is a write, perform the dual write and return
rule, err := getSingleUpdateRule(filteredRules)
if err != nil {
klog.V(2).ErrorS(err, "unable to get single update rule", "input", input)
klog.FromContext(ctx).V(2).Error(err, "unable to get single update rule", "input", input)
handleError(w, failed, req, err)
return
}

if rule != nil {
klog.V(4).InfoSDepth(1, "single update rule", "rule", rule)
klog.FromContext(ctx).V(4).Info("single update rule", "rule", rule)
if err := performUpdate(ctx, w, rule, input, req.RequestURI, workflowClient); err != nil {
klog.V(2).ErrorS(err, "failed to perform update", "input", input)
klog.FromContext(ctx).V(2).Error(err, "failed to perform update", "input", input)
handleError(w, failed, req, err)
return
}
return
} else {
klog.V(4).InfoSDepth(1, "no update rule found for request")
klog.FromContext(ctx).V(4).Info("no update rule found for request")
}

// all other requests are filtered by matching rules
Expand Down Expand Up @@ -186,12 +186,12 @@ func createPostCheckHandler(handler, failed http.Handler, ctx context.Context, f
if recorder.statusCode >= 200 && recorder.statusCode < 300 {
// Run PostChecks
if err := runAllMatchingPostChecks(ctx, filteredRules, input, permissionsClient); err != nil {
klog.V(2).ErrorS(err, "input failed post-authorization checks", "input", input)
klog.FromContext(ctx).V(2).Error(err, "input failed post-authorization checks", "input", input)
// Return the original error handler instead of the successful response
failed.ServeHTTP(w, req)
return
}
klog.V(3).InfoSDepth(1, "input passed all post-authorization checks", "input", input)
klog.FromContext(ctx).V(3).Info("input passed all post-authorization checks", "input", input)

// Only write the successful response if PostChecks passed
recorder.emitResponseToWriter(w)
Expand All @@ -216,7 +216,7 @@ func createPostFilterHandler(handler, failed http.Handler, ctx context.Context,
if input.Request.Verb == "list" {
// Handle list operations
if err := filterListResponse(ctx, recorder, filteredRules, input, permissionsClient); err != nil {
klog.V(2).ErrorS(err, "failed to filter list response", "input", input)
klog.FromContext(ctx).V(2).Error(err, "failed to filter list response", "input", input)
failed.ServeHTTP(w, req)
return
}
Expand Down Expand Up @@ -288,7 +288,7 @@ func (r *responseRecorder) emitResponseToWriter(w http.ResponseWriter) {
// Write body
if len(r.body) > 0 {
if _, err := w.Write(r.body); err != nil {
klog.ErrorS(err, "failed to write response body", "status_code", statusCode, "body_length", len(r.body))
klog.Error(err, "failed to write response body", "status_code", statusCode, "body_length", len(r.body))
}
}
}
Expand Down
6 changes: 5 additions & 1 deletion pkg/proxy/options.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ import (
v1 "github.com/authzed/authzed-go/proto/authzed/api/v1"
"github.com/authzed/grpcutil"
"github.com/authzed/spicedb/pkg/cmd/server"
"github.com/go-logr/logr"
"github.com/spf13/pflag"
"google.golang.org/grpc"
"google.golang.org/grpc/backoff"
Expand Down Expand Up @@ -47,6 +48,7 @@ type Options struct {
SecureServing apiserveroptions.SecureServingOptionsWithLoopback `debugmap:"hidden"`
Authentication Authentication `debugmap:"hidden"`
Logs *logs.Options `debugmap:"hidden"`
CustomLogger logr.Logger

// TODO: use genericclioptions.ConfigFlags instead of this?
BackendKubeconfigPath string `debugmap:"visible"`
Expand Down Expand Up @@ -151,7 +153,9 @@ type CompletedConfig struct {
}

func (o *Options) Complete(ctx context.Context) (*CompletedConfig, error) {
if err := logsv1.ValidateAndApply(o.Logs, utilfeature.DefaultFeatureGate); err != nil {
if (o.CustomLogger != logr.Logger{}) {
klog.SetLoggerWithOptions(o.CustomLogger, klog.ContextualLogger(true))
} else if err := logsv1.ValidateAndApply(o.Logs, utilfeature.DefaultFeatureGate); err != nil {
return nil, err
}

Expand Down
2 changes: 1 addition & 1 deletion pkg/proxy/server.go
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@ func NewServer(ctx context.Context, c *CompletedConfig) (*Server, error) {
}

clusterHost = restConfig.Host
klog.FromContext(ctx).WithValues("host", clusterHost).Error(err, "created upstream client")
klog.FromContext(ctx).WithValues("host", clusterHost).Info("created upstream client")

mux := http.NewServeMux()

Expand Down
Loading