Merge pull request #145 from ARGOeu/devel

Preparing to release v0.1.8

argo-api-authn.spec

@@ -3,7 +3,7 @@
 
 Name: argo-api-authn
 Summary: ARGO Authentication API. Map X509, OICD to token.
-Version: 0.1.7
+Version: 0.1.8
 Release: 1%{?dist}
 License: ASL 2.0
 Buildroot: %{_tmppath}/%{name}-buildroot
@@ -57,11 +57,13 @@ go clean
 %attr(0644,root,root) /usr/lib/systemd/system/argo-api-authn.service
 
 %changelog
-* Tue Apr 13 2021 Agelos Tsalapatis  <agelos.tsal@gmail    .com> - 0.1.7-1%{?dist}
+* Mon Nov 8 2021 Agelos Tsalapatis  <[email protected]> - 0.1.8-1%{?dist}
+- Release of argo-api-authn version 0.1.8
+* Tue Apr 13 2021 Agelos Tsalapatis  <[email protected]> - 0.1.7-1%{?dist}
 - Release of argo-api-authn version 0.1.7
-* Wed Mar 31 2021 Agelos Tsalapatis  <agelos.tsal@gmail    .com> - 0.1.6-1%{?dist}
+* Wed Mar 31 2021 Agelos Tsalapatis  <[email protected]> - 0.1.6-1%{?dist}
 - Release of argo-api-authn version 0.1.6
-* Wed Nov 18 2020 Agelos Tsalapatis  <agelos.tsal@gmail    .com> - 0.1.5-1%{?dist}
+* Wed Nov 18 2020 Agelos Tsalapatis  <[email protected]> - 0.1.5-1%{?dist}
 - Release of argo-api-authn version 0.1.5
 * Thu Jun 13 2019 Agelos Tsalapatis  <[email protected]> - 0.1.4-1%{?dist}
 - Release of argo-api-authn version 0.1.4

auth/certificate.go

@@ -8,7 +8,7 @@ import (
 	"path/filepath"
 
 	"github.com/ARGOeu/argo-api-authn/utils"
-	LOGGER "github.com/sirupsen/logrus"
+	log "github.com/sirupsen/logrus"
 	"net"
 	"strings"
 	"time"
@@ -27,12 +27,22 @@ var NonStandardAttributeNames = map[string]string{
 // load_CAs reads the root certificates from a directory within the filesystem, and creates the trusted root CA chain
 func LoadCAs(dir string) (roots *x509.CertPool) {
 
-	LOGGER.Info("Building the root CA chain...")
+	log.WithFields(
+		log.Fields{
+			"type": "service_log",
+		},
+	).Info("Building the root CA chain . . .")
 	pattern := "*.pem"
 	roots = x509.NewCertPool()
 	err := filepath.Walk(dir, func(path string, info os.FileInfo, err error) error {
 		if err != nil {
-			LOGGER.Errorf("Prevent panic by handling failure accessing a path %q: %v\n", dir, err)
+			log.WithFields(
+				log.Fields{
+					"type":    "service_log",
+					"details": err.Error(),
+					"path":    dir,
+				},
+			).Error("Certificate system path access failure")
 			return err
 		}
 		if ok, _ := filepath.Match(pattern, info.Name()); ok {
@@ -45,9 +55,17 @@ func LoadCAs(dir string) (roots *x509.CertPool) {
 	})
 
 	if err != nil {
-		LOGGER.Errorf("error walking the path %q: %v\n", dir, err)
+		log.WithFields(
+			log.Fields{
+				"type":    "service_log",
+				"details": err.Error(),
+				"path":    dir,
+			},
+		).Error("Error walking certificate system path")
 	} else {
-		LOGGER.Info("API", "\t", "All certificates parsed successfully.")
+		log.WithFields(
+			log.Fields{},
+		).Info("All certificates parsed successfully!")
 	}
 
 	return
@@ -129,6 +147,14 @@ func ValidateClientCertificate(cert *x509.Certificate, clientIP string, clientCe
 	var hosts []string
 	var ip string
 
+	log.WithFields(
+		log.Fields{
+			"type":  "service_log",
+			"hosts": hosts,
+			"ip":    clientIP,
+		},
+	).Info("Validating Client Certificate")
+
 	if clientCertHostVerification {
 
 		if ip, _, err = net.SplitHostPort(clientIP); err != nil {
@@ -141,8 +167,6 @@ func ValidateClientCertificate(cert *x509.Certificate, clientIP string, clientCe
 			return err
 		}
 
-		LOGGER.Infof("Certificate request: %v from Host: %v with IP: %v", ExtractEnhancedRDNSequenceToString(cert), hosts, clientIP)
-
 		// loop through hosts and check if any of them matches with the one specified in the certificate
 		var tmpErr error
 		for _, h := range hosts {

auth/revoke.go

@@ -5,7 +5,7 @@ import (
 	"crypto/x509/pkix"
 	"fmt"
 	"github.com/ARGOeu/argo-api-authn/utils"
-	LOGGER "github.com/sirupsen/logrus"
+	log "github.com/sirupsen/logrus"
 	"io/ioutil"
 	"math/big"
 	"net/http"
@@ -46,7 +46,15 @@ func CRLCheckRevokedCert(cert *x509.Certificate) error {
 			if crtList, err = FetchCRL(crlURL); err != nil {
 				errChan <- err
 			}
-			LOGGER.Infof("PERFORMANCE    Request to CRL: %v took %v", crlURL, time.Since(t1))
+
+			log.WithFields(
+				log.Fields{
+					"type":            "backend_log",
+					"backend_service": "crl",
+					"backend_hosts":   crlURL,
+					"processing_time": time.Since(t1),
+				},
+			).Info("CRL REQUEST")
 
 			// how many chunks should the slice should be split into
 			goMaxP = 2
@@ -56,7 +64,13 @@ func CRLCheckRevokedCert(cert *x509.Certificate) error {
 			psi = 0
 
 			rvkCrtListLen := len(crtList.RevokedCertificates)
-			LOGGER.Infof("PERFORMANCE    Request to CRL: %v returned %v elements", crlURL, rvkCrtListLen)
+			log.WithFields(
+				log.Fields{
+					"type":            "backend_log",
+					"backend_service": "crl",
+					"backend_hosts":   crlURL,
+				},
+			).Infof("Request to CRL returned %v elements", rvkCrtListLen)
 
 			// distribute the list of revoked certs evenly
 			// in order to break up the slice to a specified number of chunks
@@ -83,7 +97,12 @@ func CRLCheckRevokedCert(cert *x509.Certificate) error {
 	// cancel mechanism
 	go func() {
 		wg.Wait()
-		LOGGER.Infof("PERFORMANCE    Total time for examining certificate revocation %v", time.Since(totalTime))
+		log.WithFields(
+			log.Fields{
+				"type":            "service_log",
+				"processing_time": time.Since(totalTime),
+			},
+		).Info("PERFORMANCE for examining certificate revocation")
 		close(errChan)
 	}()
 
@@ -95,7 +114,12 @@ func CRLCheckRevokedCert(cert *x509.Certificate) error {
 		}
 	}
 
-	LOGGER.Infof("PERFORMANCE    Total time for examining certificate revocation %v", time.Since(totalTime))
+	log.WithFields(
+		log.Fields{
+			"type":            "service_log",
+			"processing_time": time.Since(totalTime),
+		},
+	).Info("PERFORMANCE for examining certificate revocation")
 	return err
 }
 
@@ -130,24 +154,43 @@ func FetchCRL(url string) (pkix.TBSCertificateList, error) {
 	// initialize the client and perform a get request to grab the crl
 	client := &http.Client{Timeout: time.Duration(30 * time.Second)}
 	if resp, err = client.Get(url); err != nil {
-		LOGGER.Error(fmt.Errorf("Request to CRL: %v produced the following error, %v", url, err.Error()))
+		log.WithFields(
+			log.Fields{
+				"type":            "backend_log",
+				"backend_service": "crl",
+				"backend_hosts":   url,
+				"details":         err.Error(),
+			},
+		).Error("CRL Request error")
 		err := fmt.Errorf("Could not access CRL %v", url)
 		return pkix.TBSCertificateList{}, err
 	}
 
 	// read the response
 	if crlBytes, err = ioutil.ReadAll(resp.Body); err != nil {
-		err := fmt.Errorf("Reading CRL data: %v produced the following error, %v", url, err.Error())
-		LOGGER.Error(err)
+		log.WithFields(
+			log.Fields{
+				"type":            "backend_log",
+				"backend_service": "crl",
+				"backend_hosts":   url,
+				"details":         err.Error(),
+			},
+		).Error("Unable to read CRL data")
 		return pkix.TBSCertificateList{}, err
 	}
 
 	defer resp.Body.Close()
 
 	// create the crl from the byte slice
 	if crtList, err = x509.ParseCRL(crlBytes); err != nil {
-		err := fmt.Errorf("Parsing CRL data: %v produced the following error, %v", url, err.Error())
-		LOGGER.Error(err)
+		log.WithFields(
+			log.Fields{
+				"type":            "backend_log",
+				"backend_service": "crl",
+				"backend_hosts":   url,
+				"details":         err.Error(),
+			},
+		).Error("Unable to parse CRL data")
 		return pkix.TBSCertificateList{}, err
 	}
 

authmethods/api_key_auth.go

@@ -10,7 +10,7 @@ import (
 	"github.com/ARGOeu/argo-api-authn/servicetypes"
 	"github.com/ARGOeu/argo-api-authn/stores"
 	"github.com/ARGOeu/argo-api-authn/utils"
-	LOGGER "github.com/sirupsen/logrus"
+	log "github.com/sirupsen/logrus"
 	"io"
 	"net/http"
 	"strconv"
@@ -119,13 +119,24 @@ func (m *ApiKeyAuthMethod) RetrieveAuthResource(binding bindings.Binding, servic
 
 	if retrievalField, ok = cfg.ServiceTypesRetrievalFields[serviceType.Type]; !ok {
 		err = utils.APIGenericInternalError("Backend error")
-		LOGGER.Errorf("The retrieval field for type: %v was not found in the config retrieval fields: %v", serviceType.Type, cfg.ServiceTypesRetrievalFields)
+		log.WithFields(
+			log.Fields{
+				"type":          "service_log",
+				"config_fields": cfg.ServiceTypesRetrievalFields,
+			},
+		).Errorf("The retrieval field for type: %v was not found in the config retrieval fields",
+			serviceType.Type)
 		return externalResp, err
 	}
 
 	if path, ok = cfg.ServiceTypesPaths[serviceType.Type]; !ok {
 		err = utils.APIGenericInternalError("Backend error")
-		LOGGER.Errorf("The path for type: %v was not found in the config retrieval fields: %v", serviceType.Type, cfg.ServiceTypesPaths)
+		log.WithFields(
+			log.Fields{
+				"type":  "service_log",
+				"paths": cfg.ServiceTypesPaths,
+			},
+		).Errorf("The path for type: %v was not found in the config retrieval fields", serviceType.Type)
 		return externalResp, err
 	}
 

authmethods/auth_method_factory.go

@@ -2,7 +2,7 @@ package authmethods
 
 import (
 	"github.com/ARGOeu/argo-api-authn/utils"
-	LOGGER "github.com/sirupsen/logrus"
+	log "github.com/sirupsen/logrus"
 )
 
 type AuthMethodFactory struct{}
@@ -20,7 +20,11 @@ func (f *AuthMethodFactory) Create(amType string) (AuthMethod, error) {
 
 	if aMInit, ok = AuthMethodsTypes[amType]; !ok {
 		err = utils.APIGenericInternalError("Type is supported but not found")
-		LOGGER.Errorf("Type: %v was requested, but was not found inside the source code despite being supported", amType)
+		log.WithFields(
+			log.Fields{
+				"type": "service_log",
+			},
+		).Errorf("Type: %v was requested, but was not found inside the source code despite being supported", amType)
 		return am, err
 	}
 

authmethods/authmethods.go

@@ -8,7 +8,7 @@ import (
 	"github.com/ARGOeu/argo-api-authn/stores"
 	"github.com/ARGOeu/argo-api-authn/utils"
 	"github.com/satori/go.uuid"
-	LOGGER "github.com/sirupsen/logrus"
+	log "github.com/sirupsen/logrus"
 	"io"
 )
 
@@ -106,7 +106,12 @@ func AuthMethodFinder(serviceUUID string, host string, authMethodType string, st
 	// access the appropriate finder based on the auth method type
 	if finderFunc, ok = QueryAuthMethodFinders[authMethodType]; !ok {
 		err = utils.APIGenericInternalError("Type is supported but not found")
-		LOGGER.Errorf("Type: %v was used to retrieve from AuthMethodsRetrievalFields, but was not found inside the source code(QueryAuthMethodFinders) of despite being supported", authMethodType)
+		log.WithFields(
+			log.Fields{
+				"type": "service_log",
+			},
+		).Errorf("Type: %v was used to retrieve from AuthMethodsRetrievalFields,"+
+			" but was not found inside the source code(QueryAuthMethodFinders) of despite being supported", authMethodType)
 		return am, err
 	}
 

authmethods/headers_auth.go

@@ -10,7 +10,7 @@ import (
 	"github.com/ARGOeu/argo-api-authn/servicetypes"
 	"github.com/ARGOeu/argo-api-authn/stores"
 	"github.com/ARGOeu/argo-api-authn/utils"
-	LOGGER "github.com/sirupsen/logrus"
+	log "github.com/sirupsen/logrus"
 	"io"
 	"net/http"
 	"strconv"
@@ -125,13 +125,25 @@ func (m *HeadersAuthMethod) RetrieveAuthResource(binding bindings.Binding, servi
 
 	if retrievalField, ok = cfg.ServiceTypesRetrievalFields[serviceType.Type]; !ok {
 		err = utils.APIGenericInternalError("Backend error")
-		LOGGER.Errorf("The retrieval field for type: %v was not found in the config retrieval fields: %v", serviceType.Type, cfg.ServiceTypesRetrievalFields)
+		log.WithFields(
+			log.Fields{
+				"type":         "service_log",
+				"service_type": serviceType.Type,
+				"fields":       cfg.ServiceTypesRetrievalFields,
+			},
+		).Error("Retrieval field for service-type was not found in service config")
 		return externalResp, err
 	}
 
 	if path, ok = cfg.ServiceTypesPaths[serviceType.Type]; !ok {
 		err = utils.APIGenericInternalError("Backend error")
-		LOGGER.Errorf("The path for type: %v was not found in the config retrieval fields: %v", serviceType.Type, cfg.ServiceTypesPaths)
+		log.WithFields(
+			log.Fields{
+				"type":         "service_log",
+				"service_type": serviceType.Type,
+				"paths":        cfg.ServiceTypesPaths,
+			},
+		).Error("Path field for service-type was not found in service config")
 		return externalResp, err
 	}