Skip to content

feat(server): add client IP to auth-related log messages #26127

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
nijdarshan wants to merge 1 commit into
base: master
Choose a base branch
from
Open

feat(server): add client IP to auth-related log messages #26127

nijdarshan wants to merge 1 commit into from
+73 −6

Conversation

@nijdarshan
Copy link

@nijdarshan nijdarshan commented Jan 23, 2026

Summary

  • Adds a ClientIP helper function that extracts the real client IP from HTTP requests (checking X-Forwarded-For, X-Real-IP, then RemoteAddr)
  • Includes client IP in OIDC token verification failures, login flow errors, and auth middleware warnings
  • Helps administrators identify which clients are flooding logs with authentication errors

Test plan

  • Unit tests for ClientIP helper covering all header combinations
  • go build passes on all affected packages
  • golangci-lint passes on affected packages
  • CI passes

Fixes #20388

@nijdarshan
feat(server): add client IP to auth-related log messages
8616274 
Adds client IP address to authentication-related log messages to help
administrators identify which clients are causing token verification
failures and login issues.

Fixes argoproj#20388

Signed-off-by: nijdarshan <darshannij@gmail.com>
@nijdarshan nijdarshan requested a review from a team as a code owner January 23, 2026 17:17
@bunnyshell
Copy link

bunnyshell bot commented Jan 23, 2026
edited
Loading

🔴 Preview Environment stopped on Bunnyshell

See: Environment Details | Pipeline Logs

Available commands (reply to this comment):

  • 🔵 /bns:start to start the environment
  • 🚀 /bns:deploy to redeploy the environment
  • /bns:delete to remove the environment

choejwoo
choejwoo reviewed Jan 24, 2026
View reviewed changes
Copy link
Member

@choejwoo choejwoo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could this also cover OIDC-related CLI flows over gRPC (e.g., argocd login --sso)? From a quick look, it seems IP is extracted only from HTTP requests, so pure gRPC calls may not be logged.
Also, since PR #25991 already adds client address to token verification errors, is there a reason to open a new PR?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@choejwoo choejwoo choejwoo left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Provide client info in argocd server errors

2 participants

@nijdarshan @choejwoo