Documentation
¶
Overview ¶
Package logging configures the project-wide zap logger.
Every binary (daemon, scheduler, worker, bench/fcstack) calls Init once during startup. The returned *zap.Logger is also installed as the package-global via zap.ReplaceGlobals, so package-level call sites can use zap.L() / zap.S() without plumbing a logger through.
Environment overrides:
- HPCC_LOG_LEVEL: debug | info | warn | error | dpanic | panic | fatal (default: info)
- HPCC_LOG_FORMAT: console | json (default: console)
Output goes to stderr, matching the historical stdlib log behaviour.
Index ¶
Constants ¶
const ( FieldCategory = "category" FieldEvent = "event" FieldSeverity = "severity" CategorySecurity = "security" SeverityCritical = "critical" )
Field keys attached to every Security() entry. Kept as constants so log-pipeline filters can match them verbatim without drifting.
Variables ¶
This section is empty.
Functions ¶
func Init ¶
Init installs and returns the process-wide zap logger. Safe to call multiple times; the most recent call wins.
func JWTClaims ¶
JWTClaims returns a zap field carrying the JWT's claim payload decoded WITHOUT signature verification, for forensic logging when a token-validation event fires. If the input is empty or malformed enough that the payload can't be base64-decoded into a JSON object, returns zap.Skip() so the field disappears from the log line rather than logging garbage.
SECURITY: the returned claims are unverified. Signature may be invalid, expired, or forged; values may be attacker-controlled. Treat them as correlation strings only — never make authorization decisions from them. To keep that property visible at the log destination, the field is always named "jwt_claims_unverified".
We never log the raw token bytes themselves: a valid token is a bearer credential, and dumping it into the log pipeline turns the log store into a credential store.
func Security ¶
Security logs a misbehaving-client event at ERROR level with a structured `category=security` / `severity=critical` pair so log pipelines can filter (and alert on) the audit-relevant subset. The `event` is a short kebab-case identifier downstream alerting can group on (e.g. "auth-failed", "token-tenant-mismatch", "manifest-digest-mismatch"); msg is a one-line human summary.
Call this at every site where a request from an untrusted peer fails authentication, fails authorization, fails an integrity check, or otherwise looks like attempted abuse. Include enough structured context (remote address, tenant_id, worker_id, claimed digest, etc.) that an operator reading one entry knows who did what — but never include the raw secret value being checked.
func SetSecurityHook ¶
func SetSecurityHook(h SecurityHook)
SetSecurityHook installs (or clears, with nil) the callback fired alongside every Security() entry. Safe to call before or after other Security calls; the most recent value wins.
Types ¶
type SecurityHook ¶
SecurityHook is an optional callback fired by Security() in addition to the zap entry. internal/metrics registers one to mirror events into a counter; the agent module (which can't import internal/) just leaves it nil. event is the kebab-case identifier; fields are the same fields passed to Security so the hook can pull `tenant_id` (or any other dimension) out by key.
Source Files