From bb9a7a501ad8d8ecd665067acc87193c098e5a71 Mon Sep 17 00:00:00 2001 From: Bob Callaway Date: Thu, 21 Oct 2021 18:50:50 -0400 Subject: [PATCH 1/2] use request ID logger where possible Signed-off-by: Bob Callaway --- pkg/api/ca.go | 9 +++++---- pkg/api/googleca_signing_cert.go | 3 ++- pkg/api/pkcs11ca_signing_cert.go | 6 ++++-- pkg/log/log.go | 8 ++++++-- 4 files changed, 17 insertions(+), 9 deletions(-) diff --git a/pkg/api/ca.go b/pkg/api/ca.go index a6fe93c69..4c5c22787 100644 --- a/pkg/api/ca.go +++ b/pkg/api/ca.go @@ -37,6 +37,7 @@ import ( func SigningCertHandler(params operations.SigningCertParams, principal *oidc.IDToken) middleware.Responder { ctx := params.HTTPRequest.Context() + logger := log.ContextLogger(ctx) // none of the following cases should happen if the authentication path is working correctly; checking to be defensive if principal == nil { @@ -61,7 +62,7 @@ func SigningCertHandler(params operations.SigningCertParams, principal *oidc.IDT case "googleca": PemCertificate, PemCertificateChain, err = GoogleCASigningCertHandler(ctx, subj, publicKeyPEM) case "pkcs11ca": - PemCertificate, PemCertificateChain, err = Pkcs11CASigningCertHandler(subj, publicKey) + PemCertificate, PemCertificateChain, err = Pkcs11CASigningCertHandler(ctx, subj, publicKey) default: return handleFulcioAPIError(params, http.StatusInternalServerError, err, genericCAError) } @@ -70,7 +71,7 @@ func SigningCertHandler(params operations.SigningCertParams, principal *oidc.IDT } // Submit to CTL - log.Logger.Info("Submitting CTL inclusion for OIDC grant: ", subj.Value) + logger.Info("Submitting CTL inclusion for OIDC grant: ", subj.Value) var sctBytes []byte ctURL := viper.GetString("ct-log-url") if ctURL != "" { @@ -83,8 +84,8 @@ func SigningCertHandler(params operations.SigningCertParams, principal *oidc.IDT if err != nil { return handleFulcioAPIError(params, http.StatusInternalServerError, err, failedToMarshalSCT) } - log.Logger.Info("CTL Submission Signature Received: ", sct.Signature) - log.Logger.Info("CTL Submission ID Received: ", sct.ID) + logger.Info("CTL Submission Signature Received: ", sct.Signature) + logger.Info("CTL Submission ID Received: ", sct.ID) } else { log.Logger.Info("Skipping CT log upload.") } diff --git a/pkg/api/googleca_signing_cert.go b/pkg/api/googleca_signing_cert.go index 3402ec031..643672fb2 100644 --- a/pkg/api/googleca_signing_cert.go +++ b/pkg/api/googleca_signing_cert.go @@ -28,6 +28,7 @@ import ( ) func GoogleCASigningCertHandler(ctx context.Context, subj *challenges.ChallengeResult, publicKey []byte) (string, []string, error) { + logger := log.ContextLogger(ctx) parent := viper.GetString("gcp_private_ca_parent") @@ -42,7 +43,7 @@ func GoogleCASigningCertHandler(ctx context.Context, subj *challenges.ChallengeR privca = googleca.GithubWorkflowSubject(subj.Value) } req := googleca.Req(parent, privca, publicKey) - log.Logger.Infof("requesting cert from %s for %v", parent, Subject) + logger.Infof("requesting cert from %s for %v", parent, Subject) resp, err := googleca.Client().CreateCertificate(ctx, req) if err != nil { diff --git a/pkg/api/pkcs11ca_signing_cert.go b/pkg/api/pkcs11ca_signing_cert.go index 4d5e4342c..64e634264 100644 --- a/pkg/api/pkcs11ca_signing_cert.go +++ b/pkg/api/pkcs11ca_signing_cert.go @@ -16,6 +16,7 @@ package api import ( + "context" "crypto/x509" "encoding/pem" "os" @@ -28,7 +29,8 @@ import ( "github.com/spf13/viper" ) -func Pkcs11CASigningCertHandler(subj *challenges.ChallengeResult, publicKey []byte) (string, []string, error) { +func Pkcs11CASigningCertHandler(ctx context.Context, subj *challenges.ChallengeResult, publicKey []byte) (string, []string, error) { + logger := log.ContextLogger(ctx) p11Ctx, err := pkcs11.InitHSMCtx() if err != nil { @@ -53,7 +55,7 @@ func Pkcs11CASigningCertHandler(subj *challenges.ChallengeResult, publicKey []by } block, _ := pem.Decode(pubPEMData) if block == nil || block.Type != "CERTIFICATE" { - log.Logger.Fatal("failed to decode PEM block containing certificate") + logger.Fatal("failed to decode PEM block containing certificate") } rootCA, err = x509.ParseCertificate(block.Bytes) if err != nil { diff --git a/pkg/log/log.go b/pkg/log/log.go index 4f7476df8..befdfa9de 100644 --- a/pkg/log/log.go +++ b/pkg/log/log.go @@ -69,9 +69,13 @@ func WithRequestID(ctx context.Context, id string) context.Context { } func RequestIDLogger(r *http.Request) *zap.SugaredLogger { + return ContextLogger(r.Context()) +} + +func ContextLogger(ctx context.Context) *zap.SugaredLogger { proposedLogger := Logger - if r != nil { - if ctxRequestID, ok := r.Context().Value(middleware.RequestIDKey).(string); ok { + if ctx != nil { + if ctxRequestID, ok := ctx.Value(middleware.RequestIDKey).(string); ok { proposedLogger = proposedLogger.With(zap.String("requestID", ctxRequestID)) } } From 1f17329a14b669955347498a9968bb30b051e6ce Mon Sep 17 00:00:00 2001 From: Bob Callaway Date: Fri, 22 Oct 2021 10:34:45 -0400 Subject: [PATCH 2/2] swap last statement to use context logger Signed-off-by: Bob Callaway --- pkg/api/ca.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/api/ca.go b/pkg/api/ca.go index 4c5c22787..5ed1cf73d 100644 --- a/pkg/api/ca.go +++ b/pkg/api/ca.go @@ -87,7 +87,7 @@ func SigningCertHandler(params operations.SigningCertParams, principal *oidc.IDT logger.Info("CTL Submission Signature Received: ", sct.Signature) logger.Info("CTL Submission ID Received: ", sct.ID) } else { - log.Logger.Info("Skipping CT log upload.") + logger.Info("Skipping CT log upload.") } metricNewEntries.Inc()