Suppress routing error log messages with POST /jwt/auth route
What does this MR do and why?
Docker clients such as containerd often attempt to authenticate with OAuth2 via POST /jwt/auth
(https://docs.docker.com/registry/spec/auth/oauth/#getting-a-token) before attempting to send a GET /jwt/auth
request.
To avoid generating routing error noise in the logs, handle this route by returning 404 directly. This avoids additional database or Redis calls.
Relates to #202210 (closed)
How to set up and validate locally
curl -X POST -v https://gitlab.example.com/jwt/auth
- You should see a 404 on
master
and on this branch. - On
master
inlog/development.log
, you'll see:
ActionController::RoutingError (No route matches [POST] "/jwt/auth"):
lib/gitlab/middleware/basic_health_check.rb:25:in `call'
lib/gitlab/middleware/handle_ip_spoof_attack_error.rb:25:in `call'
lib/gitlab/middleware/request_context.rb:21:in `call'
lib/gitlab/middleware/webhook_recursion_detection.rb:15:in `call'
config/initializers/fix_local_cache_middleware.rb:11:in `call'
lib/gitlab/middleware/compressed_json.rb:37:in `call'
lib/gitlab/middleware/rack_multipart_tempfile_factory.rb:19:in `call'
lib/gitlab/middleware/sidekiq_web_static.rb:20:in `call'
lib/gitlab/metrics/requests_rack_middleware.rb:79:in `call'
lib/gitlab/middleware/release_env.rb:13:in `call'
- With this branch, the backtrace trace is gone.
An alternative approach would be to squelch all ActionController::RoutingError
messages with an interceptor: https://github.com/rails/rails/pull/23868
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Stan Hu