Enhance logging for authentication providers (#4880)

An INFO level message is emitted upon successful login, with details
about the user and provider used. An ERROR level message is emitted upon
authentication failure, with the username that was tried.

(cherry-picked from a994851)
Signed-off-by: Cyril Cressent <[email protected]>

CHANGELOG-7.md

@@ -6,7 +6,6 @@ and this project adheres to [Semantic
 Versioning](http://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
-
 ### Breaking
 - Embedded etcd is no longer supported, all related configuration has been
 removed.
@@ -26,7 +25,9 @@ migrated from Etcd.
 - Added configuration store selector to sensu-backend.
 - Added postgresql state store.
 - GlobalResource interface in core/v3 allows core/v3 resources to
-be marked as global resources.
+  be marked as global resources.
+- The authentication module now logs successful (INFO) and unsuccessful (ERROR)
+  login attempts.
 
 ### Fixed
 - Fixed an issue where multi-expression exclusive "Deny" filters were not

backend/authentication/authenticator.go

@@ -6,6 +6,8 @@ import (
 	"fmt"
 	"sync"
 
+	"github.com/sirupsen/logrus"
+
 	corev2 "github.com/sensu/sensu-go/api/core/v2"
 )
 
@@ -33,11 +35,20 @@ func (a *Authenticator) Authenticate(ctx context.Context, username, password str
 			continue
 		}
 
+		logger.WithFields(logrus.Fields{
+			"subject":         claims.Subject,
+			"groups":          claims.Groups,
+			"provider_id":     claims.Provider.ProviderID,
+			"provider_type":   claims.Provider.ProviderType,
+			"provider_userid": claims.Provider.UserID,
+		}).Info("login successful")
 		return claims, nil
 	}
 
 	// TODO(palourde): We might want to return a more meaningful and actionnable
 	// error message, but we don't want to leak sensitive information.
+
+	logger.WithField("username", username).Error("authentication failed")
 	return nil, errors.New("authentication failed")
 }