From e7b4363d21d88fe87776ef37e61370f72b337a1c Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Thu, 11 Nov 2021 23:18:32 +0100 Subject: [PATCH] outposts/ldap: fix logic error in cached ldap searcher closes #1779 Signed-off-by: Jens Langhammer --- internal/outpost/ak/api.go | 17 +------- internal/outpost/ak/global.go | 2 +- internal/outpost/ldap/metrics/metrics.go | 6 ++- internal/outpost/ldap/search/memory/fetch.go | 8 ++-- internal/outpost/ldap/search/memory/memory.go | 40 +++---------------- internal/outpost/proxyv2/metrics/metrics.go | 6 ++- 6 files changed, 23 insertions(+), 56 deletions(-) diff --git a/internal/outpost/ak/api.go b/internal/outpost/ak/api.go index 7db5a2110..271f00b00 100644 --- a/internal/outpost/ak/api.go +++ b/internal/outpost/ak/api.go @@ -10,7 +10,6 @@ import ( "github.com/go-openapi/strfmt" "github.com/google/uuid" - "github.com/pkg/errors" "github.com/prometheus/client_golang/prometheus" "github.com/recws-org/recws" "goauthentik.io/api" @@ -119,7 +118,7 @@ func (a *APIController) OnRefresh() error { } a.Outpost = outposts.Results[0] - log.WithField("name", a.Outpost.Name).Debug("Fetched outpost configuration") + a.logger.WithField("name", a.Outpost.Name).Debug("Fetched outpost configuration") return a.Server.Refresh() } @@ -131,20 +130,8 @@ func (a *APIController) StartBackgorundTasks() error { "version": constants.VERSION, "build": constants.BUILD(), }).Set(1) - err := a.OnRefresh() - if err != nil { - return errors.Wrap(err, "failed to run initial refresh") - } else { - LastUpdate.With(prometheus.Labels{ - "uuid": a.instanceUUID.String(), - "outpost_name": a.Outpost.Name, - "outpost_type": a.Server.Type(), - "version": constants.VERSION, - "build": constants.BUILD(), - }).SetToCurrentTime() - } go func() { - a.logger.Debug("Starting WS reconnector...") + a.logger.Debug("Starting WS re-connector...") a.startWSReConnector() }() go func() { diff --git a/internal/outpost/ak/global.go b/internal/outpost/ak/global.go index 6e98bc874..2ebecfd37 100644 --- a/internal/outpost/ak/global.go +++ b/internal/outpost/ak/global.go @@ -32,7 +32,7 @@ func doGlobalSetup(config map[string]interface{}) { default: log.SetLevel(log.DebugLevel) } - log.WithField("buildHash", constants.BUILD()).WithField("version", constants.VERSION).Info("Starting authentik outpost") + log.WithField("logger", "authentik.outpost").WithField("hash", constants.BUILD()).WithField("version", constants.VERSION).Info("Starting authentik outpost") sentryEnv := "customer-outpost" sentryEnable := true diff --git a/internal/outpost/ldap/metrics/metrics.go b/internal/outpost/ldap/metrics/metrics.go index efbe257aa..8b1a12082 100644 --- a/internal/outpost/ldap/metrics/metrics.go +++ b/internal/outpost/ldap/metrics/metrics.go @@ -3,6 +3,8 @@ package metrics import ( "net/http" + log "github.com/sirupsen/logrus" + "github.com/gorilla/mux" "github.com/prometheus/client_golang/prometheus" "github.com/prometheus/client_golang/prometheus/promauto" @@ -26,7 +28,9 @@ func RunServer() { rw.WriteHeader(204) }) m.Path("/metrics").Handler(promhttp.Handler()) - err := http.ListenAndServe("0.0.0.0:9300", m) + listen := "0.0.0.0:9300" + log.WithField("logger", "authentik.outpost.metrics").WithField("listen", listen).Info("Starting Metrics server") + err := http.ListenAndServe(listen, m) if err != nil { panic(err) } diff --git a/internal/outpost/ldap/search/memory/fetch.go b/internal/outpost/ldap/search/memory/fetch.go index c908848a6..410efe86d 100644 --- a/internal/outpost/ldap/search/memory/fetch.go +++ b/internal/outpost/ldap/search/memory/fetch.go @@ -15,7 +15,7 @@ func (ms *MemorySearcher) FetchUsers() []api.User { ms.log.WithError(err).Warning("failed to update users") return nil, err } - ms.log.WithField("page", page).Debug("fetched users") + ms.log.WithField("page", page).WithField("count", len(users.Results)).Debug("fetched users") return &users, nil } page := 1 @@ -25,12 +25,12 @@ func (ms *MemorySearcher) FetchUsers() []api.User { if err != nil { return users } + users = append(users, apiUsers.Results...) if apiUsers.Pagination.Next > 0 { page += 1 } else { break } - users = append(users, apiUsers.Results...) } return users } @@ -42,7 +42,7 @@ func (ms *MemorySearcher) FetchGroups() []api.Group { ms.log.WithError(err).Warning("failed to update groups") return nil, err } - ms.log.WithField("page", page).Debug("fetched groups") + ms.log.WithField("page", page).WithField("count", len(groups.Results)).Debug("fetched groups") return &groups, nil } page := 1 @@ -52,12 +52,12 @@ func (ms *MemorySearcher) FetchGroups() []api.Group { if err != nil { return groups } + groups = append(groups, apiGroups.Results...) if apiGroups.Pagination.Next > 0 { page += 1 } else { break } - groups = append(groups, apiGroups.Results...) } return groups } diff --git a/internal/outpost/ldap/search/memory/memory.go b/internal/outpost/ldap/search/memory/memory.go index 687e2c207..bb77b5610 100644 --- a/internal/outpost/ldap/search/memory/memory.go +++ b/internal/outpost/ldap/search/memory/memory.go @@ -4,7 +4,6 @@ import ( "errors" "fmt" "strings" - "sync" "github.com/getsentry/sentry-go" "github.com/nmcclain/ldap" @@ -115,18 +114,6 @@ func (ms *MemorySearcher) Search(req *search.Request) (ldap.ServerSearchResult, } accsp.Finish() - // parsedFilter, err := ldap.CompileFilter(req.Filter) - // if err != nil { - // metrics.RequestsRejected.With(prometheus.Labels{ - // "outpost_name": ms.si.GetOutpostName(), - // "type": "search", - // "reason": "filter_parse_fail", - // "dn": req.BindDN, - // "client": req.RemoteAddr(), - // }).Inc() - // return ldap.ServerSearchResult{ResultCode: ldap.LDAPResultOperationsError}, fmt.Errorf("Search Error: error parsing filter: %s", req.Filter) - // } - switch filterEntity { default: metrics.RequestsRejected.With(prometheus.Labels{ @@ -144,27 +131,12 @@ func (ms *MemorySearcher) Search(req *search.Request) (ldap.ServerSearchResult, case constants.OCAKVirtualGroup: fallthrough case constants.OCGroup: - wg := sync.WaitGroup{} - wg.Add(2) - - gEntries := make([]*ldap.Entry, 0) - uEntries := make([]*ldap.Entry, 0) - - go func() { - defer wg.Done() - for _, g := range ms.groups { - gEntries = append(gEntries, group.FromAPIGroup(g, ms.si).Entry()) - } - }() - - go func() { - defer wg.Done() - for _, u := range ms.users { - uEntries = append(uEntries, group.FromAPIUser(u, ms.si).Entry()) - } - }() - wg.Wait() - entries = append(gEntries, uEntries...) + for _, g := range ms.groups { + entries = append(entries, group.FromAPIGroup(g, ms.si).Entry()) + } + for _, u := range ms.users { + entries = append(entries, group.FromAPIUser(u, ms.si).Entry()) + } case "": fallthrough case constants.OCOrgPerson: diff --git a/internal/outpost/proxyv2/metrics/metrics.go b/internal/outpost/proxyv2/metrics/metrics.go index b08467346..93e088873 100644 --- a/internal/outpost/proxyv2/metrics/metrics.go +++ b/internal/outpost/proxyv2/metrics/metrics.go @@ -3,6 +3,8 @@ package metrics import ( "net/http" + log "github.com/sirupsen/logrus" + "github.com/gorilla/mux" "github.com/prometheus/client_golang/prometheus" "github.com/prometheus/client_golang/prometheus/promauto" @@ -26,7 +28,9 @@ func RunServer() { rw.WriteHeader(204) }) m.Path("/metrics").Handler(promhttp.Handler()) - err := http.ListenAndServe("0.0.0.0:9300", m) + listen := "0.0.0.0:9300" + log.WithField("logger", "authentik.outpost.metrics").WithField("listen", listen).Info("Starting Metrics server") + err := http.ListenAndServe(listen, m) if err != nil { panic(err) }