From 97058e06ae74cd0fce3b31cc6a014c0b7628721b Mon Sep 17 00:00:00 2001 From: Richard Wall Date: Wed, 20 Nov 2024 15:42:46 +0000 Subject: [PATCH] Log the client-id when VenafiCloudKeypair authentication is used To help debugging authentication problems Signed-off-by: Richard Wall --- pkg/agent/config.go | 22 ++++++++++++++-------- pkg/agent/config_test.go | 4 ++-- 2 files changed, 16 insertions(+), 10 deletions(-) diff --git a/pkg/agent/config.go b/pkg/agent/config.go index e413a313..bba1c35e 100644 --- a/pkg/agent/config.go +++ b/pkg/agent/config.go @@ -21,6 +21,7 @@ import ( "github.com/jetstack/preflight/pkg/datagatherer/k8s" "github.com/jetstack/preflight/pkg/datagatherer/local" "github.com/jetstack/preflight/pkg/kubeconfig" + "github.com/jetstack/preflight/pkg/logs" "github.com/jetstack/preflight/pkg/version" ) @@ -370,29 +371,33 @@ func ValidateAndCombineConfig(log logr.Logger, cfg Config, flags AgentCmdFlags) { var ( - mode AuthMode - reason string + mode AuthMode + reason string + keysAndValues []any ) switch { case flags.VenafiCloudMode && flags.CredentialsPath != "": mode = VenafiCloudKeypair - reason = fmt.Sprintf("Using the %s auth mode since --venafi-cloud and --credentials-path were specified.", mode) + reason = "--venafi-cloud and --credentials-path were specified" + keysAndValues = []any{"credentialsPath", flags.CredentialsPath} case flags.ClientID != "" && flags.PrivateKeyPath != "": mode = VenafiCloudKeypair - reason = fmt.Sprintf("Using the %s auth mode since --client-id and --private-key-path were specified.", mode) + reason = "--client-id and --private-key-path were specified" + keysAndValues = []any{"clientID", flags.ClientID, "privateKeyPath", flags.PrivateKeyPath} case flags.ClientID != "": return CombinedConfig{}, nil, fmt.Errorf("if --client-id is specified, --private-key-path must also be specified") case flags.PrivateKeyPath != "": return CombinedConfig{}, nil, fmt.Errorf("--private-key-path is specified, --client-id must also be specified") case flags.VenConnName != "": mode = VenafiCloudVenafiConnection - reason = fmt.Sprintf("Using the %s auth mode since --venafi-connection was specified.", mode) + reason = "--venafi-connection was specified" + keysAndValues = []any{"venConnName", flags.VenConnName} case flags.APIToken != "": mode = JetstackSecureAPIToken - reason = fmt.Sprintf("Using the %s auth mode since --api-token was specified.", mode) + reason = "--api-token was specified" case !flags.VenafiCloudMode && flags.CredentialsPath != "": mode = JetstackSecureOAuth - reason = fmt.Sprintf("Using the %s auth mode since --credentials-file was specified without --venafi-cloud.", mode) + reason = "--credentials-file was specified without --venafi-cloud" default: return CombinedConfig{}, nil, fmt.Errorf("no auth mode specified. You can use one of four auth modes:\n" + " - Use (--venafi-cloud with --credentials-file) or (--client-id with --private-key-path) to use the " + string(VenafiCloudKeypair) + " mode.\n" + @@ -401,7 +406,8 @@ func ValidateAndCombineConfig(log logr.Logger, cfg Config, flags AgentCmdFlags) " - Use --api-token if you want to use the " + string(JetstackSecureAPIToken) + " mode.\n") } res.AuthMode = mode - log.Info(reason) + keysAndValues = append(keysAndValues, "mode", mode, "reason", reason) + log.V(logs.Debug).Info("Authentication mode", keysAndValues...) } // Validation and defaulting of `server` and the deprecated `endpoint.path`. diff --git a/pkg/agent/config_test.go b/pkg/agent/config_test.go index 6a3bd07e..72b8c9c6 100644 --- a/pkg/agent/config_test.go +++ b/pkg/agent/config_test.go @@ -98,7 +98,7 @@ func Test_ValidateAndCombineConfig(t *testing.T) { withCmdLineFlags("--period", "99m", "--credentials-file", fakeCredsPath)) require.NoError(t, err) assert.Equal(t, testutil.Undent(` - INFO Using the Jetstack Secure OAuth auth mode since --credentials-file was specified without --venafi-cloud. + INFO Authentication mode mode="Jetstack Secure OAuth" reason="--credentials-file was specified without --venafi-cloud" INFO Both the 'period' field and --period are set. Using the value provided with --period. `), gotLogs.String()) assert.Equal(t, 99*time.Minute, got.Period) @@ -588,7 +588,7 @@ func Test_ValidateAndCombineConfig(t *testing.T) { ) require.NoError(t, err) assert.Equal(t, testutil.Undent(` - INFO Using the Venafi Cloud VenafiConnection auth mode since --venafi-connection was specified. + INFO Authentication mode venConnName="venafi-components" mode="Venafi Cloud VenafiConnection" reason="--venafi-connection was specified" INFO ignoring the server field specified in the config file. In Venafi Cloud VenafiConnection mode, this field is not needed. INFO ignoring the venafi-cloud.upload_path field in the config file. In Venafi Cloud VenafiConnection mode, this field is not needed. INFO ignoring the venafi-cloud.uploader_id field in the config file. This field is not needed in Venafi Cloud VenafiConnection mode.