Implement structured logging for gRPC errors on SPIRE agent

[Neniel]

Pull Request check list

• Commit conforms to CONTRIBUTING.md?
• Proper tests/regressions included?
• Documentation updated?

Affected functionality

SPIRE agent's client

Description of change

This pull request is intended to improve logging of gRPC errors from the SPIRE agent by separating code and message.

Which issue this PR fixes

fixes #2613

[rturner3]

Thanks for sending this, @Neniel! I had a couple small suggestions, but overall this is headed in the right direction.

[MarcosDY]

can you add a helper function to reduce code? (and use constants), something like:

func addErrorFields(log logrus.FieldLogger, err error) logrus.FieldLogger {
   if s, ok := status.FromError(err); ok {
        log = log.WithFields(logrus.Fields{                
		telemetry.StatusCode:    s.Code(),
		telemetry.StatusMessage: s.Message(),
	})
   }
   return log
}

and you can call

   log := addErrorFields(c.c.Log, err)

[Neniel]

Yes, that's what I asked Taylor in a previous comment but I'm not sure where to create that function. Is there a helper package or something similar that is suitable to hold this kind of stuff?

[MarcosDY]

add as private on the same file, or do you think you need to use in on different packages?

[Neniel]

For now it will only be used on the same package.

[Neniel]

Fixed on 6c8d983, let me know in case there's more suggestions :)

[rturner3]

As addErrorFields() is a private method of client, I think it would be better to test that each public method in client produces the expected error logs when the RPCs those public methods call return errors. However, I acknowledge that would significantly increase the scope of this PR because there is no testing of log messages in this struct today. We do similar log assertions in other parts of the codebase, but it looks like it was missed in this package for some reason.

If you feel up for adding that test support, it would be much appreciated since there are currently uncovered branches, and it's a bit difficult to tell that the usages of this new method are working as expected. If not, I think it would be good to create a follow-up issue and link it as a comment somewhere in this file (maybe above each test that is covering error cases).

[Neniel]

I've just started working on that. Please check 29961ed for the first tests that covers some cases. I'll be adding the remaining ones.

[Neniel]

Please dismiss my previous comment, I need to re-write the tests due to the changes of the ex addErrorFields method.

[Neniel]

I've just updated the new tests at 7d46273

[rturner3]

Related to my suggestion below, if we check for err == nil in this new method, we can call it once above this switch block, rather than for each error log in the switch cases.

[Neniel]

It would be called once for each one of the federatedBundles that are being processed and use the logger that that method returns in each one of the cases, right?

[rturner3]

Right, if you declare the local logger with the error fields before the switch block within the for loop, it will only use that logger for the federated bundle currently being examined.

[Neniel]

Fixed at 55c88fa

[rturner3]

Can we also test that there is an error level log with the expected error fields?

[rturner3]

Can be done separately to address #4474.

[rturner3]

Most of the code in this test is the same as in TestNewX509SVIDs. Can we re-use the existing setup logic in TestNewX509SVIDs and refactor it to be a table-driven test with this new test case?

[Neniel]

Done at 5818be9

[rturner3]

Can we also test that there is an error level log with the expected error fields?

[rturner3]

These fields look mixed up, is it intentional?

[Neniel]

Thanks. I forgot to change it after copying the previous test. Fixed at 7488427

[rturner3]

Can we also test that there is an error level log with the expected error fields?

[MarcosDY]

logger variable is not used to add fields, and setted with a new one, so WithError is missed,
you must use logger.WithFields instead

[Neniel]

Fixed at 7b9fc68

[rturner3]

Hey @Neniel, I see there's some commits from main that somehow got pulled into the branch supporting this PR. It looks like they were interleaved between the changes you're making, maybe there was a rebase that got messed up at some point?

In any case, the branch history for this PR can be cleaned up to just the changes you're proposing by running git rebase -i locally in your branch, and marking each commit unrelated to this PR as drop. Once the branch history includes only your commits on top of the main branch, doing a git push -f <remote> <branch> should clean things up here.

Also just as a suggestion for the future, running git merge main in the development branch is usually the best way to keep your development branch in sync with the latest. Additionally, doing a "force push" of development branches using git push -f makes it a bit harder for us as reviewers to see what has changed since the last time you pushed changes to the PR. Generally git push without -f is recommended (which is possible if you use git merge rather than git rebase to keep your development branch in sync).

[rturner3]

nit: since this is the same value in every subtest, we can remove x509SVIDs as a test template field

[rturner3]

Ideally we would check that a log message was emitted that contained these fields rather than just checking if the logger had the fields added to it. We have methods like AssertLogs() in test/spiretest for this purpose. Since this kind of test coverage was not present in this package already, I'm ok if we defer this to a follow-up issue.

I've created #4474 to track the follow-up work.

[rturner3]

Can be done separately to address #4474.