From b83b3232cb02e801068bd436ce42ea46a073b841 Mon Sep 17 00:00:00 2001 From: hongming Date: Thu, 25 Mar 2021 15:37:22 +0800 Subject: [PATCH] remove useless log output Signed-off-by: hongming --- .../authentication/authenticators/jwttoken/jwt_token.go | 2 +- pkg/apiserver/authentication/token/jwt.go | 5 ++--- pkg/apiserver/authorization/rbac/rbac.go | 2 +- pkg/models/auth/token.go | 7 ++++--- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/pkg/apiserver/authentication/authenticators/jwttoken/jwt_token.go b/pkg/apiserver/authentication/authenticators/jwttoken/jwt_token.go index d4a9d5529..25b62ea66 100644 --- a/pkg/apiserver/authentication/authenticators/jwttoken/jwt_token.go +++ b/pkg/apiserver/authentication/authenticators/jwttoken/jwt_token.go @@ -47,7 +47,7 @@ func NewTokenAuthenticator(tokenOperator auth.TokenManagementInterface, userList func (t *tokenAuthenticator) AuthenticateToken(ctx context.Context, token string) (*authenticator.Response, bool, error) { providedUser, err := t.tokenOperator.Verify(token) if err != nil { - klog.Error(err) + klog.Warning(err) return nil, false, err } diff --git a/pkg/apiserver/authentication/token/jwt.go b/pkg/apiserver/authentication/token/jwt.go index c6ce49f04..646b6c9c3 100644 --- a/pkg/apiserver/authentication/token/jwt.go +++ b/pkg/apiserver/authentication/token/jwt.go @@ -49,7 +49,7 @@ func (s *jwtTokenIssuer) Verify(tokenString string) (user.Info, TokenType, error // verify token signature and expiration time _, err := jwt.ParseWithClaims(tokenString, clm, s.keyFunc) if err != nil { - klog.Error(err) + klog.V(4).Info(err) return nil, "", err } return &user.DefaultInfo{Name: clm.Username, Groups: clm.Groups, Extra: clm.Extra}, clm.TokenType, nil @@ -77,9 +77,8 @@ func (s *jwtTokenIssuer) IssueTo(user user.Info, tokenType TokenType, expiresIn token := jwt.NewWithClaims(jwt.SigningMethodHS256, clm) tokenString, err := token.SignedString(s.secret) - if err != nil { - klog.Error(err) + klog.V(4).Info(err) return "", err } diff --git a/pkg/apiserver/authorization/rbac/rbac.go b/pkg/apiserver/authorization/rbac/rbac.go index f918e41d1..ecfa5696f 100644 --- a/pkg/apiserver/authorization/rbac/rbac.go +++ b/pkg/apiserver/authorization/rbac/rbac.go @@ -137,7 +137,7 @@ func (r *RBACAuthorizer) Authorize(requestAttributes authorizer.Attributes) (aut scope = "global-wide" } - klog.Infof("RBAC: no rules authorize user %q with groups %q to %s %s", requestAttributes.GetUser().GetName(), requestAttributes.GetUser().GetGroups(), operation, scope) + klog.V(4).Infof("RBAC: no rules authorize user %q with groups %q to %s %s", requestAttributes.GetUser().GetName(), requestAttributes.GetUser().GetGroups(), operation, scope) } reason := "" diff --git a/pkg/models/auth/token.go b/pkg/models/auth/token.go index 307fc0774..300812ab6 100644 --- a/pkg/models/auth/token.go +++ b/pkg/models/auth/token.go @@ -19,6 +19,7 @@ package auth import ( + "errors" "fmt" "k8s.io/apiserver/pkg/authentication/user" "k8s.io/klog" @@ -54,7 +55,6 @@ func NewTokenOperator(cache cache.Interface, options *authoptions.Authentication func (t tokenOperator) Verify(tokenStr string) (user.Info, error) { authenticated, tokenType, err := t.issuer.Verify(tokenStr) if err != nil { - klog.Error(err) return nil, err } if t.options.OAuthOptions.AccessTokenMaxAge == 0 || @@ -62,7 +62,6 @@ func (t tokenOperator) Verify(tokenStr string) (user.Info, error) { return authenticated, nil } if err := t.tokenCacheValidate(authenticated.GetName(), tokenStr); err != nil { - klog.Error(err) return nil, err } return authenticated, nil @@ -131,7 +130,9 @@ func (t tokenOperator) tokenCacheValidate(username, token string) error { if exist, err := t.cache.Exists(key); err != nil { return err } else if !exist { - return fmt.Errorf("token not found in cache") + err = errors.New("token not found in cache") + klog.V(4).Info(fmt.Errorf("%s: %s", err, token)) + return err } return nil } -- GitLab