diff --git a/CHANGELOG.md b/CHANGELOG.md index 3180a21b..da404b2a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,7 +6,13 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. ## [Unreleased] -## [0.25.2] - 2023-06-26 +## [0.26.0] - 2023-07-18 + +### Added +- Log level is now configurable using the `LOG_LEVEL` environment variable or `conjur.org/log-level` annotation. + The existing `DEBUG` environment variable and `conjur.org/debug-logging` annotation is deprecated and will be removed in a future update. + [cyberark/conjur-authn-k8s-client#522](https://github.com/cyberark/conjur-authn-k8s-client/pull/522) + ### Fixed - Update RH base image to `ubi9/ubi` to match the libc version of the authenticator-client-builder image. [cyberark/conjur-authn-k8s-client#520](https://github.com/cyberark/conjur-authn-k8s-client/pull/520) diff --git a/bin/dev b/bin/dev index 307da9c3..8356e4e2 100755 --- a/bin/dev +++ b/bin/dev @@ -9,4 +9,5 @@ docker build \ docker run --rm \ -it \ -v $(cd ..; pwd):/opt/conjur-authn-k8s-client \ - conjur-authn-k8s-client-go:builder bash + --entrypoint bash \ + conjur-authn-k8s-client-go:builder diff --git a/cmd/authenticator/main.go b/cmd/authenticator/main.go index 20301648..9df54f3c 100644 --- a/cmd/authenticator/main.go +++ b/cmd/authenticator/main.go @@ -16,6 +16,7 @@ import ( ) func main() { + // Note: This will log even if the log level is set to "warn" or "error" since that's loaded after this log.Info(log.CAKC048, authenticator.FullVersionName) var err error diff --git a/helm/conjur-app-deploy/charts/app-secrets-provider-p2f-injected/templates/test_app_secrets_provider_p2f_injected.yaml b/helm/conjur-app-deploy/charts/app-secrets-provider-p2f-injected/templates/test_app_secrets_provider_p2f_injected.yaml index 383b9550..a814de6b 100644 --- a/helm/conjur-app-deploy/charts/app-secrets-provider-p2f-injected/templates/test_app_secrets_provider_p2f_injected.yaml +++ b/helm/conjur-app-deploy/charts/app-secrets-provider-p2f-injected/templates/test_app_secrets_provider_p2f_injected.yaml @@ -40,7 +40,7 @@ spec: conjur.org/container-image: "cyberark/secrets-provider-for-k8s:edge" conjur.org/conjur-inject-volumes: "test-app" conjur.org/container-mode: "init" - conjur.org/debug-logging: "true" + conjur.org/log-level: "debug" conjur.org/authn-identity: {{ quote .Values.conjur.authnLogin }} conjur.org/secrets-destination: "file" conjur.org/conjur-secrets.p2f-app: | diff --git a/helm/conjur-app-deploy/charts/app-secrets-provider-p2f-jwt/templates/test_app_secrets_provider_p2f.yaml b/helm/conjur-app-deploy/charts/app-secrets-provider-p2f-jwt/templates/test_app_secrets_provider_p2f.yaml index d4141a60..d89951f4 100644 --- a/helm/conjur-app-deploy/charts/app-secrets-provider-p2f-jwt/templates/test_app_secrets_provider_p2f.yaml +++ b/helm/conjur-app-deploy/charts/app-secrets-provider-p2f-jwt/templates/test_app_secrets_provider_p2f.yaml @@ -35,7 +35,7 @@ spec: app: test-app-secrets-provider-p2f annotations: conjur.org/container-mode: "init" - conjur.org/debug-logging: "true" + conjur.org/log-level: "debug" conjur.org/secrets-destination: "file" conjur.org/jwt-token-path: /var/run/secrets/tokens/{{ .Values.secretsProvider.jwt.tokenFile }} conjur.org/conjur-secrets.p2f-app: | diff --git a/helm/conjur-app-deploy/charts/app-secrets-provider-p2f/templates/test_app_secrets_provider_p2f.yaml b/helm/conjur-app-deploy/charts/app-secrets-provider-p2f/templates/test_app_secrets_provider_p2f.yaml index 073344f0..f61626c3 100644 --- a/helm/conjur-app-deploy/charts/app-secrets-provider-p2f/templates/test_app_secrets_provider_p2f.yaml +++ b/helm/conjur-app-deploy/charts/app-secrets-provider-p2f/templates/test_app_secrets_provider_p2f.yaml @@ -35,7 +35,7 @@ spec: app: test-app-secrets-provider-p2f annotations: conjur.org/container-mode: "init" - conjur.org/debug-logging: "true" + conjur.org/log-level: "debug" conjur.org/authn-identity: {{ quote .Values.conjur.authnLogin }} conjur.org/secrets-destination: "file" conjur.org/conjur-secrets.p2f-app: | diff --git a/helm/conjur-app-deploy/charts/app-secrets-provider-rotation/templates/test_app_secrets_provider_rotation.yaml b/helm/conjur-app-deploy/charts/app-secrets-provider-rotation/templates/test_app_secrets_provider_rotation.yaml index 655e3ee2..2d1ea18b 100644 --- a/helm/conjur-app-deploy/charts/app-secrets-provider-rotation/templates/test_app_secrets_provider_rotation.yaml +++ b/helm/conjur-app-deploy/charts/app-secrets-provider-rotation/templates/test_app_secrets_provider_rotation.yaml @@ -37,7 +37,7 @@ spec: conjur.org/container-mode: "sidecar" conjur.org/secrets-refresh-enabled: "true" conjur.org/secrets-refresh-interval: "10s" - conjur.org/debug-logging: "true" + conjur.org/log-level: "debug" conjur.org/authn-identity: {{ quote .Values.conjur.authnLogin }} conjur.org/secrets-destination: "file" conjur.org/conjur-secrets.rotation-app: | diff --git a/helm/conjur-config-cluster-prep/README.md b/helm/conjur-config-cluster-prep/README.md index eb183acf..2ec5b571 100644 --- a/helm/conjur-config-cluster-prep/README.md +++ b/helm/conjur-config-cluster-prep/README.md @@ -449,4 +449,4 @@ The following table lists the configurable parameters of the Conjur Open Source |`test.colorize`|Determines whether Helm test output should include color escape sequences|Defaults to `true`|| |`test.authentication.enable`|Indicates whether the Helm test should attempt to authenticate with the Conjur instance|`false`|| |`test.authentication.validatorID`|Indicates the Conjur Host ID that should be used to authenticate with the Conjur instance|`validator`|| -|`test.authentication.debug`|Enables Helm test authenticator init/sidecar container debug logging when set to `true`|`true`|| +|`test.authentication.logLevel`|Sets log level in authenticator init/sidecar container|`debug`|| diff --git a/helm/conjur-config-cluster-prep/templates/tests/_authn_container.yaml.txt b/helm/conjur-config-cluster-prep/templates/tests/_authn_container.yaml.txt index 5e850bc3..895c7705 100644 --- a/helm/conjur-config-cluster-prep/templates/tests/_authn_container.yaml.txt +++ b/helm/conjur-config-cluster-prep/templates/tests/_authn_container.yaml.txt @@ -21,9 +21,9 @@ fieldRef: apiVersion: v1 fieldPath: status.podIP - {{- if eq .Values.test.authentication.debug true }} - - name: DEBUG - value: "true" + {{- if .Values.test.authentication.logLevel }} + - name: LOG_LEVEL + value: {{ .Values.test.authentication.logLevel }} {{- end }} - name: CONJUR_AUTHN_URL value: {{ .Values.conjur.applianceUrl }}/authn-k8s/{{ .Values.authnK8s.authenticatorID }} diff --git a/helm/conjur-config-cluster-prep/test-helm b/helm/conjur-config-cluster-prep/test-helm index 95ffb11d..53045d16 100755 --- a/helm/conjur-config-cluster-prep/test-helm +++ b/helm/conjur-config-cluster-prep/test-helm @@ -57,7 +57,7 @@ function main() { --reuse-values \ --set test.authentication.enable="$test_authentication" \ --set test.authentication.validatorID="$validator_id" \ - --set test.authentication.debug=true \ + --set test.authentication.logLevel=debug \ --timeout "$UPGRADE_TIMEOUT" \ --wait diff --git a/helm/conjur-config-cluster-prep/values.yaml b/helm/conjur-config-cluster-prep/values.yaml index bfed08b5..f58f878c 100644 --- a/helm/conjur-config-cluster-prep/values.yaml +++ b/helm/conjur-config-cluster-prep/values.yaml @@ -61,5 +61,6 @@ test: # The authn-k8s sidecar will use a CONJUR_AUTHN_LOGIN value of: # host/conjur/authn-k8s/{{authenticatorID}}/{{validatorID}} validatorID: "apps/validator" - # 'debug' enables authenticator sidecar debug logs during testing - debug: true + # 'logLevel' sets authenticator sidecar log level. Valid values are: + # "debug", "info", "warn", "error". Defaults to "debug". + logLevel: "debug" diff --git a/helm/conjur-config-namespace-prep/templates/tests/_authn_container.yaml.txt b/helm/conjur-config-namespace-prep/templates/tests/_authn_container.yaml.txt index 1f41ce57..02ee710f 100644 --- a/helm/conjur-config-namespace-prep/templates/tests/_authn_container.yaml.txt +++ b/helm/conjur-config-namespace-prep/templates/tests/_authn_container.yaml.txt @@ -21,9 +21,9 @@ fieldRef: apiVersion: v1 fieldPath: status.podIP - {{- if eq .Values.test.authentication.debug true }} + {{- if .Values.test.authentication.logLevel }} - name: DEBUG - value: "true" + value: {{ .Values.test.authentication.logLevel }} {{- end }} - name: CONJUR_AUTHN_LOGIN value: {{ required "A valid .Values.test.authentication.authnLogin required!" .Values.test.authentication.authnLogin }} diff --git a/helm/conjur-config-namespace-prep/test-helm b/helm/conjur-config-namespace-prep/test-helm index e66c7e9e..3872c638 100755 --- a/helm/conjur-config-namespace-prep/test-helm +++ b/helm/conjur-config-namespace-prep/test-helm @@ -70,7 +70,7 @@ function main() { --reuse-values \ --set test.authentication.enable="$test_authentication" \ --set test.authentication.authnLogin="$host_id" \ - --set test.authentication.debug=true \ + --set test.authentication.logLevel=debug \ --timeout "$UPGRADE_TIMEOUT" \ --wait diff --git a/helm/conjur-config-namespace-prep/values.yaml b/helm/conjur-config-namespace-prep/values.yaml index 890cd9af..8d094c37 100644 --- a/helm/conjur-config-namespace-prep/values.yaml +++ b/helm/conjur-config-namespace-prep/values.yaml @@ -40,5 +40,5 @@ MIIC/ThisIsAMockThisIsOnlyAMock==\n # is required) in Conjur security policy. Example: # authnLogin: host/conjur/authn-k8s/my-authenticator-id/apps/validator authnLogin: - # 'debug' enables authenticator sidecar debug logs during testing - debug: true + # 'log-level: debug' enables authenticator sidecar debug logs during testing + log-level: debug diff --git a/pkg/authenticator/config/configuration_factory.go b/pkg/authenticator/config/configuration_factory.go index 2e4806e0..aac1b0e2 100644 --- a/pkg/authenticator/config/configuration_factory.go +++ b/pkg/authenticator/config/configuration_factory.go @@ -3,7 +3,6 @@ package config import ( "errors" "fmt" - "io/ioutil" "os" "strings" @@ -15,13 +14,14 @@ import ( ) const authnURLVarName string = "CONJUR_AUTHN_URL" +const defaultLogLevel string = "info" // AuthnSettings represents a group of authenticator client configuration settings. type AuthnSettings map[string]string // NewConfigFromEnv returns a config ConfigFromEnv using the standard file reader for reading certs func NewConfigFromEnv() (Configuration, error) { - return ConfigFromEnv(ioutil.ReadFile) + return ConfigFromEnv(os.ReadFile) } // ConfigFromEnv returns a new authenticator configuration object @@ -31,7 +31,8 @@ func ConfigFromEnv(readFileFunc common.ReadFileFunc) (Configuration, error) { func NewConfigFromCustomEnv(readFileFunc common.ReadFileFunc, customEnv func(key string) string) (Configuration, error) { log.Debug(log.CAKC068) - configureDebugIfNeeded(customEnv) + logLevel := getConfiguredLogLevel(customEnv) + log.SetLogLevel(logLevel) authnUrl := customEnv(authnURLVarName) conf, err := getConfiguration(authnUrl) if err != nil { @@ -140,18 +141,31 @@ func getConfigVariable(getters ...func(key string) string) func(string) string { } } -func configureDebugIfNeeded(getConfigFunc func(key string) string) { - validVal := "true" - debugValue := getConfigFunc("DEBUG") +func getConfiguredLogLevel(getConfigFunc func(key string) string) string { + validLogLevels := []string{"debug", "info", "warn", "error"} + logLevel := getConfigFunc("LOG_LEVEL") - switch debugValue { - case validVal: - log.EnableDebugMode() - case "": - // Log level not configured - break - default: - // Log level is configured but it's invalid - log.Warn(log.CAKC034, debugValue, validVal) + if logLevel != "" { + // If log level is configured, check if it's valid + for _, validLevel := range validLogLevels { + if logLevel == validLevel { + return logLevel + } + } + + // If log level is configured but it's invalid, log a warning and return default + log.Warn(log.CAKC034, logLevel, validLogLevels) + return defaultLogLevel } + + // If log level is not configured, check if debug is configured. + // This is for backwards compatibility with the old debug env var. + debugValue := getConfigFunc("DEBUG") + if debugValue == "true" { + log.Warn(log.CAKC081) + return "debug" + } + + // If neither log level nor debug are configured, return default + return defaultLogLevel } diff --git a/pkg/authenticator/config/validate_test.go b/pkg/authenticator/config/configuration_factory_test.go similarity index 55% rename from pkg/authenticator/config/validate_test.go rename to pkg/authenticator/config/configuration_factory_test.go index 727aef7c..0d8326d1 100644 --- a/pkg/authenticator/config/validate_test.go +++ b/pkg/authenticator/config/configuration_factory_test.go @@ -1,8 +1,11 @@ package config import ( + "bytes" "errors" "fmt" + "io" + "os" "testing" logger "github.com/cyberark/conjur-authn-k8s-client/pkg/log" @@ -10,6 +13,7 @@ import ( ) type errorAssertFunc func(*testing.T, []error) +type configAssertFunc func(*testing.T, error, Configuration, string) func TestValidate(t *testing.T) { TestCases := []struct { @@ -140,6 +144,119 @@ func TestValidate(t *testing.T) { } } +func TestNewConfigFromEnv(t *testing.T) { + TestCases := []struct { + description string + envVars map[string]string + assert configAssertFunc + }{ + { + description: "log level set to debug", + envVars: mergeRequiredVars( + map[string]string{ + "LOG_LEVEL": "debug", + }), + assert: func(t *testing.T, err error, config Configuration, logOutput string) { + assert.NoError(t, err) + assert.NotNil(t, config) + assert.Contains(t, logOutput, "CAKC052 Debug mode is enabled") + assert.Contains(t, logOutput, "CAKC074 Successfully validated input configuration") + assert.Contains(t, logOutput, "CAKC070 Chosen \"authn-jwt\" configuration") + }, + }, + { + description: "log level set to info", + envVars: mergeRequiredVars( + map[string]string{ + "LOG_LEVEL": "info", + }), + assert: func(t *testing.T, err error, config Configuration, logOutput string) { + assert.NoError(t, err) + assert.NotNil(t, config) + assert.NotContains(t, logOutput, "CAKC052 Debug mode is enabled") + assert.NotContains(t, logOutput, "CAKC074 Successfully validated input configuration") + assert.Contains(t, logOutput, "CAKC070 Chosen \"authn-jwt\" configuration") + }, + }, + { + description: "log level set to warn", + envVars: mergeRequiredVars( + map[string]string{ + "LOG_LEVEL": "warn", + }), + assert: func(t *testing.T, err error, config Configuration, logOutput string) { + assert.NoError(t, err) + assert.NotNil(t, config) + assert.NotContains(t, logOutput, "CAKC052 Debug mode is enabled") + assert.NotContains(t, logOutput, "CAKC074 Successfully validated input configuration") + assert.NotContains(t, logOutput, "CAKC070 Chosen \"authn-jwt\" configuration") + }, + }, + { + description: "invalid log level", + envVars: mergeRequiredVars( + map[string]string{ + "LOG_LEVEL": "invalid", + }), + assert: func(t *testing.T, err error, config Configuration, logOutput string) { + assert.NoError(t, err) + assert.NotNil(t, config) + assert.NotContains(t, logOutput, "CAKC052 Debug mode is enabled") + // Should default to "info" + assert.NotContains(t, logOutput, "CAKC074 Successfully validated input configuration") + assert.Contains(t, logOutput, "CAKC070 Chosen \"authn-jwt\" configuration") + assert.Contains(t, logOutput, "CAKC034 Invalid value 'invalid' provided for log level") + }, + }, + { + description: "DEBUG set to true", + envVars: mergeRequiredVars( + map[string]string{ + "DEBUG": "true", + }), + assert: func(t *testing.T, err error, config Configuration, logOutput string) { + assert.NoError(t, err) + assert.NotNil(t, config) + // Should print deprecation warning but still work + assert.Contains(t, logOutput, "CAKC081 'DEBUG'/'conjur.org/debug-logging' is deprecated. Use 'LOG_LEVEL'/'conjur.org/log-level'='debug' instead.") + assert.Contains(t, logOutput, "CAKC052 Debug mode is enabled") + assert.Contains(t, logOutput, "CAKC074 Successfully validated input configuration") + assert.Contains(t, logOutput, "CAKC070 Chosen \"authn-jwt\" configuration") + }, + }, + } + + for _, tc := range TestCases { + t.Run(tc.description, func(t *testing.T) { + // SETUP & EXERCISE + + // Set environment variables + for key, value := range tc.envVars { + os.Setenv(key, value) + } + // Reset environment variables after test + defer func() { + for key := range tc.envVars { + os.Unsetenv(key) + } + }() + + // Intercept logger output + logOutput := io.ReadWriter(&bytes.Buffer{}) + logger.ErrorLogger.SetOutput(logOutput) + logger.InfoLogger.SetOutput(logOutput) + + configObj, err := NewConfigFromEnv() + + // Split log output into individual messages + logText, _ := io.ReadAll(logOutput) + + // ASSERT + tc.assert(t, err, configObj, string(logText)) + }) + } +} + func assertErrorInList(err error) errorAssertFunc { return func(t *testing.T, errorList []error) { assert.Contains(t, errorList, err) @@ -161,3 +278,17 @@ func assertErrorNotInList(err error) errorAssertFunc { assert.NotContains(t, errorList, err) } } + +func mergeRequiredVars(newVars map[string]string) map[string]string { + requiredVars := map[string]string{ + "CONJUR_AUTHN_URL": "authn-jwt", + "CONJUR_ACCOUNT": "testAccount", + "JWT_TOKEN_PATH": "/tmp/token", + "CONTAINER_MODE": "init", + "CONJUR_SSL_CERTIFICATE": "samplecertificate", + } + for key, value := range newVars { + requiredVars[key] = value + } + return requiredVars +} diff --git a/pkg/authenticator/jwt/config.go b/pkg/authenticator/jwt/config.go index 51e8bf88..ccb63a5b 100644 --- a/pkg/authenticator/jwt/config.go +++ b/pkg/authenticator/jwt/config.go @@ -44,6 +44,7 @@ var envVariables = []string{ "CONJUR_TOKEN_TIMEOUT", "CONTAINER_MODE", "DEBUG", + "LOG_LEVEL", "JWT_TOKEN_PATH", "CONJUR_AUTHN_LOGIN", } diff --git a/pkg/authenticator/jwt/tests/config_test.go b/pkg/authenticator/jwt/tests/config_test.go index 53469169..32ea2470 100644 --- a/pkg/authenticator/jwt/tests/config_test.go +++ b/pkg/authenticator/jwt/tests/config_test.go @@ -19,12 +19,12 @@ var environmentValues = map[string]string{ } var annotationValues = map[string]string{ - "conjur.org/debug-logging": "true", + "conjur.org/log-level": "debug", "conjur.org/container-mode": "init", } var envToAnnot = map[string]string{ - "DEBUG": "conjur.org/debug-logging", + "LOG_LEVEL": "conjur.org/log-level", "CONTAINER_MODE": "conjur.org/container-mode", } @@ -56,8 +56,9 @@ func TestGatherSettings(t *testing.T) { "CONJUR_AUTHN_URL": "authn-jwt", "CONJUR_CERT_FILE": "testSSLCertFile.txt", "CONJUR_SSL_CERTIFICATE": "testSSLCert", - "CONTAINER_MODE": "init", // provided by annotation - "DEBUG": "true", // provided by annotation + "CONTAINER_MODE": "init", // provided by annotation + "LOG_LEVEL": "debug", // provided by annotation + "DEBUG": "", "CONJUR_AUTHN_TOKEN_FILE": jwt.DefaultTokenFilePath, "CONJUR_TOKEN_TIMEOUT": jwt.DefaultTokenRefreshTimeout, }, @@ -72,6 +73,7 @@ func TestGatherSettings(t *testing.T) { "CONJUR_ACCOUNT": "testAccount", "CONJUR_CERT_FILE": "testSSLCertFile.txt", "CONJUR_SSL_CERTIFICATE": "testSSLCert", + "LOG_LEVEL": "", "DEBUG": "", "CONTAINER_MODE": "", "CONJUR_AUTHN_TOKEN_FILE": jwt.DefaultTokenFilePath, diff --git a/pkg/authenticator/k8s/config.go b/pkg/authenticator/k8s/config.go index e4a41e43..04e31dac 100644 --- a/pkg/authenticator/k8s/config.go +++ b/pkg/authenticator/k8s/config.go @@ -52,6 +52,7 @@ var envVariables = []string{ "CONJUR_TOKEN_TIMEOUT", "CONTAINER_MODE", "DEBUG", + "LOG_LEVEL", "MY_POD_NAME", "MY_POD_NAMESPACE", } diff --git a/pkg/authenticator/k8s/tests/config_test.go b/pkg/authenticator/k8s/tests/config_test.go index c8d13849..3158f4fd 100644 --- a/pkg/authenticator/k8s/tests/config_test.go +++ b/pkg/authenticator/k8s/tests/config_test.go @@ -22,13 +22,13 @@ var environmentValues = map[string]string{ var annotationValues = map[string]string{ "conjur.org/authn-identity": "host/anotherHost", - "conjur.org/debug-logging": "true", + "conjur.org/log-level": "debug", "conjur.org/container-mode": "init", } var envToAnnot = map[string]string{ "CONJUR_AUTHN_LOGIN": "conjur.org/authn-identity", - "DEBUG": "conjur.org/debug-logging", + "LOG_LEVEL": "conjur.org/log-level", "CONTAINER_MODE": "conjur.org/container-mode", } @@ -59,8 +59,9 @@ func TestGatherSettings(t *testing.T) { "CONJUR_AUTHN_URL": "filepath", "CONJUR_CERT_FILE": "testSSLCertFile.txt", "CONJUR_SSL_CERTIFICATE": "testSSLCert", - "CONTAINER_MODE": "init", // provided by annotation - "DEBUG": "true", // provided by annotation + "CONTAINER_MODE": "init", // provided by annotation + "LOG_LEVEL": "debug", // provided by annotation + "DEBUG": "", "MY_POD_NAME": "testPodName", "MY_POD_NAMESPACE": "testNameSpace", "CONJUR_AUTHN_TOKEN_FILE": k8s.DefaultTokenFilePath, @@ -80,6 +81,7 @@ func TestGatherSettings(t *testing.T) { "CONJUR_SSL_CERTIFICATE": "testSSLCert", "MY_POD_NAMESPACE": "testNameSpace", "MY_POD_NAME": "testPodName", + "LOG_LEVEL": "", "DEBUG": "", "CONTAINER_MODE": "", "CONJUR_CLIENT_CERT_PATH": k8s.DefaultClientCertPath, diff --git a/pkg/log/log_messages.go b/pkg/log/log_messages.go index dbba144c..b6f8c855 100644 --- a/pkg/log/log_messages.go +++ b/pkg/log/log_messages.go @@ -46,7 +46,7 @@ const CAKC030 string = "CAKC030 Failed to generate RSA keypair. Reason: %s" const CAKC031 string = "CAKC031 Retransmission backoff exhausted" const CAKC032 string = "CAKC032 CONJUR_AUTHN_LOGIN %s must start with 'host/'" const CAKC033 string = "CAKC033 Timed out after waiting for %d seconds for file to exist: %s" -const CAKC034 string = "CAKC034 Incorrect value '%s' provided for enabling debug mode. Allowed value: '%s'" +const CAKC034 string = "CAKC034 Invalid value '%s' provided for log level. Allowed values: '%v'" const CAKC035 string = "CAKC035 Successfully authenticated" const CAKC036 string = "CAKC036 Logged in" const CAKC037 string = "CAKC037 Logged in. Continuing authentication" @@ -93,3 +93,4 @@ const CAKC077 string = "CAKC077 Successfully loaded JWT" const CAKC078 string = "CAKC078 Extracting application identity (host) from configuration..." const CAKC079 string = "CAKC079 Extracted application identity (host) %s from configuration" const CAKC080 string = "CAKC080 No application identity (host) detected in Authenticator configuration. Application identity will be taken from JWT provided in request." +const CAKC081 string = "CAKC081 'DEBUG'/'conjur.org/debug-logging' is deprecated. Use 'LOG_LEVEL'/'conjur.org/log-level'='debug' instead." diff --git a/pkg/log/logger.go b/pkg/log/logger.go index 38548d0d..dfdf27fd 100644 --- a/pkg/log/logger.go +++ b/pkg/log/logger.go @@ -9,7 +9,7 @@ import ( var InfoLogger = log.New(os.Stdout, "INFO: ", log.LUTC|log.Ldate|log.Ltime|log.Lmicroseconds|log.Lshortfile) var ErrorLogger = log.New(os.Stderr, "ERROR: ", log.LUTC|log.Ldate|log.Ltime|log.Lmicroseconds|log.Lshortfile) -var isDebug = false +var logLevel = "info" /* Prints an error message to the error log and returns a new error with the given message. @@ -42,22 +42,29 @@ func Error(message string, args ...interface{}) { } func Warn(message string, args ...interface{}) { - writeLog(InfoLogger, "WARN", message, args...) + if logLevel == "debug" || logLevel == "info" || logLevel == "warn" { + writeLog(InfoLogger, "WARN", message, args...) + } } func Info(message string, args ...interface{}) { - writeLog(InfoLogger, "INFO", message, args...) + if logLevel == "debug" || logLevel == "info" { + writeLog(InfoLogger, "INFO", message, args...) + } } func Debug(infoMessage string, args ...interface{}) { - if isDebug { + if logLevel == "debug" { writeLog(InfoLogger, "DEBUG", infoMessage, args...) } } -func EnableDebugMode() { - isDebug = true - Debug(CAKC052) +func SetLogLevel(level string) { + logLevel = level + + if level == "debug" { + Debug(CAKC052) + } } func writeLog(logger *log.Logger, logLevel string, message string, args ...interface{}) { diff --git a/pkg/log/logger_test.go b/pkg/log/logger_test.go index 61dd32b3..bc2229fd 100644 --- a/pkg/log/logger_test.go +++ b/pkg/log/logger_test.go @@ -30,7 +30,7 @@ func TestAuthenticator(t *testing.T) { validateLog(t, Info, "INFO", "log message with param: <%s>", "param value") }) - t.Run("Calling Debug does nothing before Calling EnableDebugMode", func(t *testing.T) { + t.Run("Calling Debug does nothing before setting log level to debug", func(t *testing.T) { var logBuffer bytes.Buffer InfoLogger = log.New(&logBuffer, "", 0) @@ -39,8 +39,8 @@ func TestAuthenticator(t *testing.T) { assert.Equal(t, logBuffer.Len(), 0) }) - t.Run("Calling Debug logs the message after Calling EnableDebugMode", func(t *testing.T) { - EnableDebugMode() + t.Run("Calling Debug logs the message after setting log level to debug", func(t *testing.T) { + SetLogLevel("debug") validateLog(t, Debug, "DEBUG", "log message with param: <%s>", "param value") }) })