Log LDAP Rotations (#31401)

builtin/credential/ldap/path_config_rotate_root.go

@@ -39,6 +39,14 @@ func pathConfigRotateRoot(b *backend) *framework.Path {
 
 func (b *backend) pathConfigRotateRootUpdate(ctx context.Context, req *logical.Request, _ *framework.FieldData) (*logical.Response, error) {
 	err := b.rotateRootCredential(ctx, req)
+	if err != nil {
+		// log here instead of inside the actual rotate call because the rotation manager also logs, so this is
+		// the "equivalent" place for manual rotations.
+		b.Logger().Error("failed to rotate root credential on user request", "path", req.Path, "error", err.Error())
+	} else {
+		// err is nil in this case
+		b.Logger().Info("succesfully rotated root credential on user request", "path", req.Path)
+	}
 	var responseError responseError
 	if errors.As(err, &responseError) {
 		return logical.ErrorResponse(responseError.Error()), nil

changelog/31401.txt

@@ -0,0 +1,3 @@
+```release-note:improvement
+auth/ldap: add explicit logging to rotations in ldap
+```