From 54ba8e386871110392391a44a4b1d674293c12d7 Mon Sep 17 00:00:00 2001
From: "R.B. Boyer" <rb@hashicorp.com>
Date: Fri, 1 May 2020 15:55:26 -0500
Subject: [PATCH] acl: change authmethod.Validator to take a logger (#7758)

---
 agent/consul/acl_authmethod.go              | 2 +-
 agent/consul/acl_endpoint.go                | 2 +-
 agent/consul/authmethod/authmethods.go      | 9 ++++++---
 agent/consul/authmethod/kubeauth/k8s.go     | 3 ++-
 agent/consul/authmethod/testauth/testing.go | 3 ++-
 5 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/agent/consul/acl_authmethod.go b/agent/consul/acl_authmethod.go
index a376af53c9..ded6ae5085 100644
--- a/agent/consul/acl_authmethod.go
+++ b/agent/consul/acl_authmethod.go
@@ -25,7 +25,7 @@ func (s *Server) loadAuthMethodValidator(idx uint64, method *structs.ACLAuthMeth
 		return v, nil
 	}
 
-	v, err := authmethod.NewValidator(method)
+	v, err := authmethod.NewValidator(s.logger, method)
 	if err != nil {
 		return nil, fmt.Errorf("auth method validator for %q could not be initialized: %v", method.Name, err)
 	}
diff --git a/agent/consul/acl_endpoint.go b/agent/consul/acl_endpoint.go
index 5d1546c742..9cdb73e16e 100644
--- a/agent/consul/acl_endpoint.go
+++ b/agent/consul/acl_endpoint.go
@@ -2111,7 +2111,7 @@ func (a *ACL) AuthMethodSet(args *structs.ACLAuthMethodSetRequest, reply *struct
 
 	// Instantiate a validator but do not cache it yet. This will validate the
 	// configuration.
-	if _, err := authmethod.NewValidator(method); err != nil {
+	if _, err := authmethod.NewValidator(a.srv.logger, method); err != nil {
 		return fmt.Errorf("Invalid Auth Method: %v", err)
 	}
 
diff --git a/agent/consul/authmethod/authmethods.go b/agent/consul/authmethod/authmethods.go
index 013d75ac9e..f2f76a8500 100644
--- a/agent/consul/authmethod/authmethods.go
+++ b/agent/consul/authmethod/authmethods.go
@@ -6,6 +6,7 @@ import (
 	"sync"
 
 	"github.com/hashicorp/consul/agent/structs"
+	"github.com/hashicorp/go-hclog"
 	"github.com/mitchellh/mapstructure"
 )
 
@@ -24,7 +25,7 @@ type Cache interface {
 	Purge()
 }
 
-type ValidatorFactory func(method *structs.ACLAuthMethod) (Validator, error)
+type ValidatorFactory func(logger hclog.Logger, method *structs.ACLAuthMethod) (Validator, error)
 
 type Validator interface {
 	// Name returns the name of the auth method backing this validator.
@@ -131,7 +132,7 @@ func (c *authMethodCache) Purge() {
 // NewValidator instantiates a new Validator for the given auth method
 // configuration. If no auth method is registered with the provided type an
 // error is returned.
-func NewValidator(method *structs.ACLAuthMethod) (Validator, error) {
+func NewValidator(logger hclog.Logger, method *structs.ACLAuthMethod) (Validator, error) {
 	typesMu.RLock()
 	factory, ok := types[method.Type]
 	typesMu.RUnlock()
@@ -140,7 +141,9 @@ func NewValidator(method *structs.ACLAuthMethod) (Validator, error) {
 		return nil, fmt.Errorf("no auth method registered with type: %s", method.Type)
 	}
 
-	return factory(method)
+	logger = logger.Named("authmethod").With("type", method.Type, "name", method.Name)
+
+	return factory(logger, method)
 }
 
 // Types returns a sorted list of the names of the registered types.
diff --git a/agent/consul/authmethod/kubeauth/k8s.go b/agent/consul/authmethod/kubeauth/k8s.go
index 99d95a8df7..bea558f773 100644
--- a/agent/consul/authmethod/kubeauth/k8s.go
+++ b/agent/consul/authmethod/kubeauth/k8s.go
@@ -8,6 +8,7 @@ import (
 	"github.com/hashicorp/consul/agent/consul/authmethod"
 	"github.com/hashicorp/consul/agent/structs"
 	cleanhttp "github.com/hashicorp/go-cleanhttp"
+	"github.com/hashicorp/go-hclog"
 	"gopkg.in/square/go-jose.v2/jwt"
 	authv1 "k8s.io/api/authentication/v1"
 	client_metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -20,7 +21,7 @@ import (
 
 func init() {
 	// register this as an available auth method type
-	authmethod.Register("kubernetes", func(method *structs.ACLAuthMethod) (authmethod.Validator, error) {
+	authmethod.Register("kubernetes", func(_ hclog.Logger, method *structs.ACLAuthMethod) (authmethod.Validator, error) {
 		v, err := NewValidator(method)
 		if err != nil {
 			return nil, err
diff --git a/agent/consul/authmethod/testauth/testing.go b/agent/consul/authmethod/testauth/testing.go
index f76053ec44..2b397e935c 100644
--- a/agent/consul/authmethod/testauth/testing.go
+++ b/agent/consul/authmethod/testauth/testing.go
@@ -7,6 +7,7 @@ import (
 	"github.com/hashicorp/consul/acl"
 	"github.com/hashicorp/consul/agent/consul/authmethod"
 	"github.com/hashicorp/consul/agent/structs"
+	"github.com/hashicorp/go-hclog"
 	"github.com/hashicorp/go-uuid"
 )
 
@@ -84,7 +85,7 @@ type Config struct {
 	enterpriseConfig `mapstructure:",squash"`
 }
 
-func newValidator(method *structs.ACLAuthMethod) (authmethod.Validator, error) {
+func newValidator(logger hclog.Logger, method *structs.ACLAuthMethod) (authmethod.Validator, error) {
 	if method.Type != "testing" {
 		return nil, fmt.Errorf("%q is not a testing auth method", method.Name)
 	}