Merge pull request #8 from linuxfoundation/slog

Switch from logrus to log/slog

Author: emsearcy

.cspell.json

@@ -15,7 +15,6 @@
     "jaegertracing",
     "pprof",
     "zpages",
-    "fluentbit",
     "chainguard",
     "hadolint",
     "GOARCH",

.github/workflows/image-scan.yaml

@@ -25,7 +25,7 @@ jobs:
           go-version-file: go.mod
       - uses: ko-build/[email protected]
         with:
-          version: v0.17.1
+          version: v0.18.0
       - run: |
           ko build . --push=false --tarball "${RUNNER_TEMP}/image.tar" \
             --bare \
@@ -37,5 +37,7 @@ jobs:
             | sh -s -- -b /usr/local/bin
       - name: Run trufflehog on image.tar
         run: |
-          trufflehog --fail --no-update --github-actions \
+          trufflehog --github-actions \
+            --fail --no-update \
+            --results=verified,unknown \
             filesystem "${RUNNER_TEMP}/image.tar"

.github/workflows/publish.yaml

@@ -26,7 +26,7 @@ jobs:
           go-version-file: go.mod
       - uses: ko-build/[email protected]
         with:
-          version: v0.17.1
+          version: v0.18.0
       - run: |
           ko build . \
             --bare \

0_config.go

@@ -7,11 +7,11 @@ package main
 // spell-checker:disable
 import (
 	"fmt"
+	"log/slog"
 	"os"
 	"strings"
 
 	"github.com/joho/godotenv"
-	"github.com/sirupsen/logrus"
 )
 
 // spell-checker:enable
@@ -38,29 +38,34 @@ func init() {
 
 	cfg.Auth0Tenant = os.Getenv("AUTH0_TENANT")
 	if cfg.Auth0Tenant == "" {
-		logrus.Fatalln("AUTH0_TENANT not set")
+		slog.Error("AUTH0_TENANT not set")
+		os.Exit(1)
 	}
 	if strings.ContainsAny(strings.TrimSuffix(cfg.Auth0Tenant, ".us"), "./:") {
 		// .us is allowed, but otherwise AUTH0_TENANT cannot contain anything
 		// looking like a domain name or URL.
-		logrus.Fatalln("invalid AUTH0_TENANT")
+		slog.Error("invalid AUTH0_TENANT")
+		os.Exit(1)
 	}
 	cfg.Auth0Domain = os.Getenv("AUTH0_DOMAIN")
 	if cfg.Auth0Domain == "" {
 		cfg.Auth0Domain = fmt.Sprintf("%s.auth0.com", cfg.Auth0Tenant)
 	}
 	cfg.ClientID = os.Getenv("CLIENT_ID")
 	if cfg.ClientID == "" {
-		logrus.Fatalln("CLIENT_ID not set")
+		slog.Error("CLIENT_ID not set")
+		os.Exit(1)
 	}
 	cfg.ClientSecret = os.Getenv("CLIENT_SECRET")
 	if cfg.ClientSecret == "" {
-		logrus.Fatalln("CLIENT_SECRET not set")
+		slog.Error("CLIENT_SECRET not set")
+		os.Exit(1)
 	}
 
 	cfg.CookieSecret = os.Getenv("COOKIE_SECRET")
 	if cfg.CookieSecret == "" {
-		logrus.Fatalln("COOKIE_SECRET not set")
+		slog.Error("COOKIE_SECRET not set")
+		os.Exit(1)
 	}
 
 	insecureCookie := os.Getenv("INSECURE_COOKIE")

AGENTS.md

@@ -0,0 +1,27 @@
+# AGENTS.md
+
+## Build/Test Commands
+- `make` or `make bin/auth0-cas-server-go` - Build binary
+- `make all` - Build binary and Docker container
+- `make lint` - Run mega-linter with Go linting rules
+- `make docker-build` - Build Docker container
+- `go run .` - Run directly with Go
+
+## Code Style Guidelines
+- **License Header**: All files must start with Linux Foundation MIT license header
+- **Package**: Single `main` package for this service
+- **Imports**: Standard library first, then third-party, separated by blank lines
+- **Naming**: Use camelCase for private, PascalCase for public; descriptive variable names
+- **Error Handling**: Use slog for logging with structured fields; fatal errors use `slog.Error` with `os.Exit(1)`
+- **Comments**: Spell-checker disable/enable blocks around imports; function comments for public APIs
+- **Global Variables**: Minimal use (cfg for config, store for sessions)
+- **Context**: Pass context through request handlers for logging and tracing
+- **Types**: Define custom types for constants (e.g., `contextID int`)
+- **Environment**: Use godotenv for optional .env file loading in init()
+- **Linting**: Uses mega-linter with revive (not golangci-lint), excludes spell/link checkers
+
+## Key Patterns
+- Global config in `cfg` variable populated via init()
+- Request-scoped logging with context injection
+- OpenTelemetry instrumentation throughout
+- Gorilla sessions for cookie management

auth0_clients.go

@@ -19,7 +19,6 @@ import (
 
 	"github.com/bmatcuk/doublestar/v4"
 	"github.com/patrickmn/go-cache"
-	"github.com/sirupsen/logrus"
 	"golang.org/x/oauth2/clientcredentials"
 )
 
@@ -111,10 +110,9 @@ func getAuth0Clients(ctx context.Context) ([]auth0ClientStub, error) {
 		}
 
 		if resp.StatusCode != http.StatusOK {
-			appLogger(ctx).WithFields(logrus.Fields{
-				"status": resp.StatusCode,
-				"body":   string(bodyBytes),
-			}).Error("Auth0 get_users error")
+			appLogger(ctx).Error("Auth0 get_users error",
+				"status", resp.StatusCode,
+				"body", string(bodyBytes))
 			return nil, errors.New("Auth0 get_clients error")
 		}
 
@@ -163,18 +161,17 @@ func getAuth0ClientByService(ctx context.Context, serviceURL string) (*auth0Clie
 			var match bool
 			match, err = doublestar.Match(glob, serviceURL)
 			if err != nil {
-				appLogger(ctx).WithFields(logrus.Fields{
-					"pattern":       glob,
-					logrus.ErrorKey: err,
-				}).Warning("unexpected bad cas_service glob in cache")
+				appLogger(ctx).Warn("unexpected bad cas_service glob in cache",
+					"pattern", glob,
+					"error", err)
 				continue
 			}
 			if !match {
 				continue
 			}
 
 			// There is a match
-			appLogger(ctx).WithFields(logrus.Fields{"service": serviceURL, "glob": glob, "auth0_client": client.Name}).Debug("matched service in glob cache")
+			appLogger(ctx).Debug("matched service in glob cache", "service", serviceURL, "glob", glob, "auth0_client", client.Name)
 			auth0Cache.Set("cas-service-url/"+url.PathEscape(serviceURL), client, cache.NoExpiration)
 			return &client, nil
 		}
@@ -198,10 +195,9 @@ func getAuth0ClientByService(ctx context.Context, serviceURL string) (*auth0Clie
 		}
 
 		if client.TokenEndpointAuthMethod != "client_secret_post" && client.TokenEndpointAuthMethod != "client_secret_basic" {
-			appLogger(ctx).WithFields(logrus.Fields{
-				"token_endpoint_auth_method": client.TokenEndpointAuthMethod,
-				"auth0_client":               client.Name,
-			}).Warning("client with cas_service has unsupported token_endpoint_auth_method")
+			appLogger(ctx).Warn("client with cas_service has unsupported token_endpoint_auth_method",
+				"token_endpoint_auth_method", client.TokenEndpointAuthMethod,
+				"auth0_client", client.Name)
 			continue
 		}
 
@@ -212,10 +208,9 @@ func getAuth0ClientByService(ctx context.Context, serviceURL string) (*auth0Clie
 		for _, glob := range serviceGlobs {
 			match, err := doublestar.Match(glob, serviceURL)
 			if err != nil {
-				appLogger(ctx).WithFields(logrus.Fields{
-					"pattern":       glob,
-					logrus.ErrorKey: err,
-				}).Warning("ignoring bad cas_service glob")
+				appLogger(ctx).Warn("ignoring bad cas_service glob",
+					"pattern", glob,
+					"error", err)
 				continue
 			}
 			// Store the glob-to-client lookup (for cache).
@@ -225,7 +220,7 @@ func getAuth0ClientByService(ctx context.Context, serviceURL string) (*auth0Clie
 				continue
 			}
 
-			appLogger(ctx).WithFields(logrus.Fields{"service": serviceURL, "glob": glob, "auth0_client": client.Name}).Debug("matched service")
+			appLogger(ctx).Debug("matched service", "service", serviceURL, "glob", glob, "auth0_client", client.Name)
 			// If the glob matches, save the match, but keep processing remaining
 			// comma-delimited globs AND clients to complete the glob-to-client cache
 			// update.