From e1927ca9b53149dafd332494553de468307f9a07 Mon Sep 17 00:00:00 2001 From: Steve Wagner Date: Tue, 24 Oct 2023 11:30:56 -0700 Subject: [PATCH] - Final corrections and enhancements --- docs/tls/SS-TLS.md | 2 +- internal/authentication/factory.go | 14 +++++++------- internal/configuration/settings.go | 31 ++++++++++++++++++++++++++++++ 3 files changed, 39 insertions(+), 8 deletions(-) diff --git a/docs/tls/SS-TLS.md b/docs/tls/SS-TLS.md index 8f37d90..3c30b11 100644 --- a/docs/tls/SS-TLS.md +++ b/docs/tls/SS-TLS.md @@ -53,7 +53,7 @@ metadata: data: nginx-hosts: "http://10.1.1.4:9000/api,http://10.1.1.5:9000/api" tls-mode: "ss-tls" - caCertificate: "nlk-tls-ca-secret" + ca-certificate: "nlk-tls-ca-secret" ``` ## Deployment diff --git a/internal/authentication/factory.go b/internal/authentication/factory.go index 21b3458..5d94343 100644 --- a/internal/authentication/factory.go +++ b/internal/authentication/factory.go @@ -18,7 +18,7 @@ import ( ) func NewTlsConfig(settings *configuration.Settings) (*tls.Config, error) { - logrus.Debugf("Creating TLS config for mode: '%s'", settings.TlsMode) + logrus.Debugf("authentication::NewTlsConfig Creating TLS config for mode: '%s'", settings.TlsMode) switch settings.TlsMode { case "ss-tls": // needs ca cert return buildSelfSignedTlsConfig(settings.Certificates) @@ -38,7 +38,7 @@ func NewTlsConfig(settings *configuration.Settings) (*tls.Config, error) { } func buildSelfSignedTlsConfig(certificates *certification.Certificates) (*tls.Config, error) { - logrus.Debug("Building self-signed TLS config") + logrus.Debugf("authentication::buildSelfSignedTlsConfig Building self-signed TLS config, CA Secret Key(%v)", certificates.CaCertificateSecretKey) certPool, err := buildCaCertificatePool(certificates.GetCACertificate()) if err != nil { return nil, err @@ -51,7 +51,7 @@ func buildSelfSignedTlsConfig(certificates *certification.Certificates) (*tls.Co } func buildSelfSignedMtlsConfig(certificates *certification.Certificates) (*tls.Config, error) { - logrus.Debug("buildSelfSignedMtlsConfig Building self-signed mTLS config") + logrus.Debugf("authentication::buildSelfSignedMtlsConfig Building self-signed mTLS config, CA Secret Key(%v), Client Certificate Key(%v)", certificates.CaCertificateSecretKey, certificates.ClientCertificateSecretKey) certPool, err := buildCaCertificatePool(certificates.GetCACertificate()) if err != nil { return nil, err @@ -72,14 +72,14 @@ func buildSelfSignedMtlsConfig(certificates *certification.Certificates) (*tls.C } func buildBasicTlsConfig(skipVerify bool) *tls.Config { - logrus.Debug("Building basic TLS config") + logrus.Debugf("authentication::buildBasicTlsConfig skipVerify(%v)", skipVerify) return &tls.Config{ InsecureSkipVerify: skipVerify, } } func buildCaTlsConfig(certificates *certification.Certificates) (*tls.Config, error) { - logrus.Debug("Building CA TLS config") + logrus.Debugf("authentication::buildCaTlsConfig, Client Certificate Key(%v)", certificates.ClientCertificateSecretKey) certificate, err := buildCertificates(certificates.GetClientCertificate()) if err != nil { return nil, err @@ -92,12 +92,12 @@ func buildCaTlsConfig(certificates *certification.Certificates) (*tls.Config, er } func buildCertificates(privateKeyPEM []byte, certificatePEM []byte) (tls.Certificate, error) { - logrus.Debug("Building certificates") + logrus.Debugf("authentication::buildCertificates, Private Key(%v), Certificate(%v)", privateKeyPEM, certificatePEM) return tls.X509KeyPair(certificatePEM, privateKeyPEM) } func buildCaCertificatePool(caCert []byte) (*x509.CertPool, error) { - logrus.Debugf("Building CA certificate pool") + logrus.Debugf("authentication::buildCaCertificatePool, CA Certificate(%v)", caCert) block, _ := pem.Decode(caCert) if block == nil { return nil, fmt.Errorf("failed to decode PEM block containing CA certificate") diff --git a/internal/configuration/settings.go b/internal/configuration/settings.go index 8c8874a..d9f1d3b 100644 --- a/internal/configuration/settings.go +++ b/internal/configuration/settings.go @@ -312,6 +312,8 @@ func (s *Settings) handleUpdateEvent(_ interface{}, obj interface{}) { logrus.Warnf("Settings::handleUpdateEvent: client-certificate key not found in ConfigMap") } + setLogLevel(configMap.Data["log-level"]) + logrus.Debugf("Settings::handleUpdateEvent: \n\tHosts: %v,\n\tSettings: %v ", s.NginxPlusHosts, configMap) } @@ -327,3 +329,32 @@ func isOurConfig(obj interface{}) (*corev1.ConfigMap, bool) { configMap, ok := obj.(*corev1.ConfigMap) return configMap, ok && configMap.Name == ConfigMapName && configMap.Namespace == ConfigMapsNamespace } + +func setLogLevel(logLevel string) { + logrus.Debugf("Settings::setLogLevel: %s", logLevel) + switch logLevel { + case "panic": + logrus.SetLevel(logrus.PanicLevel) + + case "fatal": + logrus.SetLevel(logrus.FatalLevel) + + case "error": + logrus.SetLevel(logrus.ErrorLevel) + + case "warn": + logrus.SetLevel(logrus.WarnLevel) + + case "info": + logrus.SetLevel(logrus.InfoLevel) + + case "debug": + logrus.SetLevel(logrus.DebugLevel) + + case "trace": + logrus.SetLevel(logrus.TraceLevel) + + default: + logrus.SetLevel(logrus.WarnLevel) + } +}