diff --git a/management/internals/shared/grpc/server.go b/management/internals/shared/grpc/server.go index 1d734dae7..b37b3fb83 100644 --- a/management/internals/shared/grpc/server.go +++ b/management/internals/shared/grpc/server.go @@ -788,7 +788,11 @@ func (s *Server) Login(ctx context.Context, req *proto.EncryptedMessage) (*proto ExtraDNSLabels: loginReq.GetDnsLabels(), }) if err != nil { - log.WithContext(ctx).Warnf("failed logging in peer %s: %s", peerKey, err) + if errors.Is(err, internalStatus.ErrNoAuthMethodProvided) { + log.WithContext(ctx).Tracef("failed logging in peer %s: %s", peerKey, err) + } else { + log.WithContext(ctx).Warnf("failed logging in peer %s: %s", peerKey, err) + } return nil, mapError(ctx, err) } diff --git a/management/server/http/handlers/users/users_handler.go b/management/server/http/handlers/users/users_handler.go index 40ad585d2..179d433f1 100644 --- a/management/server/http/handlers/users/users_handler.go +++ b/management/server/http/handlers/users/users_handler.go @@ -220,7 +220,7 @@ func (h *handler) getAllUsers(w http.ResponseWriter, r *http.Request) { } includeServiceUser, err := strconv.ParseBool(serviceUser) - log.WithContext(r.Context()).Debugf("Should include service user: %v", includeServiceUser) + log.WithContext(r.Context()).Tracef("Should include service user: %v", includeServiceUser) if err != nil { util.WriteError(r.Context(), status.Errorf(status.InvalidArgument, "invalid service_user query parameter"), w) return diff --git a/management/server/peer.go b/management/server/peer.go index 17067a530..5596e45c2 100644 --- a/management/server/peer.go +++ b/management/server/peer.go @@ -730,7 +730,7 @@ func (am *DefaultAccountManager) handleSetupKeyAddedPeer(ctx context.Context, en func (am *DefaultAccountManager) AddPeer(ctx context.Context, accountID, setupKey, userID string, peer *nbpeer.Peer, temporary bool) (*nbpeer.Peer, *types.Network, []*posture.Checks, bool, error) { if setupKey == "" && userID == "" && !peer.ProxyMeta.Embedded { // no auth method provided => reject access - return nil, nil, nil, false, status.Errorf(status.Unauthenticated, "no peer auth method provided, please use a setup key or interactive SSO login") + return nil, nil, nil, false, status.ErrNoAuthMethodProvided } upperKey := strings.ToUpper(setupKey) diff --git a/management/server/user.go b/management/server/user.go index 412f15ce7..666d6d178 100644 --- a/management/server/user.go +++ b/management/server/user.go @@ -1059,8 +1059,8 @@ func (am *DefaultAccountManager) BuildUserInfosForAccount(ctx context.Context, a if err != nil { return nil, err } - log.WithContext(ctx).Debugf("Got %d users from ExternalCache for account %s", len(usersFromIntegration), accountID) - log.WithContext(ctx).Debugf("Got %d users from InternalCache for account %s", len(queriedUsers), accountID) + log.WithContext(ctx).Tracef("Got %d users from ExternalCache for account %s", len(usersFromIntegration), accountID) + log.WithContext(ctx).Tracef("Got %d users from InternalCache for account %s", len(queriedUsers), accountID) queriedUsers = append(queriedUsers, usersFromIntegration...) } diff --git a/shared/management/status/error.go b/shared/management/status/error.go index 78288aef3..1957c5591 100644 --- a/shared/management/status/error.go +++ b/shared/management/status/error.go @@ -48,6 +48,10 @@ type Type int32 var ( ErrExtraSettingsNotFound = errors.New("extra settings not found") ErrPeerAlreadyLoggedIn = errors.New("peer with the same public key is already logged in") + + // ErrNoAuthMethodProvided is returned when a peer login attempt carries neither a + // setup key nor an SSO token. Match it with errors.Is. + ErrNoAuthMethodProvided = Errorf(Unauthenticated, "no peer auth method provided, please use a setup key or interactive SSO login") ) // Error is an internal error @@ -66,6 +70,16 @@ func (e *Error) Error() string { return e.Message } +// Is reports whether target is an *Error with the same type and message, +// enabling matching with errors.Is against sentinel errors. +func (e *Error) Is(target error) bool { + var t *Error + if !errors.As(target, &t) { + return false + } + return e.ErrorType == t.ErrorType && e.Message == t.Message +} + // Errorf returns Error(ErrorType, fmt.Sprintf(format, a...)). func Errorf(errorType Type, format string, a ...interface{}) error { return &Error{