djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Started debug logging.

Browse Source
This commit is contained in:
Margo Crawford 2021-04-06 15:13:27 -07:00
parent d76ac56df2
commit 8ffd9fdc4e
2 changed files with 23 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
cmd/pinniped/cmd/login_oidc.go
View File

@ -20,10 +20,12 @@ import (
"github.com/spf13/cobra" "github.com/spf13/cobra"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
clientauthv1beta1 "k8s.io/client-go/pkg/apis/clientauthentication/v1beta1" clientauthv1beta1 "k8s.io/client-go/pkg/apis/clientauthentication/v1beta1"
"k8s.io/client-go/transport"
"k8s.io/klog/v2/klogr" "k8s.io/klog/v2/klogr"
"go.pinniped.dev/internal/execcredcache" "go.pinniped.dev/internal/execcredcache"
"go.pinniped.dev/internal/groupsuffix" "go.pinniped.dev/internal/groupsuffix"
"go.pinniped.dev/internal/plog"
"go.pinniped.dev/pkg/conciergeclient" "go.pinniped.dev/pkg/conciergeclient"
"go.pinniped.dev/pkg/oidcclient" "go.pinniped.dev/pkg/oidcclient"
"go.pinniped.dev/pkg/oidcclient/filesession" "go.pinniped.dev/pkg/oidcclient/filesession"
@ -110,6 +112,8 @@ func oidcLoginCommand(deps oidcLoginCommandDeps) *cobra.Command {
} }
func runOIDCLogin(cmd *cobra.Command, deps oidcLoginCommandDeps, flags oidcLoginFlags) error { func runOIDCLogin(cmd *cobra.Command, deps oidcLoginCommandDeps, flags oidcLoginFlags) error {
SetLogLevel()
// Initialize the session cache. // Initialize the session cache.
var sessionOptions []filesession.Option var sessionOptions []filesession.Option
@ -153,6 +157,7 @@ func runOIDCLogin(cmd *cobra.Command, deps oidcLoginCommandDeps, flags oidcLogin
// --skip-browser replaces the default "browser open" function with one that prints to stderr. // --skip-browser replaces the default "browser open" function with one that prints to stderr.
if flags.skipBrowser { if flags.skipBrowser {
plog.Debug("skipping browser.")
opts = append(opts, oidcclient.WithBrowserOpen(func(url string) error { opts = append(opts, oidcclient.WithBrowserOpen(func(url string) error {
cmd.PrintErr("Please log in: ", url, "\n") cmd.PrintErr("Please log in: ", url, "\n")
return nil return nil
@ -166,7 +171,6 @@ func runOIDCLogin(cmd *cobra.Command, deps oidcLoginCommandDeps, flags oidcLogin
} }
opts = append(opts, oidcclient.WithClient(client)) opts = append(opts, oidcclient.WithClient(client))
} }
// Look up cached credentials based on a hash of all the CLI arguments and the cluster info. // Look up cached credentials based on a hash of all the CLI arguments and the cluster info.
cacheKey := struct { cacheKey := struct {
Args []string `json:"args"` Args []string `json:"args"`
@ -183,6 +187,7 @@ func runOIDCLogin(cmd *cobra.Command, deps oidcLoginCommandDeps, flags oidcLogin
} }
} }
plog.Debug("performing OIDC login", "issuer", flags.issuer, "client id", flags.clientID)
// Do the basic login to get an OIDC token. // Do the basic login to get an OIDC token.
token, err := deps.login(flags.issuer, flags.clientID, opts...) token, err := deps.login(flags.issuer, flags.clientID, opts...)
if err != nil { if err != nil {
@ -192,6 +197,7 @@ func runOIDCLogin(cmd *cobra.Command, deps oidcLoginCommandDeps, flags oidcLogin
// If the concierge was configured, exchange the credential for a separate short-lived, cluster-specific credential. // If the concierge was configured, exchange the credential for a separate short-lived, cluster-specific credential.
if concierge != nil { if concierge != nil {
plog.Debug("exchanging token for cluster credential", "endpoint", flags.conciergeEndpoint, "authenticator type", flags.conciergeAuthenticatorType, "authenticator name", flags.conciergeAuthenticatorName)
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
defer cancel() defer cancel()
@ -224,7 +230,7 @@ func makeClient(caBundlePaths []string, caBundleData []string) (*http.Client, er
} }
pool.AppendCertsFromPEM(pem) pool.AppendCertsFromPEM(pem)
} }
return &http.Client{ client := &http.Client{
Transport: &http.Transport{ Transport: &http.Transport{
Proxy: http.ProxyFromEnvironment, Proxy: http.ProxyFromEnvironment,
TLSClientConfig: &tls.Config{ TLSClientConfig: &tls.Config{
@ -232,7 +238,10 @@ func makeClient(caBundlePaths []string, caBundleData []string) (*http.Client, er
MinVersion: tls.VersionTLS12, MinVersion: tls.VersionTLS12,
}, },
}, },
}, nil }
client.Transport = transport.DebugWrappers(client.Transport)
return client, nil
} }
func tokenCredential(token *oidctypes.Token) *clientauthv1beta1.ExecCredential { func tokenCredential(token *oidctypes.Token) *clientauthv1beta1.ExecCredential {
@ -251,6 +260,12 @@ func tokenCredential(token *oidctypes.Token) *clientauthv1beta1.ExecCredential {
return &cred return &cred
} }
func SetLogLevel() {
if os.Getenv("PINNIPED_DEBUG") == "true" {
_ = plog.ValidateAndSetLogLevelGlobally(plog.LevelDebug)
}
}
// mustGetConfigDir returns a directory that follows the XDG base directory convention: // mustGetConfigDir returns a directory that follows the XDG base directory convention:
// $XDG_CONFIG_HOME defines the base directory relative to which user specific configuration files should // $XDG_CONFIG_HOME defines the base directory relative to which user specific configuration files should
// be stored. If $XDG_CONFIG_HOME is either not set or empty, a default equal to $HOME/.config should be used. // be stored. If $XDG_CONFIG_HOME is either not set or empty, a default equal to $HOME/.config should be used.

5
cmd/pinniped/cmd/login_static.go
View File

@ -17,6 +17,7 @@ import (
"go.pinniped.dev/internal/execcredcache" "go.pinniped.dev/internal/execcredcache"
"go.pinniped.dev/internal/groupsuffix" "go.pinniped.dev/internal/groupsuffix"
"go.pinniped.dev/internal/plog"
"go.pinniped.dev/pkg/conciergeclient" "go.pinniped.dev/pkg/conciergeclient"
"go.pinniped.dev/pkg/oidcclient/oidctypes" "go.pinniped.dev/pkg/oidcclient/oidctypes"
) )
@ -83,6 +84,8 @@ func staticLoginCommand(deps staticLoginDeps) *cobra.Command {
} }
func runStaticLogin(out io.Writer, deps staticLoginDeps, flags staticLoginParams) error { func runStaticLogin(out io.Writer, deps staticLoginDeps, flags staticLoginParams) error {
SetLogLevel()
if flags.staticToken == "" && flags.staticTokenEnvName == "" { if flags.staticToken == "" && flags.staticTokenEnvName == "" {
return fmt.Errorf("one of --token or --token-env must be set") return fmt.Errorf("one of --token or --token-env must be set")
} }
@ -137,6 +140,7 @@ func runStaticLogin(out io.Writer, deps staticLoginDeps, flags staticLoginParams
// If the concierge was configured, exchange the credential for a separate short-lived, cluster-specific credential. // If the concierge was configured, exchange the credential for a separate short-lived, cluster-specific credential.
if concierge != nil { if concierge != nil {
plog.Debug("exchanging static token for cluster credential", "endpoint", flags.conciergeEndpoint, "authenticator type", flags.conciergeAuthenticatorType, "authenticator name", flags.conciergeAuthenticatorName)
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
defer cancel() defer cancel()
@ -145,6 +149,7 @@ func runStaticLogin(out io.Writer, deps staticLoginDeps, flags staticLoginParams
if err != nil { if err != nil {
return fmt.Errorf("could not complete Concierge credential exchange: %w", err) return fmt.Errorf("could not complete Concierge credential exchange: %w", err)
} }
plog.Debug("exchanged static token for cluster credential")
} }
// If there was a credential cache, save the resulting credential for future use. We only save to the cache if // If there was a credential cache, save the resulting credential for future use. We only save to the cache if