Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Print the Conjur cert injection error to the log #170

Closed
orenbm opened this issue Sep 27, 2020 · 2 comments
Closed

Print the Conjur cert injection error to the log #170

orenbm opened this issue Sep 27, 2020 · 2 comments
Assignees
@orenbm
Labels
component/k8s kind/enhancement team/palm-tree
Milestone
PalmTree - sprint...

Comments

@orenbm
Copy link
Member

orenbm commented Sep 27, 2020

The Conjur server now writes the injection error to a log file in the
client container (cyberark/conjur#1789).

We should print this error to the log to enhance supportability.
@orenbm orenbm self-assigned this Sep 27, 2020
@orenbm orenbm added this to the PalmTree - sprint 2020 milestone Sep 27, 2020
@orenbm orenbm mentioned this issue Sep 27, 2020
Merged
2 tasks
@izgeri
Copy link
Contributor

izgeri commented Sep 28, 2020

just wanted to add some notes about the requirements on this addition, as I understand them:

  • this should be backwards compatible, so that if someone uses a new client with an older conjur/DAP the client won't fail
  • the log file should be removed when the cert file is removed
  • if the log file shows there were errors in the cert injection, those should be logged to the client container stderr as ERROR messages

@orenbm if I've misunderstood any of these requirements, please lmk

@orenbm
Copy link
Member Author

orenbm commented Sep 29, 2020

You are correct @izgeri .

Regarding the first bullet - the app won't fail but the log will show a WARN message: CAKC001W File /tmp/conjur_set_file_content.log does no exist

@orenbm orenbm closed this as completed Oct 4, 2020
@orenbm orenbm mentioned this issue Oct 4, 2020
Closed
6 tasks
orenbm added a commit to cyberark/secrets-provider-for-k8s that referenced this issue Oct 8, 2020
@orenbm
Consume version 0.19.0 of conjur-authn-k8s-client
d8dfbb0 
This version introduces some changes that we can benefit from, especially these:
- Errors in the certificate injection process on login are now printed to the client logs.
  [cyberark/conjur-authn-k8s-client#/170](cyberark/conjur-authn-k8s-client#170)
@orenbm orenbm mentioned this issue Oct 8, 2020
Merged
orenbm added a commit to cyberark/secretless-broker that referenced this issue Oct 8, 2020
@orenbm
Consume version 0.19.0 of conjur-authn-k8s-client
2e33595 
This version introduces some changes that we can benefit from, especially these:
- Errors in the certificate injection process on login are now printed to the client logs.
  [cyberark/conjur-authn-k8s-client#/170](cyberark/conjur-authn-k8s-client#170)
- When authentication fails, the exponential backoff retry is correctly reset so
  that it will continue to attempt to authenticate until backoff is exhausted.
  [cyberark/conjur-authn-k8s-client#158](cyberark/conjur-authn-k8s-client#158)
- Wait slightly for the client certificate file to exist after login before
  raising an error.
  [cyberark/conjur-authn-k8s-client#119](cyberark/conjur-authn-k8s-client#119)
@orenbm orenbm mentioned this issue Oct 8, 2020
Merged
orenbm added a commit to cyberark/secretless-broker that referenced this issue Oct 8, 2020
@orenbm
Consume version 0.19.0 of conjur-authn-k8s-client
ca9dae6 
This version introduces some changes that we can benefit from, especially these:
- Errors in the certificate injection process on login are now printed to the client logs.
  [cyberark/conjur-authn-k8s-client#/170](cyberark/conjur-authn-k8s-client#170)
- When authentication fails, the exponential backoff retry is correctly reset so
  that it will continue to attempt to authenticate until backoff is exhausted.
  [cyberark/conjur-authn-k8s-client#158](cyberark/conjur-authn-k8s-client#158)
- Wait slightly for the client certificate file to exist after login before
  raising an error.
  [cyberark/conjur-authn-k8s-client#119](cyberark/conjur-authn-k8s-client#119)
orenbm added a commit to cyberark/secrets-provider-for-k8s that referenced this issue Oct 8, 2020
@orenbm
Consume version 0.19.0 of conjur-authn-k8s-client
651751a 
This version introduces some changes that we can benefit from, especially these:
- Errors in the certificate injection process on login are now printed to the client logs.
  [cyberark/conjur-authn-k8s-client#/170](cyberark/conjur-authn-k8s-client#170)
orenbm added a commit to cyberark/secretless-broker that referenced this issue Oct 8, 2020
@orenbm
Consume version 0.19.0 of conjur-authn-k8s-client
076b2d5 
This version introduces some changes that we can benefit from, especially these:
- Errors in the certificate injection process on login are now printed to the client logs.
  [cyberark/conjur-authn-k8s-client#/170](cyberark/conjur-authn-k8s-client#170)
- When authentication fails, the exponential backoff retry is correctly reset so
  that it will continue to attempt to authenticate until backoff is exhausted.
  [cyberark/conjur-authn-k8s-client#158](cyberark/conjur-authn-k8s-client#158)
- Wait slightly for the client certificate file to exist after login before
  raising an error.
  [cyberark/conjur-authn-k8s-client#119](cyberark/conjur-authn-k8s-client#119)
orenbm added a commit to cyberark/secretless-broker that referenced this issue Oct 8, 2020
@orenbm
Consume version 0.19.0 of conjur-authn-k8s-client
afc65b2 
This version introduces some changes that we can benefit from, especially these:
- Errors in the certificate injection process on login are now printed to the client logs.
  [cyberark/conjur-authn-k8s-client#/170](cyberark/conjur-authn-k8s-client#170)
- When authentication fails, the exponential backoff retry is correctly reset so
  that it will continue to attempt to authenticate until backoff is exhausted.
  [cyberark/conjur-authn-k8s-client#158](cyberark/conjur-authn-k8s-client#158)
- Wait slightly for the client certificate file to exist after login before
  raising an error.
  [cyberark/conjur-authn-k8s-client#119](cyberark/conjur-authn-k8s-client#119)
orenbm added a commit to cyberark/secretless-broker that referenced this issue Oct 8, 2020
@orenbm
Consume version 0.19.0 of conjur-authn-k8s-client
fe02ac1 
This version introduces some changes that we can benefit from, especially these:
- Errors in the certificate injection process on login are now printed to the client logs.
  [cyberark/conjur-authn-k8s-client#/170](cyberark/conjur-authn-k8s-client#170)
- When authentication fails, the exponential backoff retry is correctly reset so
  that it will continue to attempt to authenticate until backoff is exhausted.
  [cyberark/conjur-authn-k8s-client#158](cyberark/conjur-authn-k8s-client#158)
- Wait slightly for the client certificate file to exist after login before
  raising an error.
  [cyberark/conjur-authn-k8s-client#119](cyberark/conjur-authn-k8s-client#119)
orenbm added a commit to cyberark/secretless-broker that referenced this issue Oct 8, 2020
@orenbm
Consume version 0.19.0 of conjur-authn-k8s-client
f141282 
This version introduces some changes that we can benefit from, especially these:
- Errors in the certificate injection process on login are now printed to the client logs.
  [cyberark/conjur-authn-k8s-client#/170](cyberark/conjur-authn-k8s-client#170)
- When authentication fails, the exponential backoff retry is correctly reset so
  that it will continue to attempt to authenticate until backoff is exhausted.
  [cyberark/conjur-authn-k8s-client#158](cyberark/conjur-authn-k8s-client#158)
- Wait slightly for the client certificate file to exist after login before
  raising an error.
  [cyberark/conjur-authn-k8s-client#119](cyberark/conjur-authn-k8s-client#119)
orenbm added a commit to cyberark/secrets-provider-for-k8s that referenced this issue Oct 8, 2020
@orenbm
Consume version 0.19.0 of conjur-authn-k8s-client (#247)
e08a09a 
* Consume version 0.19.0 of conjur-authn-k8s-client

This version introduces some changes that we can benefit from, especially these:
- Errors in the certificate injection process on login are now printed to the client logs.
  [cyberark/conjur-authn-k8s-client#/170](cyberark/conjur-authn-k8s-client#170)

* Update expected log code from authn-client

The log codes were changed in the authn-client so we need to change
the expected ones in the test
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@orenbm orenbm

Labels
component/k8s kind/enhancement team/palm-tree
Milestone
PalmTree - sprint 2020
Development

No branches or pull requests
3 participants
@izgeri @orenbm @daphnaab