From 628cfc3ea46c581728eb08d35f94f4aa83ba2b60 Mon Sep 17 00:00:00 2001 From: Shahram Kalantari Date: Fri, 1 Nov 2024 11:20:55 +1000 Subject: [PATCH] chore: temporarily add more logs Signed-off-by: Shahram Kalantari --- pkg/certificateprovider/azurekeyvault/provider.go | 11 +++++++++-- .../azurekeyvault/provider_test.go | 2 +- pkg/keymanagementprovider/azurekeyvault/provider.go | 13 +++++++++++-- .../azurekeyvault/provider_test.go | 8 ++++---- 4 files changed, 25 insertions(+), 9 deletions(-) diff --git a/pkg/certificateprovider/azurekeyvault/provider.go b/pkg/certificateprovider/azurekeyvault/provider.go index 87f24350d..0cf63bb99 100644 --- a/pkg/certificateprovider/azurekeyvault/provider.go +++ b/pkg/certificateprovider/azurekeyvault/provider.go @@ -32,6 +32,7 @@ import ( "github.com/ratify-project/ratify/pkg/certificateprovider" "github.com/ratify-project/ratify/pkg/certificateprovider/azurekeyvault/types" "github.com/ratify-project/ratify/pkg/metrics" + "github.com/sirupsen/logrus" "golang.org/x/crypto/pkcs12" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" @@ -96,7 +97,7 @@ func (s *akvCertProvider) GetCertificates(ctx context.Context, attrib map[string logger.GetLogger(ctx, logOpt).Debugf("vaultURI %s", keyvaultURI) - kvClientSecrets, err := initializeKvClient(azureCloudEnv.KeyVaultEndpoint, tenantID, workloadIdentityClientID) + kvClientSecrets, err := initializeKvClient(ctx, azureCloudEnv.KeyVaultEndpoint, tenantID, workloadIdentityClientID) if err != nil { return nil, nil, re.ErrorCodePluginInitFailure.NewError(re.CertProvider, providerName, re.AKVLink, err, "failed to get keyvault client", re.HideStackTrace) } @@ -209,9 +210,11 @@ func parseAzureEnvironment(cloudName string) (*azure.Environment, error) { return &env, err } -func initializeKvClient(keyVaultEndpoint, tenantID, clientID string) (*azsecrets.Client, error) { +func initializeKvClient(ctx context.Context, keyVaultEndpoint, tenantID, clientID string) (*azsecrets.Client, error) { // Trim any trailing slash from the endpoint kvEndpoint := strings.TrimSuffix(keyVaultEndpoint, "/") + logger.GetLogger(ctx, logOpt).Infof("kvEndpoint: '%s'", kvEndpoint) + logrus.WithContext(ctx).Infof("kvEndpoint: '%s'", kvEndpoint) // Create the workload identity credential for authentication credential, err := azidentity.NewWorkloadIdentityCredential(&azidentity.WorkloadIdentityCredentialOptions{ @@ -221,12 +224,14 @@ func initializeKvClient(keyVaultEndpoint, tenantID, clientID string) (*azsecrets if err != nil { return nil, re.ErrorCodeAuthDenied.WithDetail("failed to create workload identity credential").WithRemediation(re.AKVLink).WithError(err) } + logger.GetLogger(ctx, logOpt).Infof("credential created successfully") // create azsecrets client kvClientSecrets, err := azsecrets.NewClient(kvEndpoint, credential, nil) if err != nil { return nil, re.ErrorCodeConfigInvalid.WithDetail("Failed to create Key Vault client").WithRemediation(re.AKVLink).WithError(err) } + logger.GetLogger(ctx, logOpt).Infof("azsecrets kvclient created successfully") return kvClientSecrets, nil } @@ -234,11 +239,13 @@ func initializeKvClient(keyVaultEndpoint, tenantID, clientID string) (*azsecrets // Parse the secret bundle and return an array of certificates // In a certificate chain scenario, all certificates from root to leaf will be returned func getCertsFromSecretBundle(ctx context.Context, secretBundle azsecrets.SecretBundle, certName string) ([]*x509.Certificate, []map[string]string, error) { + logger.GetLogger(ctx, logOpt).Debugf("running getCertFromSecretBundle") if secretBundle.ContentType == nil || secretBundle.Value == nil || secretBundle.ID == nil { return nil, nil, re.ErrorCodeCertInvalid.NewError(re.CertProvider, providerName, re.EmptyLink, nil, "found invalid secret bundle for certificate %s, contentType, value, and id must not be nil", re.HideStackTrace) } version := getObjectVersion(string(*secretBundle.ID)) + logger.GetLogger(ctx, logOpt).Debugf("version: '%s'", version) // This aligns with notation akv implementation // akv plugin supports both PKCS12 and PEM. https://github.com/Azure/notation-azure-kv/blob/558e7345ef8318783530de6a7a0a8420b9214ba8/Notation.Plugin.AzureKeyVault/KeyVault/KeyVaultClient.cs#L192 diff --git a/pkg/certificateprovider/azurekeyvault/provider_test.go b/pkg/certificateprovider/azurekeyvault/provider_test.go index 2238e095e..af12fe361 100644 --- a/pkg/certificateprovider/azurekeyvault/provider_test.go +++ b/pkg/certificateprovider/azurekeyvault/provider_test.go @@ -101,7 +101,7 @@ func SkipTestInitializeKVClient(t *testing.T) { } for i := range testEnvs { - kvClientSecrets, err := initializeKvClient(testEnvs[i].KeyVaultEndpoint, "", "") + kvClientSecrets, err := initializeKvClient(context.TODO(), testEnvs[i].KeyVaultEndpoint, "", "") assert.NoError(t, err) assert.NotNil(t, kvClientSecrets) // assert.NotNil(t, kvBaseClient.Authorizer) diff --git a/pkg/keymanagementprovider/azurekeyvault/provider.go b/pkg/keymanagementprovider/azurekeyvault/provider.go index ad4fad4ac..791cfe48d 100644 --- a/pkg/keymanagementprovider/azurekeyvault/provider.go +++ b/pkg/keymanagementprovider/azurekeyvault/provider.go @@ -36,6 +36,7 @@ import ( "github.com/ratify-project/ratify/pkg/keymanagementprovider/config" "github.com/ratify-project/ratify/pkg/keymanagementprovider/factory" "github.com/ratify-project/ratify/pkg/metrics" + "github.com/sirupsen/logrus" "golang.org/x/crypto/pkcs12" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" @@ -127,7 +128,7 @@ func (f *akvKMProviderFactory) Create(_ string, keyManagementProviderConfig conf logger.GetLogger(context.Background(), logOpt).Debugf("vaultURI %s", provider.vaultURI) - kvClientKeys, kvClientSecrets, err := initKVClient(provider.cloudEnv.KeyVaultEndpoint, provider.tenantID, provider.clientID) + kvClientKeys, kvClientSecrets, err := initKVClient(context.Background(), provider.cloudEnv.KeyVaultEndpoint, provider.tenantID, provider.clientID) if err != nil { return nil, re.ErrorCodePluginInitFailure.NewError(re.KeyManagementProvider, ProviderName, re.AKVLink, err, "failed to create keyvault client", re.HideStackTrace) } @@ -233,9 +234,11 @@ func parseAzureEnvironment(cloudName string) (*azure.Environment, error) { return &env, err } -func initializeKvClient(keyVaultEndpoint, tenantID, clientID string) (*azkeys.Client, *azsecrets.Client, error) { +func initializeKvClient(ctx context.Context, keyVaultEndpoint, tenantID, clientID string) (*azkeys.Client, *azsecrets.Client, error) { // Trim any trailing slash from the endpoint kvEndpoint := strings.TrimSuffix(keyVaultEndpoint, "/") + logger.GetLogger(ctx, logOpt).Infof("kvEndpoint: '%s'", kvEndpoint) + logrus.WithContext(ctx).Infof("kvEndpoint: '%s'", kvEndpoint) // Create the workload identity credential for authentication credential, err := azidentity.NewWorkloadIdentityCredential(&azidentity.WorkloadIdentityCredentialOptions{ @@ -245,17 +248,23 @@ func initializeKvClient(keyVaultEndpoint, tenantID, clientID string) (*azkeys.Cl if err != nil { return nil, nil, re.ErrorCodeAuthDenied.WithDetail("failed to create workload identity credential").WithRemediation(re.AKVLink).WithError(err) } + logger.GetLogger(ctx, logOpt).Infof("credential created successfully") + logrus.WithContext(ctx).Infof("credential created successfully") // create azkeys client kvClientKeys, err := azkeys.NewClient(kvEndpoint, credential, nil) if err != nil { return nil, nil, re.ErrorCodeConfigInvalid.WithDetail("Failed to create Key Vault client").WithRemediation(re.AKVLink).WithError(err) } + logger.GetLogger(ctx, logOpt).Infof("azkeys kvclient created successfully") + logrus.WithContext(ctx).Infof("azkeys kvclient created successfully") // create azsecrets client kvClientSecrets, err := azsecrets.NewClient(kvEndpoint, credential, nil) if err != nil { return nil, nil, re.ErrorCodeConfigInvalid.WithDetail("Failed to create Key Vault client").WithRemediation(re.AKVLink).WithError(err) } + logger.GetLogger(ctx, logOpt).Infof("azsecrets kvclient created successfully") + logrus.WithContext(ctx).Infof("azsecrets kvclient created successfully") return kvClientKeys, kvClientSecrets, nil } diff --git a/pkg/keymanagementprovider/azurekeyvault/provider_test.go b/pkg/keymanagementprovider/azurekeyvault/provider_test.go index 4d45774b5..853d01597 100644 --- a/pkg/keymanagementprovider/azurekeyvault/provider_test.go +++ b/pkg/keymanagementprovider/azurekeyvault/provider_test.go @@ -64,7 +64,7 @@ func SkipTestInitializeKVClient(t *testing.T) { } for i := range testEnvs { - kvClientkeys, kvClientSecrets, err := initializeKvClient(testEnvs[i].KeyVaultEndpoint, "", "") + kvClientkeys, kvClientSecrets, err := initializeKvClient(context.TODO(), testEnvs[i].KeyVaultEndpoint, "", "") assert.NoError(t, err) assert.NotNil(t, kvClientkeys) assert.NotNil(t, kvClientSecrets) @@ -176,7 +176,7 @@ func TestCreate(t *testing.T) { } for _, tc := range testCases { t.Run(tc.name, func(t *testing.T) { - initKVClient = func(_, _, _ string) (*azkeys.Client, *azsecrets.Client, error) { + initKVClient = func(_ context.Context, _, _, _ string) (*azkeys.Client, *azsecrets.Client, error) { return &azkeys.Client{}, &azsecrets.Client{}, nil } _, err := factory.Create("v1", tc.config, "") @@ -227,7 +227,7 @@ func TestGetKeys(t *testing.T) { }, } - initKVClient = func(_, _, _ string) (*azkeys.Client, *azsecrets.Client, error) { + initKVClient = func(_ context.Context, _, _, _ string) (*azkeys.Client, *azsecrets.Client, error) { return &azkeys.Client{}, &azsecrets.Client{}, nil } provider, err := factory.Create("v1", config, "") @@ -550,7 +550,7 @@ func TestInitializeKvClient(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - _, _, err := initializeKvClient(tt.kvEndpoint, tt.tenantID, tt.clientID) + _, _, err := initializeKvClient(context.Background(), tt.kvEndpoint, tt.tenantID, tt.clientID) if tt.expectedErr != (err != nil) { t.Fatalf("expected error: %v, got: %v", tt.expectedErr, err) }