Convert lib/auth/touchid to use slog (#50514)

lib/auth/touchid/api.go

@@ -20,6 +20,7 @@ package touchid
 
 import (
 	"bytes"
+	"context"
 	"crypto/ecdsa"
 	"crypto/sha256"
 	"encoding/base64"
@@ -38,10 +39,11 @@ import (
 	"github.com/go-webauthn/webauthn/protocol"
 	"github.com/go-webauthn/webauthn/protocol/webauthncose"
 	"github.com/gravitational/trace"
-	log "github.com/sirupsen/logrus"
 
+	"github.com/gravitational/teleport"
 	wantypes "github.com/gravitational/teleport/lib/auth/webauthntypes"
 	"github.com/gravitational/teleport/lib/darwin"
+	logutils "github.com/gravitational/teleport/lib/utils/log"
 )
 
 var (
@@ -52,6 +54,8 @@ var (
 	PromptPlatformMessage = "Using platform authenticator, follow the OS prompt"
 	// PromptWriter is the writer used for prompt messages.
 	PromptWriter io.Writer = os.Stderr
+
+	logger = logutils.NewPackageLogger(teleport.ComponentKey, "TouchID")
 )
 
 func promptPlatform() {
@@ -167,7 +171,7 @@ func IsAvailable() bool {
 		var err error
 		cachedDiag, err = Diag()
 		if err != nil {
-			log.WithError(err).Warn("Touch ID self-diagnostics failed")
+			logger.WarnContext(context.Background(), "self-diagnostics failed", "error", err)
 			return false
 		}
 	}
@@ -356,7 +360,7 @@ func HasCredentials(rpid, user string) bool {
 	}
 	creds, err := native.FindCredentials(rpid, user)
 	if err != nil {
-		log.WithError(err).Debug("Touch ID: Could not find credentials")
+		logger.DebugContext(context.Background(), "Could not find credentials", "error", err)
 		return false
 	}
 	return len(creds) > 0
@@ -494,7 +498,7 @@ func Login(origin, user string, assertion *wantypes.CredentialAssertion, picker
 	if err != nil {
 		return nil, "", trace.Wrap(err)
 	}
-	log.Debugf("Touch ID: using credential %q", cred.CredentialID)
+	logger.DebugContext(context.Background(), "using credential", "credential_id", cred.CredentialID)
 
 	attData, err := makeAttestationData(protocol.AssertCeremony, origin, rpID, assertion.Response.Challenge, nil /* cred */)
 	if err != nil {
@@ -609,7 +613,7 @@ func ListCredentials() ([]CredentialInfo, error) {
 		info := &infos[i]
 		key, err := darwin.ECDSAPublicKeyFromRaw(info.publicKeyRaw)
 		if err != nil {
-			log.Warnf("Failed to convert public key: %v", err)
+			logger.WarnContext(context.Background(), "Failed to convert public key", "error", err)
 		}
 		info.PublicKey = key // this is OK, even if it's nil
 		info.publicKeyRaw = nil

lib/auth/touchid/api_darwin.go

@@ -33,6 +33,7 @@ package touchid
 import "C"
 
 import (
+	"context"
 	"encoding/base64"
 	"fmt"
 	"runtime/cgo"
@@ -42,7 +43,8 @@ import (
 
 	"github.com/google/uuid"
 	"github.com/gravitational/trace"
-	log "github.com/sirupsen/logrus"
+
+	logutils "github.com/gravitational/teleport/lib/utils/log"
 )
 
 const (
@@ -110,7 +112,7 @@ func (touchIDImpl) Diag() (*DiagResult, error) {
 	laErrorDomain := C.GoString(resC.la_error_domain)
 	laErrorDescription := C.GoString(resC.la_error_description)
 	if !passedLA && laErrorDescription != "" {
-		log.Debugf("Touch ID: LAError description: %v", laErrorDescription)
+		logger.DebugContext(context.Background(), "Received non-empty LAError description", "description", laErrorDescription)
 	}
 
 	isAvailable := signed && entitled && passedLA && passedEnclave
@@ -141,7 +143,7 @@ func runGoFuncHandle(handle C.uintptr_t) {
 	val := cgo.Handle(handle).Value()
 	fn, ok := val.(func())
 	if !ok {
-		log.Warnf("Touch ID: received unexpected function handle: %T", val)
+		logger.WarnContext(context.Background(), "received unexpected function handle", "handle", logutils.TypeAttr(val))
 		return
 	}
 	fn()
@@ -304,6 +306,8 @@ func readCredentialInfos(find func(**C.CredentialInfo) C.int) ([]CredentialInfo,
 	var infosC *C.CredentialInfo
 	defer func() { C.free(unsafe.Pointer(infosC)) }()
 
+	ctx := context.Background()
+
 	res := find(&infosC)
 	if res < 0 {
 		return nil, int(res)
@@ -338,21 +342,30 @@ func readCredentialInfos(find func(**C.CredentialInfo) C.int) ([]CredentialInfo,
 		// user@rpid
 		parsedLabel, err := parseLabel(label)
 		if err != nil {
-			log.Debugf("Skipping credential %q: %v", credentialID, err)
+			logger.DebugContext(ctx, "Skipping credential",
+				"credential_id", credentialID,
+				"error", err,
+			)
 			continue
 		}
 
 		// user handle
 		userHandle, err := base64.RawURLEncoding.DecodeString(appTag)
 		if err != nil {
-			log.Debugf("Skipping credential %q: unexpected application tag: %q", credentialID, appTag)
+			logger.DebugContext(ctx, "Skipping credential, unexpected application tag",
+				"credential_id", credentialID,
+				"app_tag", appTag,
+			)
 			continue
 		}
 
 		// ECDSA public key
 		pubKeyRaw, err := base64.StdEncoding.DecodeString(pubKeyB64)
 		if err != nil {
-			log.WithError(err).Warnf("Failed to decode public key for credential %q", credentialID)
+			logger.WarnContext(ctx, "Failed to decode public key for credential",
+				"credential_id", credentialID,
+				"error", err,
+			)
 			// Do not return or break out of the loop, it needs to run in order to
 			// deallocate the structs within.
 		}
@@ -361,7 +374,11 @@ func readCredentialInfos(find func(**C.CredentialInfo) C.int) ([]CredentialInfo,
 		const iso8601Format = "2006-01-02T15:04:05Z0700"
 		createTime, err := time.Parse(iso8601Format, creationDate)
 		if err != nil {
-			log.WithError(err).Warnf("Failed to parse creation time %q for credential %q", creationDate, credentialID)
+			logger.WarnContext(ctx, "Failed to parse creation time for credential",
+				"creation_time", creationDate,
+				"credential_id", credentialID,
+				"error", err,
+			)
 		}
 
 		infos = append(infos, CredentialInfo{