Log when using default authentication container name

app/domain/authentication/authn_k8s/application_identity.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Authentication
   module AuthnK8s
 
@@ -22,6 +24,9 @@ module AuthnK8s
     # validation of ValidateApplicationIdentity
     class ApplicationIdentity
 
+      AUTHENTICATION_CONTAINER_NAME_ANNOTATION = "authentication-container-name"
+      DEFAULT_AUTHENTICATION_CONTAINER_NAME = "authenticator"
+
       def initialize(host_id:, host_annotations:, service_id:)
         @host_id          = host_id
         @host_annotations = host_annotations
@@ -45,11 +50,21 @@ def constraints
       end
 
       def container_name
-        annotation_name = "authentication-container-name"
-        annotation_value("authn-k8s/#{@service_id}/#{annotation_name}") ||
-          annotation_value("authn-k8s/#{annotation_name}") ||
-          annotation_value("kubernetes/#{annotation_name}") ||
-          "authenticator"
+        @container_name ||= annotation_value("authn-k8s/#{@service_id}/#{AUTHENTICATION_CONTAINER_NAME_ANNOTATION}") ||
+          annotation_value("authn-k8s/#{AUTHENTICATION_CONTAINER_NAME_ANNOTATION}") ||
+          annotation_value("kubernetes/#{AUTHENTICATION_CONTAINER_NAME_ANNOTATION}") ||
+          default_authentication_container_name
+      end
+
+      def default_authentication_container_name
+        Rails.logger.debug(
+          LogMessages::Authentication::ContainerNameAnnotationDefaultValue.new(
+            AUTHENTICATION_CONTAINER_NAME_ANNOTATION,
+            DEFAULT_AUTHENTICATION_CONTAINER_NAME
+          )
+        )
+
+        DEFAULT_AUTHENTICATION_CONTAINER_NAME
       end
 
       # returns true if the only constraint is on the namespace, false otherwise

app/domain/errors.rb

@@ -21,7 +21,8 @@ module Conjur
 
       InsufficientPasswordComplexity = Util::TrackableErrorClass.new(
         msg:  "The password you have chosen does not meet the complexity requirements. " \
-             "Choose a password that includes: 12-128 characters, 2 uppercase letters, 2 lowercase letters, 1 digit, 1 special character",
+          "Choose a password that includes: 12-128 characters, 2 uppercase letters, " \
+          "2 lowercase letters, 1 digit, 1 special character",
         code: "CONJ00046E"
       )
 
@@ -57,8 +58,8 @@ module Authentication
       module AuthenticatorClass
 
         DoesntStartWithAuthn = ::Util::TrackableErrorClass.new(
-          msg:  "'{0-authenticator-parent-name}' is not a valid authenticator parent module because it does " \
-            "not begin with 'Authn'",
+          msg:  "'{0-authenticator-parent-name}' is not a valid authenticator "\
+            "parent module because it does not begin with 'Authn'",
           code: "CONJ00038E"
         )
 
@@ -155,7 +156,8 @@ module Jwt
       module AuthnOidc
 
         IdTokenFieldNotFoundOrEmpty = ::Util::TrackableErrorClass.new(
-          msg:  "Field '{0-field-name}' not found or empty in ID token. This field is defined in the id-token-user-property variable.",
+          msg:  "Field '{0-field-name}' not found or empty in ID token. " \
+            "This field is defined in the id-token-user-property variable.",
           code: "CONJ00013E"
         )
 
@@ -188,7 +190,8 @@ module AuthnK8s
         )
 
         ScopeNotSupported = ::Util::TrackableErrorClass.new(
-          msg:  "Resource type '{0}' is not a supported application identity. The supported resources are '{1}'",
+          msg:  "Resource type '{0}' is not a supported application identity. " \
+            "The supported resources are '{1}'",
           code: "CONJ00025E"
         )
 
@@ -219,7 +222,7 @@ module AuthnK8s
 
         CommonNameDoesntMatchHost = ::Util::TrackableErrorClass.new(
           msg:  "Client certificate CN must match host name. Cert CN: {0}. " \
-                "Host name: {1}. ",
+            "Host name: {1}.",
           code: "CONJ00031E"
         )
 
@@ -283,12 +286,14 @@ module AuthnAzure
         )
 
         InvalidApplicationIdentity = ::Util::TrackableErrorClass.new(
-          msg:  "Application identity field '{0-field-name}' does not match application identity in Azure token",
+          msg:  "Application identity field '{0-field-name}' does not match " \
+            "application identity in Azure token",
           code: "CONJ00049E"
         )
 
         ConstraintNotSupported = ::Util::TrackableErrorClass.new(
-          msg:  "Constraint type '{0}' is not a supported application identity. The supported resources are '{1}'",
+          msg:  "Constraint type '{0}' is not a supported application identity. " \
+            "The supported resources are '{1}'",
           code: "CONJ00050E"
         )
 
@@ -308,7 +313,7 @@ module AuthnAzure
         )
 
         InvalidProviderFieldsInXmsMirid = ::Util::TrackableErrorClass.new(
-          msg:  "Provider fields are in invalid format in xms_mirid {1}." \
+          msg:  "Provider fields are in invalid format in xms_mirid {1}. " \
                 "xms_mirid must contain the resource provider namespace, the " \
                 "resource type, and the resource name",
           code: "CONJ00054E"

app/domain/logs.rb

@@ -25,6 +25,12 @@ module Authentication
         code: "CONJ00024D"
       )
 
+      ContainerNameAnnotationDefaultValue = ::Util::TrackableLogMessageClass.new(
+        msg:  "Annotation '{0-authentication-container-annotation-name}' not found. " \
+                "Using default value '{1-default-authentication-container}'",
+        code: "CONJ00033D"
+      )
+
       module Security
 
         SecurityValidated = ::Util::TrackableLogMessageClass.new(
@@ -167,7 +173,7 @@ module Util
       )
 
       RateLimitedCacheLimitReached = ::Util::TrackableLogMessageClass.new(
-        msg:  "Rate limited cache reached the '{0-limit}' limit and will not" \
+        msg:  "Rate limited cache reached the '{0-limit}' limit and will not " \
               "call target for the next '{1-seconds}' seconds",
         code: "CONJ00020D"
       )