Skip to content

Commit

Permalink
improving logs
Browse files Browse the repository at this point in the history
Signed-off-by: Javan lacerda <javanlacerda@google.com>
  • Loading branch information
javanlacerda committed Aug 13, 2024
1 parent 040596e commit 89fa77a
Show file tree
Hide file tree
Showing 2 changed files with 24 additions and 6 deletions.
25 changes: 20 additions & 5 deletions pkg/identity/ciprovider/principal.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ import (
"bytes"
"context"
"crypto/x509"
"encoding/json"
"fmt"
"html/template"
"net/url"
Expand Down Expand Up @@ -47,8 +48,10 @@ func getTokenClaims(token *oidc.IDToken) (map[string]string, error) {

// It makes string interpolation for a given string by using the
// templates syntax https://pkg.go.dev/text/template
// Issuer added as a parameter for having a richer log
func applyTemplateOrReplace(extValueTemplate string, tokenClaims map[string]string, issuerMetadata map[string]string, issuer string) (string, error) {
// logMetadata added as a parameter for having a richer log
func applyTemplateOrReplace(
extValueTemplate string, tokenClaims map[string]string,
issuerMetadata map[string]string, logMetadata map[string]string) (string, error) {

// Here we merge the data from was claimed by the id token with the
// default data provided by the yaml file.
Expand Down Expand Up @@ -82,7 +85,10 @@ func applyTemplateOrReplace(extValueTemplate string, tokenClaims map[string]stri
}
claimValue, ok := mergedData[extValueTemplate]
if !ok {
return "", fmt.Errorf("value <%s> not present in either claims or defaults. Issuer: %s", extValueTemplate, issuer)
var jsonMetadata bytes.Buffer
inrec, _ := json.Marshal(logMetadata)
json.Indent(&jsonMetadata, inrec, "", "\t")

Check failure on line 90 in pkg/identity/ciprovider/principal.go

View workflow job for this annotation

GitHub Actions / golangci-lint

Error return value of `json.Indent` is not checked (errcheck)
return "", fmt.Errorf("value <%s> not present in either claims or defaults. %s", extValueTemplate, jsonMetadata.String())
}
return claimValue, nil
}
Expand Down Expand Up @@ -123,7 +129,12 @@ func (principal ciPrincipal) Embed(_ context.Context, cert *x509.Certificate) er
if strings.TrimSpace(principal.ClaimsMetadata.SubjectAlternativeNameTemplate) == "" {
return fmt.Errorf("SubjectAlternativeNameTemplate should not be empty. Issuer: %s", principal.Token.Issuer)
}
subjectAlternativeName, err := applyTemplateOrReplace(principal.ClaimsMetadata.SubjectAlternativeNameTemplate, claims, defaults, principal.Token.Issuer)
subjectAlternativeName, err := applyTemplateOrReplace(
principal.ClaimsMetadata.SubjectAlternativeNameTemplate, claims, defaults,
map[string]string{
"Issuer": principal.Token.Issuer,
"ExtensionName": "SubjectAlternativeName",
})
if err != nil {
return err
}
Expand All @@ -146,7 +157,11 @@ func (principal ciPrincipal) Embed(_ context.Context, cert *x509.Certificate) er
if strings.TrimSpace(s) == "" || vType.Field(i).Name == "Issuer" {
continue
}
extValue, err := applyTemplateOrReplace(s, claims, defaults, principal.Token.Issuer)
extValue, err := applyTemplateOrReplace(s, claims, defaults,
map[string]string{
"Issuer": principal.Token.Issuer,
"ExtensionName": vType.Field(i).Name,
})
if err != nil {
return err
}
Expand Down
5 changes: 4 additions & 1 deletion pkg/identity/ciprovider/principal_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -313,7 +313,10 @@ func TestApplyTemplateOrReplace(t *testing.T) {

for name, test := range tests {
t.Run(name, func(t *testing.T) {
res, err := applyTemplateOrReplace(test.Template, tokenClaims, issuerMetadata, "https://token.actions.githubusercontent.com")
res, err := applyTemplateOrReplace(test.Template, tokenClaims, issuerMetadata,
map[string]string{
"Issuer": "https://token.actions.githubusercontent.com",
})
if res != test.ExpectedResult {
t.Errorf("expected result don't matches: Expected %s, received: %s, error: %v",
test.ExpectedResult, res, err)
Expand Down

0 comments on commit 89fa77a

Please sign in to comment.