diff --git a/cmd/pinniped/cmd/kubeconfig_test.go b/cmd/pinniped/cmd/kubeconfig_test.go index 237c34434..d31938a2a 100644 --- a/cmd/pinniped/cmd/kubeconfig_test.go +++ b/cmd/pinniped/cmd/kubeconfig_test.go @@ -11,6 +11,7 @@ import ( "os" "path/filepath" "slices" + "strings" "testing" "time" @@ -27,8 +28,8 @@ import ( conciergefake "go.pinniped.dev/generated/latest/client/concierge/clientset/versioned/fake" "go.pinniped.dev/internal/certauthority" "go.pinniped.dev/internal/here" + "go.pinniped.dev/internal/plog" "go.pinniped.dev/internal/testutil" - "go.pinniped.dev/internal/testutil/testlogger" "go.pinniped.dev/internal/testutil/tlsserver" ) @@ -296,7 +297,7 @@ func TestGetKubeconfig(t *testing.T) { }, wantLogs: func(issuerCABundle string, issuerURL string) []string { return []string{ - `"level"=0 "msg"="discovered CredentialIssuer" "name"="test-credential-issuer"`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.lookupCredentialIssuer","message":"discovered CredentialIssuer","name":"test-credential-issuer"}`, } }, wantError: true, @@ -320,7 +321,7 @@ func TestGetKubeconfig(t *testing.T) { }, wantLogs: func(issuerCABundle string, issuerURL string) []string { return []string{ - `"level"=0 "msg"="discovered CredentialIssuer" "name"="test-credential-issuer"`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.lookupCredentialIssuer","message":"discovered CredentialIssuer","name":"test-credential-issuer"}`, } }, wantError: true, @@ -344,7 +345,7 @@ func TestGetKubeconfig(t *testing.T) { }, wantLogs: func(issuerCABundle string, issuerURL string) []string { return []string{ - `"level"=0 "msg"="discovered CredentialIssuer" "name"="test-credential-issuer"`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.lookupCredentialIssuer","message":"discovered CredentialIssuer","name":"test-credential-issuer"}`, } }, wantError: true, @@ -366,7 +367,7 @@ func TestGetKubeconfig(t *testing.T) { }, wantLogs: func(issuerCABundle string, issuerURL string) []string { return []string{ - `"level"=0 "msg"="discovered CredentialIssuer" "name"="test-credential-issuer"`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.lookupCredentialIssuer","message":"discovered CredentialIssuer","name":"test-credential-issuer"}`, } }, conciergeReactions: []kubetesting.Reactor{ @@ -406,7 +407,7 @@ func TestGetKubeconfig(t *testing.T) { }, wantLogs: func(issuerCABundle string, issuerURL string) []string { return []string{ - `"level"=0 "msg"="discovered CredentialIssuer" "name"="test-credential-issuer"`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.lookupCredentialIssuer","message":"discovered CredentialIssuer","name":"test-credential-issuer"}`, } }, wantError: true, @@ -428,7 +429,7 @@ func TestGetKubeconfig(t *testing.T) { }, wantLogs: func(issuerCABundle string, issuerURL string) []string { return []string{ - `"level"=0 "msg"="discovered CredentialIssuer" "name"="test-credential-issuer"`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.lookupCredentialIssuer","message":"discovered CredentialIssuer","name":"test-credential-issuer"}`, } }, wantError: true, @@ -454,11 +455,11 @@ func TestGetKubeconfig(t *testing.T) { }, wantLogs: func(issuerCABundle string, issuerURL string) []string { return []string{ - `"level"=0 "msg"="discovered CredentialIssuer" "name"="test-credential-issuer"`, - `"level"=0 "msg"="found JWTAuthenticator" "name"="test-authenticator-1"`, - `"level"=0 "msg"="found JWTAuthenticator" "name"="test-authenticator-2"`, - `"level"=0 "msg"="found WebhookAuthenticator" "name"="test-authenticator-3"`, - `"level"=0 "msg"="found WebhookAuthenticator" "name"="test-authenticator-4"`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.lookupCredentialIssuer","message":"discovered CredentialIssuer","name":"test-credential-issuer"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.lookupAuthenticator","message":"found JWTAuthenticator","name":"test-authenticator-1"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.lookupAuthenticator","message":"found JWTAuthenticator","name":"test-authenticator-2"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.lookupAuthenticator","message":"found WebhookAuthenticator","name":"test-authenticator-3"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.lookupAuthenticator","message":"found WebhookAuthenticator","name":"test-authenticator-4"}`, } }, wantError: true, @@ -491,8 +492,8 @@ func TestGetKubeconfig(t *testing.T) { }, wantLogs: func(issuerCABundle string, issuerURL string) []string { return []string{ - `"level"=0 "msg"="discovered CredentialIssuer" "name"="test-credential-issuer"`, - `"level"=0 "msg"="found CredentialIssuer strategy" "message"="Some message" "reason"="SomeReason" "status"="Error" "type"="SomeType"`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.lookupCredentialIssuer","message":"discovered CredentialIssuer","name":"test-credential-issuer"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.logStrategies","message":"found CredentialIssuer strategy","type":"SomeType","status":"Error","reason":"SomeReason","message":"Some message"}`, } }, wantError: true, @@ -552,9 +553,9 @@ func TestGetKubeconfig(t *testing.T) { }, wantLogs: func(issuerCABundle string, issuerURL string) []string { return []string{ - `"level"=0 "msg"="discovered CredentialIssuer" "name"="test-credential-issuer"`, - `"level"=0 "msg"="discovered Concierge operating in impersonation proxy mode"`, - `"level"=0 "msg"="discovered Concierge endpoint" "endpoint"="https://impersonation-endpoint"`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.lookupCredentialIssuer","message":"discovered CredentialIssuer","name":"test-credential-issuer"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge operating in impersonation proxy mode"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge endpoint","endpoint":"https://impersonation-endpoint"}`, } }, wantError: true, @@ -577,11 +578,11 @@ func TestGetKubeconfig(t *testing.T) { }, wantLogs: func(issuerCABundle string, issuerURL string) []string { return []string{ - `"level"=0 "msg"="discovered CredentialIssuer" "name"="test-credential-issuer"`, - `"level"=0 "msg"="discovered Concierge operating in TokenCredentialRequest API mode"`, - `"level"=0 "msg"="discovered Concierge endpoint" "endpoint"="https://fake-server-url-value"`, - `"level"=0 "msg"="discovered Concierge certificate authority bundle" "roots"=0`, - `"level"=0 "msg"="discovered WebhookAuthenticator" "name"="test-authenticator"`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.lookupCredentialIssuer","message":"discovered CredentialIssuer","name":"test-credential-issuer"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge operating in TokenCredentialRequest API mode"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge endpoint","endpoint":"https://fake-server-url-value"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge certificate authority bundle","roots":0}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered WebhookAuthenticator","name":"test-authenticator"}`, } }, wantError: true, @@ -630,13 +631,13 @@ func TestGetKubeconfig(t *testing.T) { }, wantLogs: func(issuerCABundle string, issuerURL string) []string { return []string{ - `"level"=0 "msg"="discovered CredentialIssuer" "name"="test-credential-issuer"`, - `"level"=0 "msg"="discovered Concierge operating in TokenCredentialRequest API mode"`, - `"level"=0 "msg"="discovered Concierge endpoint" "endpoint"="https://fake-server-url-value"`, - `"level"=0 "msg"="discovered Concierge certificate authority bundle" "roots"=0`, - `"level"=0 "msg"="discovered JWTAuthenticator" "name"="test-authenticator"`, - fmt.Sprintf(`"level"=0 "msg"="discovered OIDC issuer" "issuer"="%s"`, issuerURL), - `"level"=0 "msg"="discovered OIDC audience" "audience"="some-test-audience"`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.lookupCredentialIssuer","message":"discovered CredentialIssuer","name":"test-credential-issuer"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge operating in TokenCredentialRequest API mode"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge endpoint","endpoint":"https://fake-server-url-value"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge certificate authority bundle","roots":0}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered JWTAuthenticator","name":"test-authenticator"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC issuer","issuer":"` + issuerURL + `"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC audience","audience":"some-test-audience"}`, } }, wantError: true, @@ -669,14 +670,14 @@ func TestGetKubeconfig(t *testing.T) { oidcDiscoveryResponse: happyOIDCDiscoveryResponse, wantLogs: func(issuerCABundle string, issuerURL string) []string { return []string{ - `"level"=0 "msg"="discovered CredentialIssuer" "name"="test-credential-issuer"`, - `"level"=0 "msg"="discovered Concierge operating in TokenCredentialRequest API mode"`, - `"level"=0 "msg"="discovered Concierge endpoint" "endpoint"="https://fake-server-url-value"`, - `"level"=0 "msg"="discovered Concierge certificate authority bundle" "roots"=0`, - `"level"=0 "msg"="discovered JWTAuthenticator" "name"="test-authenticator"`, - fmt.Sprintf(`"level"=0 "msg"="discovered OIDC issuer" "issuer"="%s"`, issuerURL), - `"level"=0 "msg"="discovered OIDC audience" "audience"="some-test-audience.pinniped.dev-invalid-substring"`, - `"level"=0 "msg"="discovered OIDC CA bundle" "roots"=1`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.lookupCredentialIssuer","message":"discovered CredentialIssuer","name":"test-credential-issuer"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge operating in TokenCredentialRequest API mode"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge endpoint","endpoint":"https://fake-server-url-value"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge certificate authority bundle","roots":0}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered JWTAuthenticator","name":"test-authenticator"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC issuer","issuer":"` + issuerURL + `"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC audience","audience":"some-test-audience.pinniped.dev-invalid-substring"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC CA bundle","roots":1}`, } }, wantError: true, @@ -701,13 +702,13 @@ func TestGetKubeconfig(t *testing.T) { oidcDiscoveryResponse: happyOIDCDiscoveryResponse, wantLogs: func(issuerCABundle string, issuerURL string) []string { return []string{ - `"level"=0 "msg"="discovered CredentialIssuer" "name"="test-credential-issuer"`, - `"level"=0 "msg"="discovered Concierge operating in TokenCredentialRequest API mode"`, - `"level"=0 "msg"="discovered Concierge endpoint" "endpoint"="https://fake-server-url-value"`, - `"level"=0 "msg"="discovered Concierge certificate authority bundle" "roots"=0`, - `"level"=0 "msg"="discovered JWTAuthenticator" "name"="test-authenticator"`, - fmt.Sprintf(`"level"=0 "msg"="discovered OIDC issuer" "issuer"="%s"`, issuerURL), - `"level"=0 "msg"="discovered OIDC CA bundle" "roots"=1`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.lookupCredentialIssuer","message":"discovered CredentialIssuer","name":"test-credential-issuer"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge operating in TokenCredentialRequest API mode"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge endpoint","endpoint":"https://fake-server-url-value"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge certificate authority bundle","roots":0}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered JWTAuthenticator","name":"test-authenticator"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC issuer","issuer":"` + issuerURL + `"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC CA bundle","roots":1}`, } }, wantError: true, @@ -732,14 +733,14 @@ func TestGetKubeconfig(t *testing.T) { oidcDiscoveryResponse: onlyIssuerOIDCDiscoveryResponse, wantLogs: func(issuerCABundle string, issuerURL string) []string { return []string{ - `"level"=0 "msg"="discovered CredentialIssuer" "name"="test-credential-issuer"`, - `"level"=0 "msg"="discovered Concierge operating in TokenCredentialRequest API mode"`, - `"level"=0 "msg"="discovered Concierge endpoint" "endpoint"="https://fake-server-url-value"`, - `"level"=0 "msg"="discovered Concierge certificate authority bundle" "roots"=0`, - `"level"=0 "msg"="discovered JWTAuthenticator" "name"="test-authenticator"`, - fmt.Sprintf(`"level"=0 "msg"="discovered OIDC issuer" "issuer"="%s"`, issuerURL), - `"level"=0 "msg"="discovered OIDC audience" "audience"="test-audience"`, - `"level"=0 "msg"="discovered OIDC CA bundle" "roots"=1`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.lookupCredentialIssuer","message":"discovered CredentialIssuer","name":"test-credential-issuer"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge operating in TokenCredentialRequest API mode"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge endpoint","endpoint":"https://fake-server-url-value"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge certificate authority bundle","roots":0}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered JWTAuthenticator","name":"test-authenticator"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC issuer","issuer":"` + issuerURL + `"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC audience","audience":"test-audience"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC CA bundle","roots":1}`, } }, wantError: true, @@ -764,11 +765,11 @@ func TestGetKubeconfig(t *testing.T) { }, wantLogs: func(issuerCABundle string, issuerURL string) []string { return []string{ - `"level"=0 "msg"="discovered CredentialIssuer" "name"="test-credential-issuer"`, - `"level"=0 "msg"="discovered Concierge operating in TokenCredentialRequest API mode"`, - `"level"=0 "msg"="discovered Concierge endpoint" "endpoint"="https://fake-server-url-value"`, - `"level"=0 "msg"="discovered Concierge certificate authority bundle" "roots"=0`, - `"level"=0 "msg"="discovered WebhookAuthenticator" "name"="test-authenticator"`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.lookupCredentialIssuer","message":"discovered CredentialIssuer","name":"test-credential-issuer"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge operating in TokenCredentialRequest API mode"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge endpoint","endpoint":"https://fake-server-url-value"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge certificate authority bundle","roots":0}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered WebhookAuthenticator","name":"test-authenticator"}`, } }, wantError: true, @@ -805,14 +806,14 @@ func TestGetKubeconfig(t *testing.T) { oidcDiscoveryStatusCode: http.StatusBadRequest, wantLogs: func(issuerCABundle string, issuerURL string) []string { return []string{ - `"level"=0 "msg"="discovered CredentialIssuer" "name"="test-credential-issuer"`, - `"level"=0 "msg"="discovered Concierge operating in TokenCredentialRequest API mode"`, - `"level"=0 "msg"="discovered Concierge endpoint" "endpoint"="https://fake-server-url-value"`, - `"level"=0 "msg"="discovered Concierge certificate authority bundle" "roots"=0`, - `"level"=0 "msg"="discovered JWTAuthenticator" "name"="test-authenticator"`, - fmt.Sprintf(`"level"=0 "msg"="discovered OIDC issuer" "issuer"="%s"`, issuerURL), - `"level"=0 "msg"="discovered OIDC audience" "audience"="test-audience"`, - `"level"=0 "msg"="discovered OIDC CA bundle" "roots"=1`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.lookupCredentialIssuer","message":"discovered CredentialIssuer","name":"test-credential-issuer"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge operating in TokenCredentialRequest API mode"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge endpoint","endpoint":"https://fake-server-url-value"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge certificate authority bundle","roots":0}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered JWTAuthenticator","name":"test-authenticator"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC issuer","issuer":"` + issuerURL + `"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC audience","audience":"test-audience"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC CA bundle","roots":1}`, } }, wantError: true, @@ -841,14 +842,14 @@ func TestGetKubeconfig(t *testing.T) { }, wantLogs: func(issuerCABundle string, issuerURL string) []string { return []string{ - `"level"=0 "msg"="discovered CredentialIssuer" "name"="test-credential-issuer"`, - `"level"=0 "msg"="discovered Concierge operating in TokenCredentialRequest API mode"`, - `"level"=0 "msg"="discovered Concierge endpoint" "endpoint"="https://fake-server-url-value"`, - `"level"=0 "msg"="discovered Concierge certificate authority bundle" "roots"=0`, - `"level"=0 "msg"="discovered JWTAuthenticator" "name"="test-authenticator"`, - fmt.Sprintf(`"level"=0 "msg"="discovered OIDC issuer" "issuer"="%s"`, issuerURL), - `"level"=0 "msg"="discovered OIDC audience" "audience"="test-audience"`, - `"level"=0 "msg"="discovered OIDC CA bundle" "roots"=1`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.lookupCredentialIssuer","message":"discovered CredentialIssuer","name":"test-credential-issuer"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge operating in TokenCredentialRequest API mode"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge endpoint","endpoint":"https://fake-server-url-value"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge certificate authority bundle","roots":0}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered JWTAuthenticator","name":"test-authenticator"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC issuer","issuer":"` + issuerURL + `"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC audience","audience":"test-audience"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC CA bundle","roots":1}`, } }, wantError: true, @@ -876,14 +877,14 @@ func TestGetKubeconfig(t *testing.T) { idpsDiscoveryStatusCode: http.StatusBadRequest, wantLogs: func(issuerCABundle string, issuerURL string) []string { return []string{ - `"level"=0 "msg"="discovered CredentialIssuer" "name"="test-credential-issuer"`, - `"level"=0 "msg"="discovered Concierge operating in TokenCredentialRequest API mode"`, - `"level"=0 "msg"="discovered Concierge endpoint" "endpoint"="https://fake-server-url-value"`, - `"level"=0 "msg"="discovered Concierge certificate authority bundle" "roots"=0`, - `"level"=0 "msg"="discovered JWTAuthenticator" "name"="test-authenticator"`, - fmt.Sprintf(`"level"=0 "msg"="discovered OIDC issuer" "issuer"="%s"`, issuerURL), - `"level"=0 "msg"="discovered OIDC audience" "audience"="test-audience"`, - `"level"=0 "msg"="discovered OIDC CA bundle" "roots"=1`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.lookupCredentialIssuer","message":"discovered CredentialIssuer","name":"test-credential-issuer"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge operating in TokenCredentialRequest API mode"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge endpoint","endpoint":"https://fake-server-url-value"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge certificate authority bundle","roots":0}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered JWTAuthenticator","name":"test-authenticator"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC issuer","issuer":"` + issuerURL + `"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC audience","audience":"test-audience"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC CA bundle","roots":1}`, } }, wantError: true, @@ -915,14 +916,14 @@ func TestGetKubeconfig(t *testing.T) { }`), wantLogs: func(issuerCABundle string, issuerURL string) []string { return []string{ - `"level"=0 "msg"="discovered CredentialIssuer" "name"="test-credential-issuer"`, - `"level"=0 "msg"="discovered Concierge operating in TokenCredentialRequest API mode"`, - `"level"=0 "msg"="discovered Concierge endpoint" "endpoint"="https://fake-server-url-value"`, - `"level"=0 "msg"="discovered Concierge certificate authority bundle" "roots"=0`, - `"level"=0 "msg"="discovered JWTAuthenticator" "name"="test-authenticator"`, - fmt.Sprintf(`"level"=0 "msg"="discovered OIDC issuer" "issuer"="%s"`, issuerURL), - `"level"=0 "msg"="discovered OIDC audience" "audience"="test-audience"`, - `"level"=0 "msg"="discovered OIDC CA bundle" "roots"=1`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.lookupCredentialIssuer","message":"discovered CredentialIssuer","name":"test-credential-issuer"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge operating in TokenCredentialRequest API mode"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge endpoint","endpoint":"https://fake-server-url-value"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge certificate authority bundle","roots":0}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered JWTAuthenticator","name":"test-authenticator"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC issuer","issuer":"` + issuerURL + `"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC audience","audience":"test-audience"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC CA bundle","roots":1}`, } }, wantError: true, @@ -951,14 +952,14 @@ func TestGetKubeconfig(t *testing.T) { }, wantLogs: func(issuerCABundle string, issuerURL string) []string { return []string{ - `"level"=0 "msg"="discovered CredentialIssuer" "name"="test-credential-issuer"`, - `"level"=0 "msg"="discovered Concierge operating in TokenCredentialRequest API mode"`, - `"level"=0 "msg"="discovered Concierge endpoint" "endpoint"="https://fake-server-url-value"`, - `"level"=0 "msg"="discovered Concierge certificate authority bundle" "roots"=0`, - `"level"=0 "msg"="discovered JWTAuthenticator" "name"="test-authenticator"`, - fmt.Sprintf(`"level"=0 "msg"="discovered OIDC issuer" "issuer"="%s"`, issuerURL), - `"level"=0 "msg"="discovered OIDC audience" "audience"="test-audience"`, - `"level"=0 "msg"="discovered OIDC CA bundle" "roots"=1`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.lookupCredentialIssuer","message":"discovered CredentialIssuer","name":"test-credential-issuer"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge operating in TokenCredentialRequest API mode"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge endpoint","endpoint":"https://fake-server-url-value"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge certificate authority bundle","roots":0}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered JWTAuthenticator","name":"test-authenticator"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC issuer","issuer":"` + issuerURL + `"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC audience","audience":"test-audience"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC CA bundle","roots":1}`, } }, wantError: true, @@ -984,14 +985,14 @@ func TestGetKubeconfig(t *testing.T) { idpsDiscoveryResponse: "this is not valid JSON", wantLogs: func(issuerCABundle string, issuerURL string) []string { return []string{ - `"level"=0 "msg"="discovered CredentialIssuer" "name"="test-credential-issuer"`, - `"level"=0 "msg"="discovered Concierge operating in TokenCredentialRequest API mode"`, - `"level"=0 "msg"="discovered Concierge endpoint" "endpoint"="https://fake-server-url-value"`, - `"level"=0 "msg"="discovered Concierge certificate authority bundle" "roots"=0`, - `"level"=0 "msg"="discovered JWTAuthenticator" "name"="test-authenticator"`, - fmt.Sprintf(`"level"=0 "msg"="discovered OIDC issuer" "issuer"="%s"`, issuerURL), - `"level"=0 "msg"="discovered OIDC audience" "audience"="test-audience"`, - `"level"=0 "msg"="discovered OIDC CA bundle" "roots"=1`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.lookupCredentialIssuer","message":"discovered CredentialIssuer","name":"test-credential-issuer"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge operating in TokenCredentialRequest API mode"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge endpoint","endpoint":"https://fake-server-url-value"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge certificate authority bundle","roots":0}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered JWTAuthenticator","name":"test-authenticator"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC issuer","issuer":"` + issuerURL + `"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC audience","audience":"test-audience"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC CA bundle","roots":1}`, } }, wantError: true, @@ -1021,13 +1022,13 @@ func TestGetKubeconfig(t *testing.T) { }, wantLogs: func(issuerCABundle string, issuerURL string) []string { return []string{ - `"level"=0 "msg"="discovered CredentialIssuer" "name"="test-credential-issuer"`, - `"level"=0 "msg"="discovered Concierge operating in TokenCredentialRequest API mode"`, - `"level"=0 "msg"="discovered Concierge endpoint" "endpoint"="https://fake-server-url-value"`, - `"level"=0 "msg"="discovered Concierge certificate authority bundle" "roots"=0`, - `"level"=0 "msg"="discovered JWTAuthenticator" "name"="test-authenticator"`, - fmt.Sprintf(`"level"=0 "msg"="discovered OIDC issuer" "issuer"="%s"`, issuerURL), - `"level"=0 "msg"="discovered OIDC audience" "audience"="test-audience"`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.lookupCredentialIssuer","message":"discovered CredentialIssuer","name":"test-credential-issuer"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge operating in TokenCredentialRequest API mode"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge endpoint","endpoint":"https://fake-server-url-value"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge certificate authority bundle","roots":0}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered JWTAuthenticator","name":"test-authenticator"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC issuer","issuer":"` + issuerURL + `"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC audience","audience":"test-audience"}`, } }, wantError: true, @@ -1060,12 +1061,12 @@ func TestGetKubeconfig(t *testing.T) { }, wantLogs: func(issuerCABundle string, issuerURL string) []string { return []string{ - `"level"=0 "msg"="discovered CredentialIssuer" "name"="test-credential-issuer"`, - `"level"=0 "msg"="discovered Concierge operating in TokenCredentialRequest API mode"`, - `"level"=0 "msg"="discovered Concierge endpoint" "endpoint"="https://fake-server-url-value"`, - `"level"=0 "msg"="discovered Concierge certificate authority bundle" "roots"=0`, - `"level"=0 "msg"="discovered JWTAuthenticator" "name"="test-authenticator"`, - `"level"=0 "msg"="discovered OIDC audience" "audience"="test-audience"`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.lookupCredentialIssuer","message":"discovered CredentialIssuer","name":"test-credential-issuer"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge operating in TokenCredentialRequest API mode"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge endpoint","endpoint":"https://fake-server-url-value"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge certificate authority bundle","roots":0}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered JWTAuthenticator","name":"test-authenticator"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC audience","audience":"test-audience"}`, } }, wantError: true, @@ -1098,14 +1099,14 @@ func TestGetKubeconfig(t *testing.T) { }, wantLogs: func(issuerCABundle string, issuerURL string) []string { return []string{ - `"level"=0 "msg"="discovered CredentialIssuer" "name"="test-credential-issuer"`, - `"level"=0 "msg"="discovered Concierge operating in TokenCredentialRequest API mode"`, - `"level"=0 "msg"="discovered Concierge endpoint" "endpoint"="https://fake-server-url-value"`, - `"level"=0 "msg"="discovered Concierge certificate authority bundle" "roots"=0`, - `"level"=0 "msg"="discovered JWTAuthenticator" "name"="test-authenticator"`, - fmt.Sprintf(`"level"=0 "msg"="discovered OIDC issuer" "issuer"="%s"`, issuerURL), - `"level"=0 "msg"="discovered OIDC audience" "audience"="test-audience"`, - `"level"=0 "msg"="discovered OIDC CA bundle" "roots"=1`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.lookupCredentialIssuer","message":"discovered CredentialIssuer","name":"test-credential-issuer"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge operating in TokenCredentialRequest API mode"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge endpoint","endpoint":"https://fake-server-url-value"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge certificate authority bundle","roots":0}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered JWTAuthenticator","name":"test-authenticator"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC issuer","issuer":"` + issuerURL + `"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC audience","audience":"test-audience"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC CA bundle","roots":1}`, } }, wantError: true, @@ -1383,8 +1384,7 @@ func TestGetKubeconfig(t *testing.T) { base64.StdEncoding.EncodeToString([]byte(issuerCABundle))) }, wantLogs: func(_ string, _ string) []string { - return []string{`"level"=0 "msg"="multiple client flows found, selecting first value as default" ` + - `"availableFlows"=["cli_password","flow2"] "idpName"="some-ldap-idp" "idpType"="ldap" "selectedFlow"="cli_password"`} + return []string{`{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.selectUpstreamIDPFlow","message":"multiple client flows found, selecting first value as default","idpName":"some-ldap-idp","idpType":"ldap","selectedFlow":"cli_password","availableFlows":["cli_password","flow2"]}`} }, }, { @@ -1404,11 +1404,11 @@ func TestGetKubeconfig(t *testing.T) { }, wantLogs: func(issuerCABundle string, issuerURL string) []string { return []string{ - `"level"=0 "msg"="discovered CredentialIssuer" "name"="test-credential-issuer"`, - `"level"=0 "msg"="discovered Concierge operating in TokenCredentialRequest API mode"`, - `"level"=0 "msg"="discovered Concierge endpoint" "endpoint"="https://fake-server-url-value"`, - `"level"=0 "msg"="discovered Concierge certificate authority bundle" "roots"=0`, - `"level"=0 "msg"="discovered WebhookAuthenticator" "name"="test-authenticator"`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.lookupCredentialIssuer","message":"discovered CredentialIssuer","name":"test-credential-issuer"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge operating in TokenCredentialRequest API mode"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge endpoint","endpoint":"https://fake-server-url-value"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge certificate authority bundle","roots":0}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered WebhookAuthenticator","name":"test-authenticator"}`, } }, wantStdout: func(issuerCABundle string, issuerURL string) string { @@ -1468,11 +1468,11 @@ func TestGetKubeconfig(t *testing.T) { }, wantLogs: func(issuerCABundle string, issuerURL string) []string { return []string{ - `"level"=0 "msg"="discovered CredentialIssuer" "name"="test-credential-issuer"`, - `"level"=0 "msg"="discovered Concierge operating in TokenCredentialRequest API mode"`, - `"level"=0 "msg"="discovered Concierge endpoint" "endpoint"="https://fake-server-url-value"`, - `"level"=0 "msg"="discovered Concierge certificate authority bundle" "roots"=0`, - `"level"=0 "msg"="discovered WebhookAuthenticator" "name"="test-authenticator"`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.lookupCredentialIssuer","message":"discovered CredentialIssuer","name":"test-credential-issuer"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge operating in TokenCredentialRequest API mode"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge endpoint","endpoint":"https://fake-server-url-value"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge certificate authority bundle","roots":0}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered WebhookAuthenticator","name":"test-authenticator"}`, } }, wantStdout: func(issuerCABundle string, issuerURL string) string { @@ -1532,14 +1532,14 @@ func TestGetKubeconfig(t *testing.T) { oidcDiscoveryResponse: onlyIssuerOIDCDiscoveryResponse, wantLogs: func(issuerCABundle string, issuerURL string) []string { return []string{ - `"level"=0 "msg"="discovered CredentialIssuer" "name"="test-credential-issuer"`, - `"level"=0 "msg"="discovered Concierge operating in TokenCredentialRequest API mode"`, - `"level"=0 "msg"="discovered Concierge endpoint" "endpoint"="https://fake-server-url-value"`, - `"level"=0 "msg"="discovered Concierge certificate authority bundle" "roots"=0`, - `"level"=0 "msg"="discovered JWTAuthenticator" "name"="test-authenticator"`, - fmt.Sprintf(`"level"=0 "msg"="discovered OIDC issuer" "issuer"="%s"`, issuerURL), - `"level"=0 "msg"="discovered OIDC audience" "audience"="test-audience"`, - `"level"=0 "msg"="discovered OIDC CA bundle" "roots"=1`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.lookupCredentialIssuer","message":"discovered CredentialIssuer","name":"test-credential-issuer"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge operating in TokenCredentialRequest API mode"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge endpoint","endpoint":"https://fake-server-url-value"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge certificate authority bundle","roots":0}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered JWTAuthenticator","name":"test-authenticator"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC issuer","issuer":"` + issuerURL + `"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC audience","audience":"test-audience"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC CA bundle","roots":1}`, } }, wantStdout: func(issuerCABundle string, issuerURL string) string { @@ -1732,13 +1732,13 @@ func TestGetKubeconfig(t *testing.T) { oidcDiscoveryResponse: onlyIssuerOIDCDiscoveryResponse, wantLogs: func(issuerCABundle string, issuerURL string) []string { return []string{ - `"level"=0 "msg"="discovered CredentialIssuer" "name"="test-credential-issuer"`, - `"level"=0 "msg"="discovered Concierge endpoint" "endpoint"="https://impersonation-proxy-endpoint.test"`, - `"level"=0 "msg"="discovered Concierge certificate authority bundle" "roots"=1`, - `"level"=0 "msg"="discovered JWTAuthenticator" "name"="test-authenticator"`, - fmt.Sprintf(`"level"=0 "msg"="discovered OIDC issuer" "issuer"="%s"`, issuerURL), - `"level"=0 "msg"="discovered OIDC audience" "audience"="test-audience"`, - `"level"=0 "msg"="discovered OIDC CA bundle" "roots"=1`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.lookupCredentialIssuer","message":"discovered CredentialIssuer","name":"test-credential-issuer"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge endpoint","endpoint":"https://impersonation-proxy-endpoint.test"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge certificate authority bundle","roots":1}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered JWTAuthenticator","name":"test-authenticator"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC issuer","issuer":"` + issuerURL + `"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC audience","audience":"test-audience"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC CA bundle","roots":1}`, } }, wantStdout: func(issuerCABundle string, issuerURL string) string { @@ -1840,14 +1840,14 @@ func TestGetKubeconfig(t *testing.T) { oidcDiscoveryResponse: onlyIssuerOIDCDiscoveryResponse, wantLogs: func(issuerCABundle string, issuerURL string) []string { return []string{ - `"level"=0 "msg"="discovered CredentialIssuer" "name"="test-credential-issuer"`, - `"level"=0 "msg"="discovered Concierge operating in impersonation proxy mode"`, - `"level"=0 "msg"="discovered Concierge endpoint" "endpoint"="https://impersonation-proxy-endpoint.test"`, - `"level"=0 "msg"="discovered Concierge certificate authority bundle" "roots"=0`, - `"level"=0 "msg"="discovered JWTAuthenticator" "name"="test-authenticator"`, - fmt.Sprintf(`"level"=0 "msg"="discovered OIDC issuer" "issuer"="%s"`, issuerURL), - `"level"=0 "msg"="discovered OIDC audience" "audience"="test-audience"`, - `"level"=0 "msg"="discovered OIDC CA bundle" "roots"=1`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.lookupCredentialIssuer","message":"discovered CredentialIssuer","name":"test-credential-issuer"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge operating in impersonation proxy mode"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge endpoint","endpoint":"https://impersonation-proxy-endpoint.test"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge certificate authority bundle","roots":0}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered JWTAuthenticator","name":"test-authenticator"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC issuer","issuer":"` + issuerURL + `"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC audience","audience":"test-audience"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC CA bundle","roots":1}`, } }, wantStdout: func(issuerCABundle string, issuerURL string) string { @@ -1917,14 +1917,14 @@ func TestGetKubeconfig(t *testing.T) { }`), wantLogs: func(issuerCABundle string, issuerURL string) []string { return []string{ - `"level"=0 "msg"="discovered CredentialIssuer" "name"="test-credential-issuer"`, - `"level"=0 "msg"="discovered Concierge operating in TokenCredentialRequest API mode"`, - `"level"=0 "msg"="discovered Concierge endpoint" "endpoint"="https://fake-server-url-value"`, - `"level"=0 "msg"="discovered Concierge certificate authority bundle" "roots"=0`, - `"level"=0 "msg"="discovered JWTAuthenticator" "name"="test-authenticator"`, - fmt.Sprintf(`"level"=0 "msg"="discovered OIDC issuer" "issuer"="%s"`, issuerURL), - `"level"=0 "msg"="discovered OIDC audience" "audience"="test-audience"`, - `"level"=0 "msg"="discovered OIDC CA bundle" "roots"=1`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.lookupCredentialIssuer","message":"discovered CredentialIssuer","name":"test-credential-issuer"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge operating in TokenCredentialRequest API mode"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge endpoint","endpoint":"https://fake-server-url-value"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge certificate authority bundle","roots":0}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered JWTAuthenticator","name":"test-authenticator"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC issuer","issuer":"` + issuerURL + `"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC audience","audience":"test-audience"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC CA bundle","roots":1}`, } }, wantStdout: func(issuerCABundle string, issuerURL string) string { @@ -1996,14 +1996,14 @@ func TestGetKubeconfig(t *testing.T) { }`), wantLogs: func(issuerCABundle string, issuerURL string) []string { return []string{ - `"level"=0 "msg"="discovered CredentialIssuer" "name"="test-credential-issuer"`, - `"level"=0 "msg"="discovered Concierge operating in TokenCredentialRequest API mode"`, - `"level"=0 "msg"="discovered Concierge endpoint" "endpoint"="https://fake-server-url-value"`, - `"level"=0 "msg"="discovered Concierge certificate authority bundle" "roots"=0`, - `"level"=0 "msg"="discovered JWTAuthenticator" "name"="test-authenticator"`, - fmt.Sprintf(`"level"=0 "msg"="discovered OIDC issuer" "issuer"="%s"`, issuerURL), - `"level"=0 "msg"="discovered OIDC audience" "audience"="test-audience"`, - `"level"=0 "msg"="discovered OIDC CA bundle" "roots"=1`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.lookupCredentialIssuer","message":"discovered CredentialIssuer","name":"test-credential-issuer"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge operating in TokenCredentialRequest API mode"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge endpoint","endpoint":"https://fake-server-url-value"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge certificate authority bundle","roots":0}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered JWTAuthenticator","name":"test-authenticator"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC issuer","issuer":"` + issuerURL + `"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC audience","audience":"test-audience"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC CA bundle","roots":1}`, } }, wantStdout: func(issuerCABundle string, issuerURL string) string { @@ -2073,14 +2073,14 @@ func TestGetKubeconfig(t *testing.T) { }`), wantLogs: func(issuerCABundle string, issuerURL string) []string { return []string{ - `"level"=0 "msg"="discovered CredentialIssuer" "name"="test-credential-issuer"`, - `"level"=0 "msg"="discovered Concierge operating in TokenCredentialRequest API mode"`, - `"level"=0 "msg"="discovered Concierge endpoint" "endpoint"="https://fake-server-url-value"`, - `"level"=0 "msg"="discovered Concierge certificate authority bundle" "roots"=0`, - `"level"=0 "msg"="discovered JWTAuthenticator" "name"="test-authenticator"`, - fmt.Sprintf(`"level"=0 "msg"="discovered OIDC issuer" "issuer"="%s"`, issuerURL), - `"level"=0 "msg"="discovered OIDC audience" "audience"="test-audience"`, - `"level"=0 "msg"="discovered OIDC CA bundle" "roots"=1`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.lookupCredentialIssuer","message":"discovered CredentialIssuer","name":"test-credential-issuer"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge operating in TokenCredentialRequest API mode"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge endpoint","endpoint":"https://fake-server-url-value"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge certificate authority bundle","roots":0}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered JWTAuthenticator","name":"test-authenticator"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC issuer","issuer":"` + issuerURL + `"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC audience","audience":"test-audience"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC CA bundle","roots":1}`, } }, wantStdout: func(issuerCABundle string, issuerURL string) string { @@ -2146,14 +2146,14 @@ func TestGetKubeconfig(t *testing.T) { idpsDiscoveryStatusCode: http.StatusBadRequest, // IDPs endpoint shouldn't be called by this test wantLogs: func(issuerCABundle string, issuerURL string) []string { return []string{ - `"level"=0 "msg"="discovered CredentialIssuer" "name"="test-credential-issuer"`, - `"level"=0 "msg"="discovered Concierge operating in TokenCredentialRequest API mode"`, - `"level"=0 "msg"="discovered Concierge endpoint" "endpoint"="https://fake-server-url-value"`, - `"level"=0 "msg"="discovered Concierge certificate authority bundle" "roots"=0`, - `"level"=0 "msg"="discovered JWTAuthenticator" "name"="test-authenticator"`, - fmt.Sprintf(`"level"=0 "msg"="discovered OIDC issuer" "issuer"="%s"`, issuerURL), - `"level"=0 "msg"="discovered OIDC audience" "audience"="test-audience"`, - `"level"=0 "msg"="discovered OIDC CA bundle" "roots"=1`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.lookupCredentialIssuer","message":"discovered CredentialIssuer","name":"test-credential-issuer"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge operating in TokenCredentialRequest API mode"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge endpoint","endpoint":"https://fake-server-url-value"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge certificate authority bundle","roots":0}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered JWTAuthenticator","name":"test-authenticator"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC issuer","issuer":"` + issuerURL + `"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC audience","audience":"test-audience"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC CA bundle","roots":1}`, } }, wantStdout: func(issuerCABundle string, issuerURL string) string { @@ -2226,14 +2226,14 @@ func TestGetKubeconfig(t *testing.T) { idpsDiscoveryStatusCode: http.StatusBadRequest, // IDP discovery endpoint shouldn't be called by this test wantLogs: func(issuerCABundle string, issuerURL string) []string { return []string{ - `"level"=0 "msg"="discovered CredentialIssuer" "name"="test-credential-issuer"`, - `"level"=0 "msg"="discovered Concierge operating in TokenCredentialRequest API mode"`, - `"level"=0 "msg"="discovered Concierge endpoint" "endpoint"="https://fake-server-url-value"`, - `"level"=0 "msg"="discovered Concierge certificate authority bundle" "roots"=0`, - `"level"=0 "msg"="discovered JWTAuthenticator" "name"="test-authenticator"`, - fmt.Sprintf(`"level"=0 "msg"="discovered OIDC issuer" "issuer"="%s"`, issuerURL), - `"level"=0 "msg"="discovered OIDC audience" "audience"="test-audience"`, - `"level"=0 "msg"="discovered OIDC CA bundle" "roots"=1`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.lookupCredentialIssuer","message":"discovered CredentialIssuer","name":"test-credential-issuer"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge operating in TokenCredentialRequest API mode"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge endpoint","endpoint":"https://fake-server-url-value"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge certificate authority bundle","roots":0}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered JWTAuthenticator","name":"test-authenticator"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC issuer","issuer":"` + issuerURL + `"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC audience","audience":"test-audience"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC CA bundle","roots":1}`, } }, wantStdout: func(issuerCABundle string, issuerURL string) string { @@ -2311,16 +2311,16 @@ func TestGetKubeconfig(t *testing.T) { }`), wantLogs: func(issuerCABundle string, issuerURL string) []string { return []string{ - `"level"=0 "msg"="discovered CredentialIssuer" "name"="test-credential-issuer"`, - `"level"=0 "msg"="discovered Concierge operating in TokenCredentialRequest API mode"`, - `"level"=0 "msg"="discovered Concierge endpoint" "endpoint"="https://fake-server-url-value"`, - `"level"=0 "msg"="discovered Concierge certificate authority bundle" "roots"=0`, - `"level"=0 "msg"="discovered JWTAuthenticator" "name"="test-authenticator"`, - fmt.Sprintf(`"level"=0 "msg"="discovered OIDC issuer" "issuer"="%s"`, issuerURL), - `"level"=0 "msg"="discovered OIDC audience" "audience"="test-audience"`, - `"level"=0 "msg"="discovered OIDC CA bundle" "roots"=1`, - `"level"=0 "msg"="removed scope from --oidc-scopes list because it is not supported by this Supervisor" "scope"="username"`, - `"level"=0 "msg"="removed scope from --oidc-scopes list because it is not supported by this Supervisor" "scope"="groups"`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.lookupCredentialIssuer","message":"discovered CredentialIssuer","name":"test-credential-issuer"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge operating in TokenCredentialRequest API mode"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge endpoint","endpoint":"https://fake-server-url-value"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge certificate authority bundle","roots":0}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered JWTAuthenticator","name":"test-authenticator"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC issuer","issuer":"` + issuerURL + `"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC audience","audience":"test-audience"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC CA bundle","roots":1}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.pinnipedSupervisorDiscovery.func1","message":"removed scope from --oidc-scopes list because it is not supported by this Supervisor","scope":"username"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.pinnipedSupervisorDiscovery.func1","message":"removed scope from --oidc-scopes list because it is not supported by this Supervisor","scope":"groups"}`, } }, wantStdout: func(issuerCABundle string, issuerURL string) string { @@ -2399,16 +2399,16 @@ func TestGetKubeconfig(t *testing.T) { }`), wantLogs: func(issuerCABundle string, issuerURL string) []string { return []string{ - `"level"=0 "msg"="discovered CredentialIssuer" "name"="test-credential-issuer"`, - `"level"=0 "msg"="discovered Concierge operating in TokenCredentialRequest API mode"`, - `"level"=0 "msg"="discovered Concierge endpoint" "endpoint"="https://fake-server-url-value"`, - `"level"=0 "msg"="discovered Concierge certificate authority bundle" "roots"=0`, - `"level"=0 "msg"="discovered JWTAuthenticator" "name"="test-authenticator"`, - fmt.Sprintf(`"level"=0 "msg"="discovered OIDC issuer" "issuer"="%s"`, issuerURL), - `"level"=0 "msg"="discovered OIDC audience" "audience"="test-audience"`, - `"level"=0 "msg"="discovered OIDC CA bundle" "roots"=1`, - `"level"=0 "msg"="removed scope from --oidc-scopes list because it is not supported by this Supervisor" "scope"="username"`, - `"level"=0 "msg"="removed scope from --oidc-scopes list because it is not supported by this Supervisor" "scope"="groups"`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.lookupCredentialIssuer","message":"discovered CredentialIssuer","name":"test-credential-issuer"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge operating in TokenCredentialRequest API mode"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge endpoint","endpoint":"https://fake-server-url-value"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge certificate authority bundle","roots":0}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered JWTAuthenticator","name":"test-authenticator"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC issuer","issuer":"` + issuerURL + `"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC audience","audience":"test-audience"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC CA bundle","roots":1}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.pinnipedSupervisorDiscovery.func1","message":"removed scope from --oidc-scopes list because it is not supported by this Supervisor","scope":"username"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.pinnipedSupervisorDiscovery.func1","message":"removed scope from --oidc-scopes list because it is not supported by this Supervisor","scope":"groups"}`, } }, wantStdout: func(issuerCABundle string, issuerURL string) string { @@ -2489,14 +2489,14 @@ func TestGetKubeconfig(t *testing.T) { }`), wantLogs: func(issuerCABundle string, issuerURL string) []string { return []string{ - `"level"=0 "msg"="discovered CredentialIssuer" "name"="test-credential-issuer"`, - `"level"=0 "msg"="discovered Concierge operating in TokenCredentialRequest API mode"`, - `"level"=0 "msg"="discovered Concierge endpoint" "endpoint"="https://fake-server-url-value"`, - `"level"=0 "msg"="discovered Concierge certificate authority bundle" "roots"=0`, - `"level"=0 "msg"="discovered JWTAuthenticator" "name"="test-authenticator"`, - fmt.Sprintf(`"level"=0 "msg"="discovered OIDC issuer" "issuer"="%s"`, issuerURL), - `"level"=0 "msg"="discovered OIDC audience" "audience"="test-audience"`, - `"level"=0 "msg"="discovered OIDC CA bundle" "roots"=1`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.lookupCredentialIssuer","message":"discovered CredentialIssuer","name":"test-credential-issuer"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge operating in TokenCredentialRequest API mode"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge endpoint","endpoint":"https://fake-server-url-value"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge certificate authority bundle","roots":0}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered JWTAuthenticator","name":"test-authenticator"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC issuer","issuer":"` + issuerURL + `"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC audience","audience":"test-audience"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC CA bundle","roots":1}`, } }, wantStdout: func(issuerCABundle string, issuerURL string) string { @@ -2567,14 +2567,14 @@ func TestGetKubeconfig(t *testing.T) { idpsDiscoveryStatusCode: http.StatusNotFound, // should not get called by the client in this case wantLogs: func(issuerCABundle string, issuerURL string) []string { return []string{ - `"level"=0 "msg"="discovered CredentialIssuer" "name"="test-credential-issuer"`, - `"level"=0 "msg"="discovered Concierge operating in TokenCredentialRequest API mode"`, - `"level"=0 "msg"="discovered Concierge endpoint" "endpoint"="https://fake-server-url-value"`, - `"level"=0 "msg"="discovered Concierge certificate authority bundle" "roots"=0`, - `"level"=0 "msg"="discovered JWTAuthenticator" "name"="test-authenticator"`, - fmt.Sprintf(`"level"=0 "msg"="discovered OIDC issuer" "issuer"="%s"`, issuerURL), - `"level"=0 "msg"="discovered OIDC audience" "audience"="test-audience"`, - `"level"=0 "msg"="discovered OIDC CA bundle" "roots"=1`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.lookupCredentialIssuer","message":"discovered CredentialIssuer","name":"test-credential-issuer"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge operating in TokenCredentialRequest API mode"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge endpoint","endpoint":"https://fake-server-url-value"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge certificate authority bundle","roots":0}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered JWTAuthenticator","name":"test-authenticator"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC issuer","issuer":"` + issuerURL + `"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC audience","audience":"test-audience"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC CA bundle","roots":1}`, } }, wantStdout: func(issuerCABundle string, issuerURL string) string { @@ -2650,14 +2650,14 @@ func TestGetKubeconfig(t *testing.T) { }`), wantLogs: func(issuerCABundle string, issuerURL string) []string { return []string{ - `"level"=0 "msg"="discovered CredentialIssuer" "name"="test-credential-issuer"`, - `"level"=0 "msg"="discovered Concierge operating in TokenCredentialRequest API mode"`, - `"level"=0 "msg"="discovered Concierge endpoint" "endpoint"="https://fake-server-url-value"`, - `"level"=0 "msg"="discovered Concierge certificate authority bundle" "roots"=0`, - `"level"=0 "msg"="discovered JWTAuthenticator" "name"="test-authenticator"`, - fmt.Sprintf(`"level"=0 "msg"="discovered OIDC issuer" "issuer"="%s"`, issuerURL), - `"level"=0 "msg"="discovered OIDC audience" "audience"="test-audience"`, - `"level"=0 "msg"="discovered OIDC CA bundle" "roots"=1`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.lookupCredentialIssuer","message":"discovered CredentialIssuer","name":"test-credential-issuer"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge operating in TokenCredentialRequest API mode"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge endpoint","endpoint":"https://fake-server-url-value"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge certificate authority bundle","roots":0}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered JWTAuthenticator","name":"test-authenticator"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC issuer","issuer":"` + issuerURL + `"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC audience","audience":"test-audience"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered OIDC CA bundle","roots":1}`, } }, wantStdout: func(issuerCABundle string, issuerURL string) string { @@ -3152,11 +3152,11 @@ func TestGetKubeconfig(t *testing.T) { }, wantLogs: func(issuerCABundle string, issuerURL string) []string { return []string{ - `"level"=0 "msg"="discovered CredentialIssuer" "name"="test-credential-issuer"`, - `"level"=0 "msg"="discovered Concierge operating in TokenCredentialRequest API mode"`, - `"level"=0 "msg"="discovered Concierge endpoint" "endpoint"="https://fake-server-url-value"`, - `"level"=0 "msg"="discovered Concierge certificate authority bundle" "roots"=0`, - `"level"=0 "msg"="discovered WebhookAuthenticator" "name"="test-authenticator"`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.lookupCredentialIssuer","message":"discovered CredentialIssuer","name":"test-credential-issuer"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge operating in TokenCredentialRequest API mode"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge endpoint","endpoint":"https://fake-server-url-value"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverConciergeParams","message":"discovered Concierge certificate authority bundle","roots":0}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"cmd/kubeconfig.go:$cmd.discoverAuthenticatorParams","message":"discovered WebhookAuthenticator","name":"test-authenticator"}`, } }, wantStdout: func(issuerCABundle string, issuerURL string) string { @@ -3232,7 +3232,8 @@ func TestGetKubeconfig(t *testing.T) { }), nil) issuerEndpointPtr = ptr.To(testServer.URL) - testLog := testlogger.NewLegacy(t) //nolint:staticcheck // old test with lots of log statements + var log bytes.Buffer + cmd := kubeconfigCommand(kubeconfigDeps{ getPathToSelf: func() (string, error) { if tt.getPathToSelfErr != nil { @@ -3258,7 +3259,7 @@ func TestGetKubeconfig(t *testing.T) { } return fake, nil }, - log: testLog.Logger, + log: plog.TestLogger(t, &log), }) require.NotNil(t, cmd) @@ -3275,11 +3276,14 @@ func TestGetKubeconfig(t *testing.T) { require.NoError(t, err) } - var expectedLogs []string + var expectedLogs string if tt.wantLogs != nil { - expectedLogs = tt.wantLogs(string(testServerCA), testServer.URL) + temp := tt.wantLogs(string(testServerCA), testServer.URL) + if len(temp) > 0 { + expectedLogs = strings.Join(tt.wantLogs(string(testServerCA), testServer.URL), "\n") + "\n" + } } - testLog.Expect(expectedLogs) + require.Equal(t, expectedLogs, log.String()) expectedStdout := "" if tt.wantStdout != nil { diff --git a/cmd/pinniped/cmd/login_oidc.go b/cmd/pinniped/cmd/login_oidc.go index 057de7729..ea93a6678 100644 --- a/cmd/pinniped/cmd/login_oidc.go +++ b/cmd/pinniped/cmd/login_oidc.go @@ -186,7 +186,7 @@ func runOIDCLogin(cmd *cobra.Command, deps oidcLoginCommandDeps, flags oidcLogin // Initialize the login handler. opts := []oidcclient.Option{ deps.optionsFactory.WithContext(cmd.Context()), - deps.optionsFactory.WithLogger(plog.Logr()), //nolint:staticcheck // old code with lots of log statements + deps.optionsFactory.WithLoginLogger(plog.New()), deps.optionsFactory.WithScopes(flags.scopes), deps.optionsFactory.WithSessionCache(sessionCache), } diff --git a/cmd/pinniped/cmd/login_oidc_test.go b/cmd/pinniped/cmd/login_oidc_test.go index 06c544b61..ce631c22c 100644 --- a/cmd/pinniped/cmd/login_oidc_test.go +++ b/cmd/pinniped/cmd/login_oidc_test.go @@ -48,7 +48,7 @@ func TestLoginOIDCCommand(t *testing.T) { defaultWantedOptions := func(f *mockoidcclientoptions.MockOIDCClientOptions) { f.EXPECT().WithContext(gomock.Any()) - f.EXPECT().WithLogger(gomock.Any()) + f.EXPECT().WithLoginLogger(gomock.Any()) f.EXPECT().WithScopes([]string{oidcapi.ScopeOfflineAccess, oidcapi.ScopeOpenID, oidcapi.ScopeRequestAudience, oidcapi.ScopeUsername, oidcapi.ScopeGroups}) f.EXPECT().WithSessionCache(gomock.Any()) } @@ -304,7 +304,7 @@ func TestLoginOIDCCommand(t *testing.T) { env: map[string]string{"PINNIPED_DEBUG": "true", "PINNIPED_SKIP_PRINT_LOGIN_URL": "true"}, wantOptions: func(f *mockoidcclientoptions.MockOIDCClientOptions) { f.EXPECT().WithContext(gomock.Any()) - f.EXPECT().WithLogger(gomock.Any()) + f.EXPECT().WithLoginLogger(gomock.Any()) f.EXPECT().WithScopes([]string{oidcapi.ScopeOfflineAccess, oidcapi.ScopeOpenID, oidcapi.ScopeRequestAudience, oidcapi.ScopeUsername, oidcapi.ScopeGroups}) f.EXPECT().WithSessionCache(gomock.Any()) f.EXPECT().WithListenPort(uint16(1234)) diff --git a/cmd/pinniped/cmd/oidc_client_options.go b/cmd/pinniped/cmd/oidc_client_options.go index 7b5f098c9..2892dbeb1 100644 --- a/cmd/pinniped/cmd/oidc_client_options.go +++ b/cmd/pinniped/cmd/oidc_client_options.go @@ -19,6 +19,7 @@ import ( type OIDCClientOptions interface { WithContext(ctx context.Context) oidcclient.Option WithLogger(logger logr.Logger) oidcclient.Option + WithLoginLogger(logger oidcclient.Logger) oidcclient.Option WithListenPort(port uint16) oidcclient.Option WithSkipBrowserOpen() oidcclient.Option WithSkipListen() oidcclient.Option @@ -41,7 +42,11 @@ func (o *clientOptions) WithContext(ctx context.Context) oidcclient.Option { } func (o *clientOptions) WithLogger(logger logr.Logger) oidcclient.Option { - return oidcclient.WithLogger(logger) + return oidcclient.WithLogger(logger) //nolint:staticcheck // this is a shim for the deprecated code +} + +func (o *clientOptions) WithLoginLogger(logger oidcclient.Logger) oidcclient.Option { + return oidcclient.WithLoginLogger(logger) } func (o *clientOptions) WithListenPort(port uint16) oidcclient.Option { diff --git a/internal/controller/authenticator/cachecleaner/cachecleaner.go b/internal/controller/authenticator/cachecleaner/cachecleaner.go index 772bd57c2..04e813d00 100644 --- a/internal/controller/authenticator/cachecleaner/cachecleaner.go +++ b/internal/controller/authenticator/cachecleaner/cachecleaner.go @@ -7,7 +7,6 @@ package cachecleaner import ( "fmt" - "github.com/go-logr/logr" "k8s.io/apimachinery/pkg/labels" "k8s.io/klog/v2" @@ -17,6 +16,7 @@ import ( "go.pinniped.dev/internal/controller/authenticator" "go.pinniped.dev/internal/controller/authenticator/authncache" "go.pinniped.dev/internal/controllerlib" + "go.pinniped.dev/internal/plog" ) // New instantiates a new controllerlib.Controller which will garbage collect authenticators from the provided Cache. @@ -24,7 +24,7 @@ func New( cache *authncache.Cache, webhooks authinformers.WebhookAuthenticatorInformer, jwtAuthenticators authinformers.JWTAuthenticatorInformer, - log logr.Logger, + log plog.Logger, ) controllerlib.Controller { return controllerlib.New( controllerlib.Config{ @@ -53,7 +53,7 @@ type controller struct { cache *authncache.Cache webhooks authinformers.WebhookAuthenticatorInformer jwtAuthenticators authinformers.JWTAuthenticatorInformer - log logr.Logger + log plog.Logger } // Sync implements controllerlib.Syncer. diff --git a/internal/controller/authenticator/cachecleaner/cachecleaner_test.go b/internal/controller/authenticator/cachecleaner/cachecleaner_test.go index 8837d9483..3602c0b21 100644 --- a/internal/controller/authenticator/cachecleaner/cachecleaner_test.go +++ b/internal/controller/authenticator/cachecleaner/cachecleaner_test.go @@ -4,6 +4,7 @@ package cachecleaner import ( + "bytes" "context" "testing" @@ -18,7 +19,8 @@ import ( controllerAuthenticator "go.pinniped.dev/internal/controller/authenticator" "go.pinniped.dev/internal/controller/authenticator/authncache" "go.pinniped.dev/internal/controllerlib" - "go.pinniped.dev/internal/testutil/testlogger" + "go.pinniped.dev/internal/plog" + "go.pinniped.dev/internal/testutil" ) func TestController(t *testing.T) { @@ -126,8 +128,8 @@ func TestController(t *testing.T) { }, }, wantLogs: []string{ - `cachecleaner-controller "level"=0 "msg"="deleting authenticator from cache" "authenticator"={"name":"test-jwt-authenticator-name-two"} "kind"="JWTAuthenticator"`, - `cachecleaner-controller "level"=0 "msg"="deleting authenticator from cache" "authenticator"={"name":"test-webhook-name-two"} "kind"="WebhookAuthenticator"`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"cachecleaner-controller","caller":"cachecleaner/cachecleaner.go:$cachecleaner.(*controller).Sync","message":"deleting authenticator from cache","authenticator":{"name":"test-jwt-authenticator-name-two"},"kind":"JWTAuthenticator"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"cachecleaner-controller","caller":"cachecleaner/cachecleaner.go:$cachecleaner.(*controller).Sync","message":"deleting authenticator from cache","authenticator":{"name":"test-webhook-name-two"},"kind":"WebhookAuthenticator"}`, }, wantCacheKeys: []authncache.Key{testWebhookKey1, testJWTAuthenticatorKey1, testKeyUnknownType}, }, @@ -142,11 +144,12 @@ func TestController(t *testing.T) { if tt.initialCache != nil { tt.initialCache(t, cache) } - testLog := testlogger.NewLegacy(t) //nolint:staticcheck // old test with lots of log statements - webhooks := informers.Authentication().V1alpha1().WebhookAuthenticators() jwtAuthenticators := informers.Authentication().V1alpha1().JWTAuthenticators() - controller := New(cache, webhooks, jwtAuthenticators, testLog.Logger) + var log bytes.Buffer + logger := plog.TestLogger(t, &log) + + controller := New(cache, webhooks, jwtAuthenticators, logger) ctx, cancel := context.WithCancel(context.Background()) defer cancel() @@ -167,7 +170,7 @@ func TestController(t *testing.T) { } else { require.NoError(t, err) } - require.ElementsMatch(t, tt.wantLogs, testLog.Lines()) + require.ElementsMatch(t, tt.wantLogs, testutil.SplitByNewline(log.String())) require.ElementsMatch(t, tt.wantCacheKeys, cache.Keys()) }) } diff --git a/internal/controller/impersonatorconfig/impersonator_config.go b/internal/controller/impersonatorconfig/impersonator_config.go index 12e63768f..f7f44729d 100644 --- a/internal/controller/impersonatorconfig/impersonator_config.go +++ b/internal/controller/impersonatorconfig/impersonator_config.go @@ -16,7 +16,6 @@ import ( "strings" "time" - "github.com/go-logr/logr" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/equality" apierrors "k8s.io/apimachinery/pkg/api/errors" @@ -85,8 +84,7 @@ type impersonatorConfigController struct { serverStopCh chan struct{} errorCh chan error tlsServingCertDynamicCertProvider dynamiccert.Private - infoLog logr.Logger - debugLog logr.Logger + log plog.Logger impersonationProxyTokenCache tokenclient.ExpiringSingletonTokenCacheGet } @@ -110,7 +108,7 @@ func NewImpersonatorConfigController( impersonatorFunc impersonator.FactoryFunc, impersonationSignerSecretName string, impersonationSigningCertProvider dynamiccert.Provider, - log logr.Logger, + log plog.Logger, impersonationProxyTokenCache tokenclient.ExpiringSingletonTokenCacheGet, ) controllerlib.Controller { secretNames := sets.NewString(tlsSecretName, caSecretName, impersonationSignerSecretName) @@ -137,8 +135,7 @@ func NewImpersonatorConfigController( impersonationSigningCertProvider: impersonationSigningCertProvider, impersonatorFunc: impersonatorFunc, tlsServingCertDynamicCertProvider: dynamiccert.NewServingCert("impersonation-proxy-serving-cert"), - infoLog: log.V(plog.KlogLevelInfo), - debugLog: log.V(plog.KlogLevelDebug), + log: log, impersonationProxyTokenCache: impersonationProxyTokenCache, }, }, @@ -183,7 +180,7 @@ func NewImpersonatorConfigController( } func (c *impersonatorConfigController) Sync(syncCtx controllerlib.Context) error { - c.debugLog.Info("starting impersonatorConfigController Sync") + c.log.Debug("starting impersonatorConfigController Sync") // Load the CredentialIssuer that we'll update with status. credIssuer, err := c.credIssuerInformer.Lister().Get(c.credentialIssuerResourceName) @@ -210,7 +207,7 @@ func (c *impersonatorConfigController) Sync(syncCtx controllerlib.Context) error )}) if err == nil { - c.debugLog.Info("successfully finished impersonatorConfigController Sync") + c.log.Debug("successfully finished impersonatorConfigController Sync") } return err } @@ -261,7 +258,7 @@ func (c *impersonatorConfigController) doSync(syncCtx controllerlib.Context, cre return nil, err } c.hasControlPlaneNodes = &hasControlPlaneNodes - c.debugLog.Info("queried for control plane nodes", "foundControlPlaneNodes", hasControlPlaneNodes) + c.log.Debug("queried for control plane nodes", "foundControlPlaneNodes", hasControlPlaneNodes) } if c.shouldHaveImpersonator(impersonationSpec) { @@ -360,7 +357,7 @@ func (c *impersonatorConfigController) evaluateExternallyProvidedTLSSecret( return nil, fmt.Errorf("must provide impersonationSpec.TLS.secretName if impersonationSpec.TLS is provided") } - c.infoLog.Info("configuring the impersonation proxy to use an externally provided TLS secret", + c.log.Info("configuring the impersonation proxy to use an externally provided TLS secret", "secretName", tlsSpec.SecretName) // Ensure that any TLS secret generated by this controller is removed @@ -389,7 +386,7 @@ func (c *impersonatorConfigController) evaluateExternallyProvidedTLSSecret( return nil, fmt.Errorf("could not decode impersonationSpec.TLS.certificateAuthorityData: data is not a certificate") } - c.infoLog.Info("the impersonation proxy will advertise its CA Bundle from impersonationSpec.TLS.CertificateAuthorityData", + c.log.Info("the impersonation proxy will advertise its CA Bundle from impersonationSpec.TLS.CertificateAuthorityData", "CertificateAuthorityData", caBundle) } @@ -411,7 +408,7 @@ func (c *impersonatorConfigController) loadImpersonationProxyConfiguration(credI if err := validateCredentialIssuerSpec(spec); err != nil { return nil, fmt.Errorf("could not load CredentialIssuer spec.impersonationProxy: %w", err) } - c.debugLog.Info("read impersonation proxy config", "credentialIssuer", c.credentialIssuerResourceName) + c.log.Debug("read impersonation proxy config", "credentialIssuer", c.credentialIssuerResourceName) return spec, nil } @@ -487,7 +484,7 @@ func (c *impersonatorConfigController) ensureImpersonatorIsStarted(syncCtx contr } } - c.infoLog.Info("starting impersonation proxy", "port", c.impersonationProxyPort) + c.log.Info("starting impersonation proxy", "port", c.impersonationProxyPort) startImpersonatorFunc, err := c.impersonatorFunc( c.impersonationProxyPort, c.tlsServingCertDynamicCertProvider, @@ -523,7 +520,7 @@ func (c *impersonatorConfigController) ensureImpersonatorIsStopped(shouldCloseEr return nil } - c.infoLog.Info("stopping impersonation proxy", "port", c.impersonationProxyPort) + c.log.Info("stopping impersonation proxy", "port", c.impersonationProxyPort) close(c.serverStopCh) stopErr := <-c.errorCh @@ -571,7 +568,7 @@ func (c *impersonatorConfigController) ensureLoadBalancerIsStopped(ctx context.C return nil } - c.infoLog.Info("deleting load balancer for impersonation proxy", + c.log.Info("deleting load balancer for impersonation proxy", "service", klog.KRef(c.namespace, c.generatedLoadBalancerServiceName), ) err = c.k8sClient.CoreV1().Services(c.namespace).Delete(ctx, c.generatedLoadBalancerServiceName, metav1.DeleteOptions{ @@ -616,7 +613,7 @@ func (c *impersonatorConfigController) ensureClusterIPServiceIsStopped(ctx conte return nil } - c.infoLog.Info("deleting cluster ip for impersonation proxy", + c.log.Info("deleting cluster ip for impersonation proxy", "service", klog.KRef(c.namespace, c.generatedClusterIPServiceName), ) err = c.k8sClient.CoreV1().Services(c.namespace).Delete(ctx, c.generatedClusterIPServiceName, metav1.DeleteOptions{ @@ -629,7 +626,7 @@ func (c *impersonatorConfigController) ensureClusterIPServiceIsStopped(ctx conte } func (c *impersonatorConfigController) createOrUpdateService(ctx context.Context, desiredService *corev1.Service) error { - log := c.infoLog.WithValues("serviceType", desiredService.Spec.Type, "service", klog.KObj(desiredService)) + log := c.log.WithValues("serviceType", desiredService.Spec.Type, "service", klog.KObj(desiredService)) // Prepare to remember which annotation keys were added from the CredentialIssuer spec, both for // creates and for updates, in case someone removes a key from the spec in the future. We would like @@ -713,7 +710,7 @@ func (c *impersonatorConfigController) createOrUpdateService(ctx context.Context } // Otherwise apply the updates. - c.infoLog.Info("updating service for impersonation proxy") + c.log.Info("updating service for impersonation proxy") _, err = c.k8sClient.CoreV1().Services(c.namespace).Update(ctx, updatedService, metav1.UpdateOptions{}) return err } @@ -721,12 +718,12 @@ func (c *impersonatorConfigController) createOrUpdateService(ctx context.Context func (c *impersonatorConfigController) readExternalTLSSecret(externalTLSSecretName string) (impersonationCABundle []byte, err error) { secretFromInformer, err := c.secretsInformer.Lister().Secrets(c.namespace).Get(externalTLSSecretName) if err != nil { - c.infoLog.Info("could not find externally provided TLS secret for the impersonation proxy", + c.log.Info("could not find externally provided TLS secret for the impersonation proxy", "secretName", externalTLSSecretName) return nil, err } - c.infoLog.Info("found externally provided TLS secret for the impersonation proxy", + c.log.Info("found externally provided TLS secret for the impersonation proxy", "secretName", externalTLSSecretName) err = c.loadTLSCertFromSecret(secretFromInformer) @@ -778,7 +775,7 @@ func (c *impersonatorConfigController) deleteTLSSecretWhenCertificateDoesNotMatc certPEM := secret.Data[corev1.TLSCertKey] block, _ := pem.Decode(certPEM) if block == nil { - c.infoLog.Info("found missing or not PEM-encoded data in TLS Secret", + c.log.Info("found missing or not PEM-encoded data in TLS Secret", "invalidCertPEM", string(certPEM), "secret", klog.KObj(secret), ) @@ -791,7 +788,8 @@ func (c *impersonatorConfigController) deleteTLSSecretWhenCertificateDoesNotMatc actualCertFromSecret, err := x509.ParseCertificate(block.Bytes) if err != nil { - c.infoLog.Error(err, "found missing or not PEM-encoded data in TLS Secret", + c.log.Error("found missing or not PEM-encoded data in TLS Secret", + err, "invalidCertPEM", string(certPEM), "secret", klog.KObj(secret), ) @@ -804,7 +802,8 @@ func (c *impersonatorConfigController) deleteTLSSecretWhenCertificateDoesNotMatc keyPEM := secret.Data[corev1.TLSPrivateKeyKey] _, err = tls.X509KeyPair(certPEM, keyPEM) if err != nil { - c.infoLog.Error(err, "found invalid private key PEM data in TLS Secret", + c.log.Error("found invalid private key PEM data in TLS Secret", + err, "invalidCertPEM", string(certPEM), "secret", klog.KObj(secret), ) @@ -835,7 +834,7 @@ func (c *impersonatorConfigController) deleteTLSSecretWhenCertificateDoesNotMatc actualIPs := actualCertFromSecret.IPAddresses actualHostnames := actualCertFromSecret.DNSNames - c.infoLog.Info("checking TLS certificate names", + c.log.Info("checking TLS certificate names", "desiredIPs", nameInfo.selectedIPs, "desiredHostname", nameInfo.selectedHostname, "actualIPs", actualIPs, @@ -940,7 +939,7 @@ func (c *impersonatorConfigController) createCASecret(ctx context.Context) (*cer Type: corev1.SecretTypeOpaque, } - c.infoLog.Info("creating CA certificates for impersonation proxy", + c.log.Info("creating CA certificates for impersonation proxy", "secret", klog.KObj(&secret), ) if _, err = c.k8sClient.CoreV1().Secrets(c.namespace).Create(ctx, &secret, metav1.CreateOptions{}); err != nil { @@ -981,7 +980,7 @@ func (c *impersonatorConfigController) findTLSCertificateNameFromLoadBalancer() } ingresses := lb.Status.LoadBalancer.Ingress if len(ingresses) == 0 || (ingresses[0].Hostname == "" && ingresses[0].IP == "") { - c.infoLog.Info("load balancer for impersonation proxy does not have an ingress yet, so skipping tls cert generation while we wait", + c.log.Info("load balancer for impersonation proxy does not have an ingress yet, so skipping tls cert generation while we wait", "service", klog.KObj(lb), ) return &certNameInfo{ready: false}, nil @@ -1059,7 +1058,7 @@ func (c *impersonatorConfigController) createNewTLSSecret(ctx context.Context, c Type: corev1.SecretTypeTLS, } - c.infoLog.Info("creating TLS certificates for impersonation proxy", + c.log.Info("creating TLS certificates for impersonation proxy", "ips", ips, "hostnames", hostnames, "secret", klog.KObj(newTLSSecret), @@ -1075,7 +1074,7 @@ func (c *impersonatorConfigController) loadTLSCertFromSecret(tlsSecret *corev1.S return fmt.Errorf("could not parse TLS cert PEM data from Secret: %w", err) } - c.infoLog.Info("loading TLS certificates for impersonation proxy", + c.log.Info("loading TLS certificates for impersonation proxy", "certPEM", string(certPEM), "secret", klog.KObj(tlsSecret), ) @@ -1091,7 +1090,7 @@ func (c *impersonatorConfigController) ensureTLSSecretIsRemoved(ctx context.Cont if !tlsSecretExists { return nil } - c.infoLog.Info("deleting TLS serving certificate for impersonation proxy", + c.log.Info("deleting TLS serving certificate for impersonation proxy", "secret", klog.KRef(c.namespace, c.tlsSecretName), ) err = c.k8sClient.CoreV1().Secrets(c.namespace).Delete(ctx, c.tlsSecretName, metav1.DeleteOptions{ @@ -1106,7 +1105,7 @@ func (c *impersonatorConfigController) ensureTLSSecretIsRemoved(ctx context.Cont } func (c *impersonatorConfigController) clearTLSSecret() { - c.debugLog.Info("clearing TLS serving certificate for impersonation proxy") + c.log.Debug("clearing TLS serving certificate for impersonation proxy") c.tlsServingCertDynamicCertProvider.UnsetCertKeyContent() } @@ -1123,7 +1122,7 @@ func (c *impersonatorConfigController) loadSignerCA() error { return fmt.Errorf("could not set the impersonator's credential signing secret: %w", err) } - c.infoLog.Info("loading credential signing certificate for impersonation proxy", + c.log.Info("loading credential signing certificate for impersonation proxy", "certPEM", string(certPEM), "secret", klog.KObj(signingCertSecret), ) @@ -1132,7 +1131,7 @@ func (c *impersonatorConfigController) loadSignerCA() error { } func (c *impersonatorConfigController) clearSignerCA() { - c.debugLog.Info("clearing credential signing certificate for impersonation proxy") + c.log.Debug("clearing credential signing certificate for impersonation proxy") c.impersonationSigningCertProvider.UnsetCertKeyContent() } diff --git a/internal/controller/impersonatorconfig/impersonator_config_test.go b/internal/controller/impersonatorconfig/impersonator_config_test.go index 19956387c..1363ab740 100644 --- a/internal/controller/impersonatorconfig/impersonator_config_test.go +++ b/internal/controller/impersonatorconfig/impersonator_config_test.go @@ -4,6 +4,7 @@ package impersonatorconfig import ( + "bytes" "context" "crypto/tls" "crypto/x509" @@ -74,6 +75,9 @@ func TestImpersonatorConfigControllerOptions(t *testing.T) { servicesInformer := sharedInformerFactory.Core().V1().Services() secretsInformer := sharedInformerFactory.Core().V1().Secrets() + var log bytes.Buffer + logger := plog.TestLogger(t, &log) + _ = NewImpersonatorConfigController( installedInNamespace, credentialIssuerResourceName, @@ -93,7 +97,7 @@ func TestImpersonatorConfigControllerOptions(t *testing.T) { nil, caSignerName, nil, - plog.Logr(), //nolint:staticcheck // old test with no log assertions + logger, nil, ) credIssuerInformerFilter = observableWithInformerOption.GetFilterForInformer(credIssuerInformer) @@ -565,6 +569,9 @@ func TestImpersonatorConfigControllerSync(t *testing.T) { // Defer starting the informers until the last possible moment so that the // nested Before's can keep adding things to the informer caches. var startInformersAndController = func() { + var log bytes.Buffer + logger := plog.TestLogger(t, &log) + // Set this at the last second to allow for injection of server override. subject = NewImpersonatorConfigController( installedInNamespace, @@ -585,7 +592,7 @@ func TestImpersonatorConfigControllerSync(t *testing.T) { impersonatorFunc, mTLSClientCertCASecretName, mTLSClientCertProvider, - plog.Logr(), //nolint:staticcheck // old test with no log assertions, + logger, fakeExpiringSingletonTokenCacheGet, ) controllerlib.TestWrap(t, subject, func(syncer controllerlib.Syncer) controllerlib.Syncer { diff --git a/internal/controller/kubecertagent/kubecertagent.go b/internal/controller/kubecertagent/kubecertagent.go index 9e02e6c3b..abdf462ee 100644 --- a/internal/controller/kubecertagent/kubecertagent.go +++ b/internal/controller/kubecertagent/kubecertagent.go @@ -15,7 +15,6 @@ import ( "strings" "time" - "github.com/go-logr/logr" "github.com/spf13/pflag" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" @@ -143,7 +142,7 @@ type agentController struct { executor PodCommandExecutor dynamicCertProvider dynamiccert.Private clock clock.Clock - log logr.Logger + log plog.Logger execCache *cache.Expiring } @@ -183,7 +182,7 @@ func NewAgentController( dynamicCertProvider, &clock.RealClock{}, cache.NewExpiring(), - plog.Logr(), //nolint:staticcheck // old controller with lots of log statements + plog.New(), ) } @@ -199,7 +198,7 @@ func newAgentController( dynamicCertProvider dynamiccert.Private, clock clock.Clock, execCache *cache.Expiring, - log logr.Logger, + log plog.Logger, ) controllerlib.Controller { return controllerlib.New( controllerlib.Config{ diff --git a/internal/controller/kubecertagent/kubecertagent_test.go b/internal/controller/kubecertagent/kubecertagent_test.go index d826ba750..516d154cb 100644 --- a/internal/controller/kubecertagent/kubecertagent_test.go +++ b/internal/controller/kubecertagent/kubecertagent_test.go @@ -1032,8 +1032,8 @@ func TestAgentController(t *testing.T) { kubeInformers := informers.NewSharedInformerFactory(kubeClientset, 0) - var buf bytes.Buffer - log := plog.TestZapr(t, &buf) + var log bytes.Buffer + logger := plog.TestLogger(t, &log) ctrl := gomock.NewController(t) defer ctrl.Finish() @@ -1071,7 +1071,7 @@ func TestAgentController(t *testing.T) { mockDynamicCert, fakeClock, execCache, - log, + logger, ) ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) @@ -1085,7 +1085,7 @@ func TestAgentController(t *testing.T) { allAllowedErrors := slices.Concat(tt.wantDistinctErrors, tt.alsoAllowUndesiredDistinctErrors) assert.Subsetf(t, allAllowedErrors, actualErrors, "actual errors contained additional error(s) which is not expected by the test") - assert.Equal(t, tt.wantDistinctLogs, deduplicate(testutil.SplitByNewline(buf.String())), "unexpected logs") + assert.Equal(t, tt.wantDistinctLogs, deduplicate(testutil.SplitByNewline(log.String())), "unexpected logs") // Assert on all actions that happened to deployments. var actualDeploymentActionVerbs []string diff --git a/internal/controller/kubecertagent/legacypodcleaner.go b/internal/controller/kubecertagent/legacypodcleaner.go index 8a776811e..4810e05f1 100644 --- a/internal/controller/kubecertagent/legacypodcleaner.go +++ b/internal/controller/kubecertagent/legacypodcleaner.go @@ -6,7 +6,6 @@ package kubecertagent import ( "fmt" - "github.com/go-logr/logr" apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" @@ -16,6 +15,7 @@ import ( pinnipedcontroller "go.pinniped.dev/internal/controller" "go.pinniped.dev/internal/controllerlib" "go.pinniped.dev/internal/kubeclient" + "go.pinniped.dev/internal/plog" ) // NewLegacyPodCleanerController returns a controller that cleans up legacy kube-cert-agent Pods created by Pinniped v0.7.0 and below. @@ -23,7 +23,7 @@ func NewLegacyPodCleanerController( cfg AgentConfig, client *kubeclient.Client, agentPods corev1informers.PodInformer, - log logr.Logger, + log plog.Logger, ) controllerlib.Controller { // legacyAgentLabels are the Kubernetes labels we previously added to agent pods (the new value is "v2"). // We also expect these pods to have the "extra" labels configured on the Concierge. diff --git a/internal/controller/kubecertagent/legacypodcleaner_test.go b/internal/controller/kubecertagent/legacypodcleaner_test.go index 3aacf6d96..26376b97d 100644 --- a/internal/controller/kubecertagent/legacypodcleaner_test.go +++ b/internal/controller/kubecertagent/legacypodcleaner_test.go @@ -4,6 +4,7 @@ package kubecertagent import ( + "bytes" "context" "fmt" "testing" @@ -19,8 +20,8 @@ import ( coretesting "k8s.io/client-go/testing" "go.pinniped.dev/internal/kubeclient" + "go.pinniped.dev/internal/plog" "go.pinniped.dev/internal/testutil" - "go.pinniped.dev/internal/testutil/testlogger" ) func TestLegacyPodCleanerController(t *testing.T) { @@ -72,7 +73,7 @@ func TestLegacyPodCleanerController(t *testing.T) { }, wantDistinctErrors: []string{""}, wantDistinctLogs: []string{ - `legacy-pod-cleaner-controller "level"=0 "msg"="deleted legacy kube-cert-agent pod" "pod"={"name":"pinniped-concierge-kube-cert-agent-with-extra-label","namespace":"concierge"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"legacy-pod-cleaner-controller","caller":"kubecertagent/legacypodcleaner.go:$kubecertagent.NewLegacyPodCleanerController.func1","message":"deleted legacy kube-cert-agent pod","pod":{"name":"pinniped-concierge-kube-cert-agent-with-extra-label","namespace":"concierge"}}`, }, wantActions: []coretesting.Action{ // the first delete triggers the informer again, but the second invocation triggers a Not Found coretesting.NewGetAction(corev1.Resource("pods").WithVersion("v1"), "concierge", legacyAgentPodWithExtraLabel.Name), @@ -148,7 +149,8 @@ func TestLegacyPodCleanerController(t *testing.T) { } kubeInformers := informers.NewSharedInformerFactory(kubeClientset, 0) - log := testlogger.NewLegacy(t) //nolint:staticcheck // old test with lots of log statements + var log bytes.Buffer + logger := plog.TestLogger(t, &log) controller := NewLegacyPodCleanerController( AgentConfig{ Namespace: "concierge", @@ -156,7 +158,7 @@ func TestLegacyPodCleanerController(t *testing.T) { }, &kubeclient.Client{Kubernetes: kubeClientset}, kubeInformers.Core().V1().Pods(), - log.Logger, + logger, ) ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) @@ -164,7 +166,7 @@ func TestLegacyPodCleanerController(t *testing.T) { errorMessages := runControllerUntilQuiet(ctx, t, controller, func(_ context.Context, _ *testing.T) {}, kubeInformers) assert.Equal(t, tt.wantDistinctErrors, deduplicate(errorMessages), "unexpected errors") - assert.Equal(t, tt.wantDistinctLogs, deduplicate(log.Lines()), "unexpected logs") + assert.Equal(t, tt.wantDistinctLogs, deduplicate(testutil.SplitByNewline(log.String())), "unexpected logs") assert.Equal(t, tt.wantActions, kubeClientset.Actions()[2:], "unexpected actions") }) } diff --git a/internal/controller/supervisorconfig/oidcupstreamwatcher/oidc_upstream_watcher.go b/internal/controller/supervisorconfig/oidcupstreamwatcher/oidc_upstream_watcher.go index f659e55d5..cda75c49f 100644 --- a/internal/controller/supervisorconfig/oidcupstreamwatcher/oidc_upstream_watcher.go +++ b/internal/controller/supervisorconfig/oidcupstreamwatcher/oidc_upstream_watcher.go @@ -15,7 +15,6 @@ import ( "time" coreosoidc "github.com/coreos/go-oidc/v3/oidc" - "github.com/go-logr/logr" "golang.org/x/oauth2" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/equality" @@ -125,7 +124,7 @@ func (c *lruValidatorCache) cacheKey(spec *idpv1alpha1.OIDCIdentityProviderSpec) type oidcWatcherController struct { cache UpstreamOIDCIdentityProviderICache - log logr.Logger + log plog.Logger client supervisorclientset.Interface oidcIdentityProviderInformer idpinformers.OIDCIdentityProviderInformer secretInformer corev1informers.SecretInformer @@ -141,7 +140,7 @@ func New( client supervisorclientset.Interface, oidcIdentityProviderInformer idpinformers.OIDCIdentityProviderInformer, secretInformer corev1informers.SecretInformer, - log logr.Logger, + log plog.Logger, withInformer pinnipedcontroller.WithInformerOptionFunc, ) controllerlib.Controller { c := oidcWatcherController{ @@ -251,7 +250,7 @@ func (c *oidcWatcherController) validateUpstream(ctx controllerlib.Context, upst "type", condition.Type, "reason", condition.Reason, "message", condition.Message, - ).Error(errOIDCFailureStatus, "found failing condition") + ).Error("found failing condition", errOIDCFailureStatus) } } if valid { @@ -333,11 +332,11 @@ func (c *oidcWatcherController) validateIssuer(ctx context.Context, upstream *id discoveredProvider, err = coreosoidc.NewProvider(coreosoidc.ClientContext(ctx, httpClient), upstream.Spec.Issuer) if err != nil { - c.log.V(plog.KlogLevelTrace).WithValues( + c.log.WithValues( "namespace", upstream.Namespace, "name", upstream.Name, "issuer", upstream.Spec.Issuer, - ).Error(err, "failed to perform OIDC discovery") + ).Error("failed to perform OIDC discovery", err) return &metav1.Condition{ Type: typeOIDCDiscoverySucceeded, Status: metav1.ConditionFalse, @@ -428,7 +427,7 @@ func (c *oidcWatcherController) updateStatus(ctx context.Context, upstream *idpv OIDCIdentityProviders(upstream.Namespace). UpdateStatus(ctx, updated, metav1.UpdateOptions{}) if err != nil { - log.Error(err, "failed to update status") + log.Error("failed to update status", err) } } diff --git a/internal/controller/supervisorconfig/oidcupstreamwatcher/oidc_upstream_watcher_test.go b/internal/controller/supervisorconfig/oidcupstreamwatcher/oidc_upstream_watcher_test.go index 53f9356d4..1f8889434 100644 --- a/internal/controller/supervisorconfig/oidcupstreamwatcher/oidc_upstream_watcher_test.go +++ b/internal/controller/supervisorconfig/oidcupstreamwatcher/oidc_upstream_watcher_test.go @@ -4,6 +4,7 @@ package oidcupstreamwatcher import ( + "bytes" "context" "encoding/base64" "encoding/json" @@ -33,7 +34,6 @@ import ( "go.pinniped.dev/internal/plog" "go.pinniped.dev/internal/testutil" "go.pinniped.dev/internal/testutil/oidctestutil" - "go.pinniped.dev/internal/testutil/testlogger" "go.pinniped.dev/internal/testutil/tlsserver" "go.pinniped.dev/internal/upstreamoidc" ) @@ -87,12 +87,15 @@ func TestOIDCUpstreamWatcherControllerFilterSecret(t *testing.T) { secretInformer := kubeInformers.Core().V1().Secrets() withInformer := testutil.NewObservableWithInformerOption() + var log bytes.Buffer + logger := plog.TestLogger(t, &log) + New( cache, nil, pinnipedInformers.IDP().V1alpha1().OIDCIdentityProviders(), secretInformer, - plog.Logr(), //nolint:staticcheck // old test with no log assertions + logger, withInformer.WithInformer, ) @@ -174,10 +177,10 @@ func TestOIDCUpstreamWatcherControllerSync(t *testing.T) { inputSecrets: []runtime.Object{}, wantErr: controllerlib.ErrSyntheticRequeue.Error(), wantLogs: []string{ - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="secret \"test-client-secret\" not found" "reason"="SecretNotFound" "status"="False" "type"="ClientCredentialsSecretValid"`, - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="discovered issuer configuration" "reason"="Success" "status"="True" "type"="OIDCDiscoverySucceeded"`, - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="additionalAuthorizeParameters parameter names are allowed" "reason"="Success" "status"="True" "type"="AdditionalAuthorizeParametersValid"`, - `oidc-upstream-observer "msg"="found failing condition" "error"="OIDCIdentityProvider has a failing condition" "message"="secret \"test-client-secret\" not found" "name"="test-name" "namespace"="test-namespace" "reason"="SecretNotFound" "type"="ClientCredentialsSecretValid"`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"ClientCredentialsSecretValid","status":"False","reason":"SecretNotFound","message":"secret \"test-client-secret\" not found"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"OIDCDiscoverySucceeded","status":"True","reason":"Success","message":"discovered issuer configuration"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"AdditionalAuthorizeParametersValid","status":"True","reason":"Success","message":"additionalAuthorizeParameters parameter names are allowed"}`, + `{"level":"error","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"oidcupstreamwatcher/oidc_upstream_watcher.go:$oidcupstreamwatcher.(*oidcWatcherController).validateUpstream","message":"found failing condition","namespace":"test-namespace","name":"test-name","type":"ClientCredentialsSecretValid","reason":"SecretNotFound","message":"secret \"test-client-secret\" not found","error":"OIDCIdentityProvider has a failing condition"}`, }, wantResultingCache: []*oidctestutil.TestUpstreamOIDCIdentityProvider{}, wantResultingUpstreams: []idpv1alpha1.OIDCIdentityProvider{{ @@ -221,10 +224,10 @@ func TestOIDCUpstreamWatcherControllerSync(t *testing.T) { }}, wantErr: controllerlib.ErrSyntheticRequeue.Error(), wantLogs: []string{ - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="referenced Secret \"test-client-secret\" has wrong type \"some-other-type\" (should be \"secrets.pinniped.dev/oidc-client\")" "reason"="SecretWrongType" "status"="False" "type"="ClientCredentialsSecretValid"`, - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="discovered issuer configuration" "reason"="Success" "status"="True" "type"="OIDCDiscoverySucceeded"`, - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="additionalAuthorizeParameters parameter names are allowed" "reason"="Success" "status"="True" "type"="AdditionalAuthorizeParametersValid"`, - `oidc-upstream-observer "msg"="found failing condition" "error"="OIDCIdentityProvider has a failing condition" "message"="referenced Secret \"test-client-secret\" has wrong type \"some-other-type\" (should be \"secrets.pinniped.dev/oidc-client\")" "name"="test-name" "namespace"="test-namespace" "reason"="SecretWrongType" "type"="ClientCredentialsSecretValid"`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"ClientCredentialsSecretValid","status":"False","reason":"SecretWrongType","message":"referenced Secret \"test-client-secret\" has wrong type \"some-other-type\" (should be \"secrets.pinniped.dev/oidc-client\")"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"OIDCDiscoverySucceeded","status":"True","reason":"Success","message":"discovered issuer configuration"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"AdditionalAuthorizeParametersValid","status":"True","reason":"Success","message":"additionalAuthorizeParameters parameter names are allowed"}`, + `{"level":"error","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"oidcupstreamwatcher/oidc_upstream_watcher.go:$oidcupstreamwatcher.(*oidcWatcherController).validateUpstream","message":"found failing condition","namespace":"test-namespace","name":"test-name","type":"ClientCredentialsSecretValid","reason":"SecretWrongType","message":"referenced Secret \"test-client-secret\" has wrong type \"some-other-type\" (should be \"secrets.pinniped.dev/oidc-client\")","error":"OIDCIdentityProvider has a failing condition"}`, }, wantResultingCache: []*oidctestutil.TestUpstreamOIDCIdentityProvider{}, wantResultingUpstreams: []idpv1alpha1.OIDCIdentityProvider{{ @@ -267,10 +270,10 @@ func TestOIDCUpstreamWatcherControllerSync(t *testing.T) { }}, wantErr: controllerlib.ErrSyntheticRequeue.Error(), wantLogs: []string{ - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="referenced Secret \"test-client-secret\" is missing required keys [\"clientID\" \"clientSecret\"]" "reason"="SecretMissingKeys" "status"="False" "type"="ClientCredentialsSecretValid"`, - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="discovered issuer configuration" "reason"="Success" "status"="True" "type"="OIDCDiscoverySucceeded"`, - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="additionalAuthorizeParameters parameter names are allowed" "reason"="Success" "status"="True" "type"="AdditionalAuthorizeParametersValid"`, - `oidc-upstream-observer "msg"="found failing condition" "error"="OIDCIdentityProvider has a failing condition" "message"="referenced Secret \"test-client-secret\" is missing required keys [\"clientID\" \"clientSecret\"]" "name"="test-name" "namespace"="test-namespace" "reason"="SecretMissingKeys" "type"="ClientCredentialsSecretValid"`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"ClientCredentialsSecretValid","status":"False","reason":"SecretMissingKeys","message":"referenced Secret \"test-client-secret\" is missing required keys [\"clientID\" \"clientSecret\"]"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"OIDCDiscoverySucceeded","status":"True","reason":"Success","message":"discovered issuer configuration"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"AdditionalAuthorizeParametersValid","status":"True","reason":"Success","message":"additionalAuthorizeParameters parameter names are allowed"}`, + `{"level":"error","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"oidcupstreamwatcher/oidc_upstream_watcher.go:$oidcupstreamwatcher.(*oidcWatcherController).validateUpstream","message":"found failing condition","namespace":"test-namespace","name":"test-name","type":"ClientCredentialsSecretValid","reason":"SecretMissingKeys","message":"referenced Secret \"test-client-secret\" is missing required keys [\"clientID\" \"clientSecret\"]","error":"OIDCIdentityProvider has a failing condition"}`, }, wantResultingCache: []*oidctestutil.TestUpstreamOIDCIdentityProvider{}, wantResultingUpstreams: []idpv1alpha1.OIDCIdentityProvider{{ @@ -316,10 +319,10 @@ func TestOIDCUpstreamWatcherControllerSync(t *testing.T) { }}, wantErr: controllerlib.ErrSyntheticRequeue.Error(), wantLogs: []string{ - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="loaded client credentials" "reason"="Success" "status"="True" "type"="ClientCredentialsSecretValid"`, - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="spec.certificateAuthorityData is invalid: illegal base64 data at input byte 7" "reason"="InvalidTLSConfig" "status"="False" "type"="OIDCDiscoverySucceeded"`, - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="additionalAuthorizeParameters parameter names are allowed" "reason"="Success" "status"="True" "type"="AdditionalAuthorizeParametersValid"`, - `oidc-upstream-observer "msg"="found failing condition" "error"="OIDCIdentityProvider has a failing condition" "message"="spec.certificateAuthorityData is invalid: illegal base64 data at input byte 7" "name"="test-name" "namespace"="test-namespace" "reason"="InvalidTLSConfig" "type"="OIDCDiscoverySucceeded"`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"ClientCredentialsSecretValid","status":"True","reason":"Success","message":"loaded client credentials"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"OIDCDiscoverySucceeded","status":"False","reason":"InvalidTLSConfig","message":"spec.certificateAuthorityData is invalid: illegal base64 data at input byte 7"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"AdditionalAuthorizeParametersValid","status":"True","reason":"Success","message":"additionalAuthorizeParameters parameter names are allowed"}`, + `{"level":"error","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"oidcupstreamwatcher/oidc_upstream_watcher.go:$oidcupstreamwatcher.(*oidcWatcherController).validateUpstream","message":"found failing condition","namespace":"test-namespace","name":"test-name","type":"OIDCDiscoverySucceeded","reason":"InvalidTLSConfig","message":"spec.certificateAuthorityData is invalid: illegal base64 data at input byte 7","error":"OIDCIdentityProvider has a failing condition"}`, }, wantResultingCache: []*oidctestutil.TestUpstreamOIDCIdentityProvider{}, wantResultingUpstreams: []idpv1alpha1.OIDCIdentityProvider{{ @@ -365,10 +368,10 @@ func TestOIDCUpstreamWatcherControllerSync(t *testing.T) { }}, wantErr: controllerlib.ErrSyntheticRequeue.Error(), wantLogs: []string{ - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="loaded client credentials" "reason"="Success" "status"="True" "type"="ClientCredentialsSecretValid"`, - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="spec.certificateAuthorityData is invalid: no certificates found" "reason"="InvalidTLSConfig" "status"="False" "type"="OIDCDiscoverySucceeded"`, - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="additionalAuthorizeParameters parameter names are allowed" "reason"="Success" "status"="True" "type"="AdditionalAuthorizeParametersValid"`, - `oidc-upstream-observer "msg"="found failing condition" "error"="OIDCIdentityProvider has a failing condition" "message"="spec.certificateAuthorityData is invalid: no certificates found" "name"="test-name" "namespace"="test-namespace" "reason"="InvalidTLSConfig" "type"="OIDCDiscoverySucceeded"`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"ClientCredentialsSecretValid","status":"True","reason":"Success","message":"loaded client credentials"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"OIDCDiscoverySucceeded","status":"False","reason":"InvalidTLSConfig","message":"spec.certificateAuthorityData is invalid: no certificates found"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"AdditionalAuthorizeParametersValid","status":"True","reason":"Success","message":"additionalAuthorizeParameters parameter names are allowed"}`, + `{"level":"error","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"oidcupstreamwatcher/oidc_upstream_watcher.go:$oidcupstreamwatcher.(*oidcWatcherController).validateUpstream","message":"found failing condition","namespace":"test-namespace","name":"test-name","type":"OIDCDiscoverySucceeded","reason":"InvalidTLSConfig","message":"spec.certificateAuthorityData is invalid: no certificates found","error":"OIDCIdentityProvider has a failing condition"}`, }, wantResultingCache: []*oidctestutil.TestUpstreamOIDCIdentityProvider{}, wantResultingUpstreams: []idpv1alpha1.OIDCIdentityProvider{{ @@ -411,10 +414,10 @@ func TestOIDCUpstreamWatcherControllerSync(t *testing.T) { }}, wantErr: controllerlib.ErrSyntheticRequeue.Error(), wantLogs: []string{ - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="loaded client credentials" "reason"="Success" "status"="True" "type"="ClientCredentialsSecretValid"`, - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="failed to parse issuer URL: parse \"%invalid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee\": invalid URL escape \"%in\"" "reason"="Unreachable" "status"="False" "type"="OIDCDiscoverySucceeded"`, - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="additionalAuthorizeParameters parameter names are allowed" "reason"="Success" "status"="True" "type"="AdditionalAuthorizeParametersValid"`, - `oidc-upstream-observer "msg"="found failing condition" "error"="OIDCIdentityProvider has a failing condition" "message"="failed to parse issuer URL: parse \"%invalid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee\": invalid URL escape \"%in\"" "name"="test-name" "namespace"="test-namespace" "reason"="Unreachable" "type"="OIDCDiscoverySucceeded"`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"ClientCredentialsSecretValid","status":"True","reason":"Success","message":"loaded client credentials"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"OIDCDiscoverySucceeded","status":"False","reason":"Unreachable","message":"failed to parse issuer URL: parse \"%invalid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee\": invalid URL escape \"%in\""}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"AdditionalAuthorizeParametersValid","status":"True","reason":"Success","message":"additionalAuthorizeParameters parameter names are allowed"}`, + `{"level":"error","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"oidcupstreamwatcher/oidc_upstream_watcher.go:$oidcupstreamwatcher.(*oidcWatcherController).validateUpstream","message":"found failing condition","namespace":"test-namespace","name":"test-name","type":"OIDCDiscoverySucceeded","reason":"Unreachable","message":"failed to parse issuer URL: parse \"%invalid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee\": invalid URL escape \"%in\"","error":"OIDCIdentityProvider has a failing condition"}`, }, wantResultingCache: []*oidctestutil.TestUpstreamOIDCIdentityProvider{}, wantResultingUpstreams: []idpv1alpha1.OIDCIdentityProvider{{ @@ -457,10 +460,10 @@ func TestOIDCUpstreamWatcherControllerSync(t *testing.T) { }}, wantErr: controllerlib.ErrSyntheticRequeue.Error(), wantLogs: []string{ - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="loaded client credentials" "reason"="Success" "status"="True" "type"="ClientCredentialsSecretValid"`, - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="issuer URL '` + strings.Replace(testIssuerURL, "https", "http", 1) + `' must have \"https\" scheme, not \"http\"" "reason"="Unreachable" "status"="False" "type"="OIDCDiscoverySucceeded"`, - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="additionalAuthorizeParameters parameter names are allowed" "reason"="Success" "status"="True" "type"="AdditionalAuthorizeParametersValid"`, - `oidc-upstream-observer "msg"="found failing condition" "error"="OIDCIdentityProvider has a failing condition" "message"="issuer URL '` + strings.Replace(testIssuerURL, "https", "http", 1) + `' must have \"https\" scheme, not \"http\"" "name"="test-name" "namespace"="test-namespace" "reason"="Unreachable" "type"="OIDCDiscoverySucceeded"`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"ClientCredentialsSecretValid","status":"True","reason":"Success","message":"loaded client credentials"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"OIDCDiscoverySucceeded","status":"False","reason":"Unreachable","message":"issuer URL '` + strings.Replace(testIssuerURL, "https", "http", 1) + `' must have \"https\" scheme, not \"http\""}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"AdditionalAuthorizeParametersValid","status":"True","reason":"Success","message":"additionalAuthorizeParameters parameter names are allowed"}`, + `{"level":"error","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"oidcupstreamwatcher/oidc_upstream_watcher.go:$oidcupstreamwatcher.(*oidcWatcherController).validateUpstream","message":"found failing condition","namespace":"test-namespace","name":"test-name","type":"OIDCDiscoverySucceeded","reason":"Unreachable","message":"issuer URL '` + strings.Replace(testIssuerURL, "https", "http", 1) + `' must have \"https\" scheme, not \"http\"","error":"OIDCIdentityProvider has a failing condition"}`, }, wantResultingCache: []*oidctestutil.TestUpstreamOIDCIdentityProvider{}, wantResultingUpstreams: []idpv1alpha1.OIDCIdentityProvider{{ @@ -503,10 +506,10 @@ func TestOIDCUpstreamWatcherControllerSync(t *testing.T) { }}, wantErr: controllerlib.ErrSyntheticRequeue.Error(), wantLogs: []string{ - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="loaded client credentials" "reason"="Success" "status"="True" "type"="ClientCredentialsSecretValid"`, - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="issuer URL '` + testIssuerURL + "?sub=foo" + `' cannot contain query or fragment component" "reason"="Unreachable" "status"="False" "type"="OIDCDiscoverySucceeded"`, - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="additionalAuthorizeParameters parameter names are allowed" "reason"="Success" "status"="True" "type"="AdditionalAuthorizeParametersValid"`, - `oidc-upstream-observer "msg"="found failing condition" "error"="OIDCIdentityProvider has a failing condition" "message"="issuer URL '` + testIssuerURL + "?sub=foo" + `' cannot contain query or fragment component" "name"="test-name" "namespace"="test-namespace" "reason"="Unreachable" "type"="OIDCDiscoverySucceeded"`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"ClientCredentialsSecretValid","status":"True","reason":"Success","message":"loaded client credentials"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"OIDCDiscoverySucceeded","status":"False","reason":"Unreachable","message":"issuer URL '` + testIssuerURL + `?sub=foo' cannot contain query or fragment component"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"AdditionalAuthorizeParametersValid","status":"True","reason":"Success","message":"additionalAuthorizeParameters parameter names are allowed"}`, + `{"level":"error","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"oidcupstreamwatcher/oidc_upstream_watcher.go:$oidcupstreamwatcher.(*oidcWatcherController).validateUpstream","message":"found failing condition","namespace":"test-namespace","name":"test-name","type":"OIDCDiscoverySucceeded","reason":"Unreachable","message":"issuer URL '` + testIssuerURL + `?sub=foo' cannot contain query or fragment component","error":"OIDCIdentityProvider has a failing condition"}`, }, wantResultingCache: []*oidctestutil.TestUpstreamOIDCIdentityProvider{}, wantResultingUpstreams: []idpv1alpha1.OIDCIdentityProvider{{ @@ -549,10 +552,10 @@ func TestOIDCUpstreamWatcherControllerSync(t *testing.T) { }}, wantErr: controllerlib.ErrSyntheticRequeue.Error(), wantLogs: []string{ - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="loaded client credentials" "reason"="Success" "status"="True" "type"="ClientCredentialsSecretValid"`, - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="issuer URL '` + testIssuerURL + "#fragment" + `' cannot contain query or fragment component" "reason"="Unreachable" "status"="False" "type"="OIDCDiscoverySucceeded"`, - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="additionalAuthorizeParameters parameter names are allowed" "reason"="Success" "status"="True" "type"="AdditionalAuthorizeParametersValid"`, - `oidc-upstream-observer "msg"="found failing condition" "error"="OIDCIdentityProvider has a failing condition" "message"="issuer URL '` + testIssuerURL + "#fragment" + `' cannot contain query or fragment component" "name"="test-name" "namespace"="test-namespace" "reason"="Unreachable" "type"="OIDCDiscoverySucceeded"`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"ClientCredentialsSecretValid","status":"True","reason":"Success","message":"loaded client credentials"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"OIDCDiscoverySucceeded","status":"False","reason":"Unreachable","message":"issuer URL '` + testIssuerURL + `#fragment' cannot contain query or fragment component"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"AdditionalAuthorizeParametersValid","status":"True","reason":"Success","message":"additionalAuthorizeParameters parameter names are allowed"}`, + `{"level":"error","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"oidcupstreamwatcher/oidc_upstream_watcher.go:$oidcupstreamwatcher.(*oidcWatcherController).validateUpstream","message":"found failing condition","namespace":"test-namespace","name":"test-name","type":"OIDCDiscoverySucceeded","reason":"Unreachable","message":"issuer URL '` + testIssuerURL + `#fragment' cannot contain query or fragment component","error":"OIDCIdentityProvider has a failing condition"}`, }, wantResultingCache: []*oidctestutil.TestUpstreamOIDCIdentityProvider{}, wantResultingUpstreams: []idpv1alpha1.OIDCIdentityProvider{{ @@ -596,11 +599,11 @@ func TestOIDCUpstreamWatcherControllerSync(t *testing.T) { }}, wantErr: controllerlib.ErrSyntheticRequeue.Error(), wantLogs: []string{ - `oidc-upstream-observer "msg"="failed to perform OIDC discovery" "error"="Get \"` + testIssuerURL + `/valid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee/.well-known/openid-configuration\": tls: failed to verify certificate: x509: certificate signed by unknown authority" "issuer"="` + testIssuerURL + `/valid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee" "name"="test-name" "namespace"="test-namespace"`, - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="loaded client credentials" "reason"="Success" "status"="True" "type"="ClientCredentialsSecretValid"`, - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="failed to perform OIDC discovery against \"` + testIssuerURL + `/valid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee\":\nGet \"` + testIssuerURL + `/valid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee/.well-known/openid-configuration\": tls: failed to verify certificate: x509: certificate signed by unknown authority" "reason"="Unreachable" "status"="False" "type"="OIDCDiscoverySucceeded"`, - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="additionalAuthorizeParameters parameter names are allowed" "reason"="Success" "status"="True" "type"="AdditionalAuthorizeParametersValid"`, - `oidc-upstream-observer "msg"="found failing condition" "error"="OIDCIdentityProvider has a failing condition" "message"="failed to perform OIDC discovery against \"` + testIssuerURL + `/valid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee\":\nGet \"` + testIssuerURL + `/valid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee/.well-known/openid-configuration\": tls: failed to verify certificate: x509: certificate signed by unknown authority" "name"="test-name" "namespace"="test-namespace" "reason"="Unreachable" "type"="OIDCDiscoverySucceeded"`, + `{"level":"error","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"oidcupstreamwatcher/oidc_upstream_watcher.go:$oidcupstreamwatcher.(*oidcWatcherController).validateIssuer","message":"failed to perform OIDC discovery","namespace":"test-namespace","name":"test-name","issuer":"` + testIssuerURL + `/valid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee","error":"Get \"` + testIssuerURL + `/valid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee/.well-known/openid-configuration\": tls: failed to verify certificate: x509: certificate signed by unknown authority"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"ClientCredentialsSecretValid","status":"True","reason":"Success","message":"loaded client credentials"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"OIDCDiscoverySucceeded","status":"False","reason":"Unreachable","message":"failed to perform OIDC discovery against \"` + testIssuerURL + `/valid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee\":\nGet \"` + testIssuerURL + `/valid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee/.well-known/openid-configuration\": tls: failed to verify certificate: x509: certificate signed by unknown authority"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"AdditionalAuthorizeParametersValid","status":"True","reason":"Success","message":"additionalAuthorizeParameters parameter names are allowed"}`, + `{"level":"error","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"oidcupstreamwatcher/oidc_upstream_watcher.go:$oidcupstreamwatcher.(*oidcWatcherController).validateUpstream","message":"found failing condition","namespace":"test-namespace","name":"test-name","type":"OIDCDiscoverySucceeded","reason":"Unreachable","message":"failed to perform OIDC discovery against \"` + testIssuerURL + `/valid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee\":\nGet \"` + testIssuerURL + `/valid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee/.well-known/openid-configuration\": tls: failed to verify certificate: x509: certificate signed by unknown authority","error":"OIDCIdentityProvider has a failing condition"}`, }, wantResultingCache: []*oidctestutil.TestUpstreamOIDCIdentityProvider{}, wantResultingUpstreams: []idpv1alpha1.OIDCIdentityProvider{{ @@ -645,10 +648,10 @@ Get "` + testIssuerURL + `/valid-url-that-is-really-really-long-nananananananana }}, wantErr: controllerlib.ErrSyntheticRequeue.Error(), wantLogs: []string{ - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="loaded client credentials" "reason"="Success" "status"="True" "type"="ClientCredentialsSecretValid"`, - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="failed to parse authorization endpoint URL: parse \"%\": invalid URL escape \"%\"" "reason"="InvalidResponse" "status"="False" "type"="OIDCDiscoverySucceeded"`, - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="additionalAuthorizeParameters parameter names are allowed" "reason"="Success" "status"="True" "type"="AdditionalAuthorizeParametersValid"`, - `oidc-upstream-observer "msg"="found failing condition" "error"="OIDCIdentityProvider has a failing condition" "message"="failed to parse authorization endpoint URL: parse \"%\": invalid URL escape \"%\"" "name"="test-name" "namespace"="test-namespace" "reason"="InvalidResponse" "type"="OIDCDiscoverySucceeded"`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"ClientCredentialsSecretValid","status":"True","reason":"Success","message":"loaded client credentials"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"OIDCDiscoverySucceeded","status":"False","reason":"InvalidResponse","message":"failed to parse authorization endpoint URL: parse \"%\": invalid URL escape \"%\""}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"AdditionalAuthorizeParametersValid","status":"True","reason":"Success","message":"additionalAuthorizeParameters parameter names are allowed"}`, + `{"level":"error","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"oidcupstreamwatcher/oidc_upstream_watcher.go:$oidcupstreamwatcher.(*oidcWatcherController).validateUpstream","message":"found failing condition","namespace":"test-namespace","name":"test-name","type":"OIDCDiscoverySucceeded","reason":"InvalidResponse","message":"failed to parse authorization endpoint URL: parse \"%\": invalid URL escape \"%\"","error":"OIDCIdentityProvider has a failing condition"}`, }, wantResultingCache: []*oidctestutil.TestUpstreamOIDCIdentityProvider{}, wantResultingUpstreams: []idpv1alpha1.OIDCIdentityProvider{{ @@ -692,10 +695,10 @@ Get "` + testIssuerURL + `/valid-url-that-is-really-really-long-nananananananana }}, wantErr: controllerlib.ErrSyntheticRequeue.Error(), wantLogs: []string{ - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="loaded client credentials" "reason"="Success" "status"="True" "type"="ClientCredentialsSecretValid"`, - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="failed to parse revocation endpoint URL: parse \"%\": invalid URL escape \"%\"" "reason"="InvalidResponse" "status"="False" "type"="OIDCDiscoverySucceeded"`, - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="additionalAuthorizeParameters parameter names are allowed" "reason"="Success" "status"="True" "type"="AdditionalAuthorizeParametersValid"`, - `oidc-upstream-observer "msg"="found failing condition" "error"="OIDCIdentityProvider has a failing condition" "message"="failed to parse revocation endpoint URL: parse \"%\": invalid URL escape \"%\"" "name"="test-name" "namespace"="test-namespace" "reason"="InvalidResponse" "type"="OIDCDiscoverySucceeded"`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"ClientCredentialsSecretValid","status":"True","reason":"Success","message":"loaded client credentials"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"OIDCDiscoverySucceeded","status":"False","reason":"InvalidResponse","message":"failed to parse revocation endpoint URL: parse \"%\": invalid URL escape \"%\""}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"AdditionalAuthorizeParametersValid","status":"True","reason":"Success","message":"additionalAuthorizeParameters parameter names are allowed"}`, + `{"level":"error","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"oidcupstreamwatcher/oidc_upstream_watcher.go:$oidcupstreamwatcher.(*oidcWatcherController).validateUpstream","message":"found failing condition","namespace":"test-namespace","name":"test-name","type":"OIDCDiscoverySucceeded","reason":"InvalidResponse","message":"failed to parse revocation endpoint URL: parse \"%\": invalid URL escape \"%\"","error":"OIDCIdentityProvider has a failing condition"}`, }, wantResultingCache: []*oidctestutil.TestUpstreamOIDCIdentityProvider{}, wantResultingUpstreams: []idpv1alpha1.OIDCIdentityProvider{{ @@ -739,10 +742,10 @@ Get "` + testIssuerURL + `/valid-url-that-is-really-really-long-nananananananana }}, wantErr: controllerlib.ErrSyntheticRequeue.Error(), wantLogs: []string{ - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="loaded client credentials" "reason"="Success" "status"="True" "type"="ClientCredentialsSecretValid"`, - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="authorization endpoint URL 'http://example.com/authorize' must have \"https\" scheme, not \"http\"" "reason"="InvalidResponse" "status"="False" "type"="OIDCDiscoverySucceeded"`, - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="additionalAuthorizeParameters parameter names are allowed" "reason"="Success" "status"="True" "type"="AdditionalAuthorizeParametersValid"`, - `oidc-upstream-observer "msg"="found failing condition" "error"="OIDCIdentityProvider has a failing condition" "message"="authorization endpoint URL 'http://example.com/authorize' must have \"https\" scheme, not \"http\"" "name"="test-name" "namespace"="test-namespace" "reason"="InvalidResponse" "type"="OIDCDiscoverySucceeded"`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"ClientCredentialsSecretValid","status":"True","reason":"Success","message":"loaded client credentials"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"OIDCDiscoverySucceeded","status":"False","reason":"InvalidResponse","message":"authorization endpoint URL 'http://example.com/authorize' must have \"https\" scheme, not \"http\""}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"AdditionalAuthorizeParametersValid","status":"True","reason":"Success","message":"additionalAuthorizeParameters parameter names are allowed"}`, + `{"level":"error","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"oidcupstreamwatcher/oidc_upstream_watcher.go:$oidcupstreamwatcher.(*oidcWatcherController).validateUpstream","message":"found failing condition","namespace":"test-namespace","name":"test-name","type":"OIDCDiscoverySucceeded","reason":"InvalidResponse","message":"authorization endpoint URL 'http://example.com/authorize' must have \"https\" scheme, not \"http\"","error":"OIDCIdentityProvider has a failing condition"}`, }, wantResultingCache: []*oidctestutil.TestUpstreamOIDCIdentityProvider{}, wantResultingUpstreams: []idpv1alpha1.OIDCIdentityProvider{{ @@ -786,10 +789,10 @@ Get "` + testIssuerURL + `/valid-url-that-is-really-really-long-nananananananana }}, wantErr: controllerlib.ErrSyntheticRequeue.Error(), wantLogs: []string{ - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="loaded client credentials" "reason"="Success" "status"="True" "type"="ClientCredentialsSecretValid"`, - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="revocation endpoint URL 'http://example.com/revoke' must have \"https\" scheme, not \"http\"" "reason"="InvalidResponse" "status"="False" "type"="OIDCDiscoverySucceeded"`, - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="additionalAuthorizeParameters parameter names are allowed" "reason"="Success" "status"="True" "type"="AdditionalAuthorizeParametersValid"`, - `oidc-upstream-observer "msg"="found failing condition" "error"="OIDCIdentityProvider has a failing condition" "message"="revocation endpoint URL 'http://example.com/revoke' must have \"https\" scheme, not \"http\"" "name"="test-name" "namespace"="test-namespace" "reason"="InvalidResponse" "type"="OIDCDiscoverySucceeded"`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"ClientCredentialsSecretValid","status":"True","reason":"Success","message":"loaded client credentials"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"OIDCDiscoverySucceeded","status":"False","reason":"InvalidResponse","message":"revocation endpoint URL 'http://example.com/revoke' must have \"https\" scheme, not \"http\""}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"AdditionalAuthorizeParametersValid","status":"True","reason":"Success","message":"additionalAuthorizeParameters parameter names are allowed"}`, + `{"level":"error","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"oidcupstreamwatcher/oidc_upstream_watcher.go:$oidcupstreamwatcher.(*oidcWatcherController).validateUpstream","message":"found failing condition","namespace":"test-namespace","name":"test-name","type":"OIDCDiscoverySucceeded","reason":"InvalidResponse","message":"revocation endpoint URL 'http://example.com/revoke' must have \"https\" scheme, not \"http\"","error":"OIDCIdentityProvider has a failing condition"}`, }, wantResultingCache: []*oidctestutil.TestUpstreamOIDCIdentityProvider{}, wantResultingUpstreams: []idpv1alpha1.OIDCIdentityProvider{{ @@ -833,10 +836,10 @@ Get "` + testIssuerURL + `/valid-url-that-is-really-really-long-nananananananana }}, wantErr: controllerlib.ErrSyntheticRequeue.Error(), wantLogs: []string{ - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="loaded client credentials" "reason"="Success" "status"="True" "type"="ClientCredentialsSecretValid"`, - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="token endpoint URL 'http://example.com/token' must have \"https\" scheme, not \"http\"" "reason"="InvalidResponse" "status"="False" "type"="OIDCDiscoverySucceeded"`, - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="additionalAuthorizeParameters parameter names are allowed" "reason"="Success" "status"="True" "type"="AdditionalAuthorizeParametersValid"`, - `oidc-upstream-observer "msg"="found failing condition" "error"="OIDCIdentityProvider has a failing condition" "message"="token endpoint URL 'http://example.com/token' must have \"https\" scheme, not \"http\"" "name"="test-name" "namespace"="test-namespace" "reason"="InvalidResponse" "type"="OIDCDiscoverySucceeded"`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"ClientCredentialsSecretValid","status":"True","reason":"Success","message":"loaded client credentials"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"OIDCDiscoverySucceeded","status":"False","reason":"InvalidResponse","message":"token endpoint URL 'http://example.com/token' must have \"https\" scheme, not \"http\""}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"AdditionalAuthorizeParametersValid","status":"True","reason":"Success","message":"additionalAuthorizeParameters parameter names are allowed"}`, + `{"level":"error","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"oidcupstreamwatcher/oidc_upstream_watcher.go:$oidcupstreamwatcher.(*oidcWatcherController).validateUpstream","message":"found failing condition","namespace":"test-namespace","name":"test-name","type":"OIDCDiscoverySucceeded","reason":"InvalidResponse","message":"token endpoint URL 'http://example.com/token' must have \"https\" scheme, not \"http\"","error":"OIDCIdentityProvider has a failing condition"}`, }, wantResultingCache: []*oidctestutil.TestUpstreamOIDCIdentityProvider{}, wantResultingUpstreams: []idpv1alpha1.OIDCIdentityProvider{{ @@ -880,10 +883,10 @@ Get "` + testIssuerURL + `/valid-url-that-is-really-really-long-nananananananana }}, wantErr: controllerlib.ErrSyntheticRequeue.Error(), wantLogs: []string{ - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="loaded client credentials" "reason"="Success" "status"="True" "type"="ClientCredentialsSecretValid"`, - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="token endpoint URL '' must have \"https\" scheme, not \"\"" "reason"="InvalidResponse" "status"="False" "type"="OIDCDiscoverySucceeded"`, - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="additionalAuthorizeParameters parameter names are allowed" "reason"="Success" "status"="True" "type"="AdditionalAuthorizeParametersValid"`, - `oidc-upstream-observer "msg"="found failing condition" "error"="OIDCIdentityProvider has a failing condition" "message"="token endpoint URL '' must have \"https\" scheme, not \"\"" "name"="test-name" "namespace"="test-namespace" "reason"="InvalidResponse" "type"="OIDCDiscoverySucceeded"`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"ClientCredentialsSecretValid","status":"True","reason":"Success","message":"loaded client credentials"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"OIDCDiscoverySucceeded","status":"False","reason":"InvalidResponse","message":"token endpoint URL '' must have \"https\" scheme, not \"\""}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"AdditionalAuthorizeParametersValid","status":"True","reason":"Success","message":"additionalAuthorizeParameters parameter names are allowed"}`, + `{"level":"error","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"oidcupstreamwatcher/oidc_upstream_watcher.go:$oidcupstreamwatcher.(*oidcWatcherController).validateUpstream","message":"found failing condition","namespace":"test-namespace","name":"test-name","type":"OIDCDiscoverySucceeded","reason":"InvalidResponse","message":"token endpoint URL '' must have \"https\" scheme, not \"\"","error":"OIDCIdentityProvider has a failing condition"}`, }, wantResultingCache: []*oidctestutil.TestUpstreamOIDCIdentityProvider{}, wantResultingUpstreams: []idpv1alpha1.OIDCIdentityProvider{{ @@ -927,10 +930,10 @@ Get "` + testIssuerURL + `/valid-url-that-is-really-really-long-nananananananana }}, wantErr: controllerlib.ErrSyntheticRequeue.Error(), wantLogs: []string{ - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="loaded client credentials" "reason"="Success" "status"="True" "type"="ClientCredentialsSecretValid"`, - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="authorization endpoint URL '' must have \"https\" scheme, not \"\"" "reason"="InvalidResponse" "status"="False" "type"="OIDCDiscoverySucceeded"`, - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="additionalAuthorizeParameters parameter names are allowed" "reason"="Success" "status"="True" "type"="AdditionalAuthorizeParametersValid"`, - `oidc-upstream-observer "msg"="found failing condition" "error"="OIDCIdentityProvider has a failing condition" "message"="authorization endpoint URL '' must have \"https\" scheme, not \"\"" "name"="test-name" "namespace"="test-namespace" "reason"="InvalidResponse" "type"="OIDCDiscoverySucceeded"`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"ClientCredentialsSecretValid","status":"True","reason":"Success","message":"loaded client credentials"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"OIDCDiscoverySucceeded","status":"False","reason":"InvalidResponse","message":"authorization endpoint URL '' must have \"https\" scheme, not \"\""}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"AdditionalAuthorizeParametersValid","status":"True","reason":"Success","message":"additionalAuthorizeParameters parameter names are allowed"}`, + `{"level":"error","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"oidcupstreamwatcher/oidc_upstream_watcher.go:$oidcupstreamwatcher.(*oidcWatcherController).validateUpstream","message":"found failing condition","namespace":"test-namespace","name":"test-name","type":"OIDCDiscoverySucceeded","reason":"InvalidResponse","message":"authorization endpoint URL '' must have \"https\" scheme, not \"\"","error":"OIDCIdentityProvider has a failing condition"}`, }, wantResultingCache: []*oidctestutil.TestUpstreamOIDCIdentityProvider{}, wantResultingUpstreams: []idpv1alpha1.OIDCIdentityProvider{{ @@ -985,9 +988,9 @@ Get "` + testIssuerURL + `/valid-url-that-is-really-really-long-nananananananana Data: testValidSecretData, }}, wantLogs: []string{ - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="loaded client credentials" "reason"="Success" "status"="True" "type"="ClientCredentialsSecretValid"`, - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="discovered issuer configuration" "reason"="Success" "status"="True" "type"="OIDCDiscoverySucceeded"`, - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="additionalAuthorizeParameters parameter names are allowed" "reason"="Success" "status"="True" "type"="AdditionalAuthorizeParametersValid"`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"ClientCredentialsSecretValid","status":"True","reason":"Success","message":"loaded client credentials"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"OIDCDiscoverySucceeded","status":"True","reason":"Success","message":"discovered issuer configuration"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"AdditionalAuthorizeParametersValid","status":"True","reason":"Success","message":"additionalAuthorizeParameters parameter names are allowed"}`, }, wantResultingCache: []*oidctestutil.TestUpstreamOIDCIdentityProvider{ { @@ -1041,9 +1044,9 @@ Get "` + testIssuerURL + `/valid-url-that-is-really-really-long-nananananananana Data: testValidSecretData, }}, wantLogs: []string{ - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="loaded client credentials" "reason"="Success" "status"="True" "type"="ClientCredentialsSecretValid"`, - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="discovered issuer configuration" "reason"="Success" "status"="True" "type"="OIDCDiscoverySucceeded"`, - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="additionalAuthorizeParameters parameter names are allowed" "reason"="Success" "status"="True" "type"="AdditionalAuthorizeParametersValid"`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"ClientCredentialsSecretValid","status":"True","reason":"Success","message":"loaded client credentials"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"OIDCDiscoverySucceeded","status":"True","reason":"Success","message":"discovered issuer configuration"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"AdditionalAuthorizeParametersValid","status":"True","reason":"Success","message":"additionalAuthorizeParameters parameter names are allowed"}`, }, wantResultingCache: []*oidctestutil.TestUpstreamOIDCIdentityProvider{ { @@ -1097,9 +1100,9 @@ Get "` + testIssuerURL + `/valid-url-that-is-really-really-long-nananananananana Data: testValidSecretData, }}, wantLogs: []string{ - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="loaded client credentials" "reason"="Success" "status"="True" "type"="ClientCredentialsSecretValid"`, - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="discovered issuer configuration" "reason"="Success" "status"="True" "type"="OIDCDiscoverySucceeded"`, - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="additionalAuthorizeParameters parameter names are allowed" "reason"="Success" "status"="True" "type"="AdditionalAuthorizeParametersValid"`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"ClientCredentialsSecretValid","status":"True","reason":"Success","message":"loaded client credentials"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"OIDCDiscoverySucceeded","status":"True","reason":"Success","message":"discovered issuer configuration"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"AdditionalAuthorizeParametersValid","status":"True","reason":"Success","message":"additionalAuthorizeParameters parameter names are allowed"}`, }, wantResultingCache: []*oidctestutil.TestUpstreamOIDCIdentityProvider{ { @@ -1156,9 +1159,9 @@ Get "` + testIssuerURL + `/valid-url-that-is-really-really-long-nananananananana Data: testValidSecretData, }}, wantLogs: []string{ - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="loaded client credentials" "reason"="Success" "status"="True" "type"="ClientCredentialsSecretValid"`, - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="discovered issuer configuration" "reason"="Success" "status"="True" "type"="OIDCDiscoverySucceeded"`, - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="additionalAuthorizeParameters parameter names are allowed" "reason"="Success" "status"="True" "type"="AdditionalAuthorizeParametersValid"`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"ClientCredentialsSecretValid","status":"True","reason":"Success","message":"loaded client credentials"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"OIDCDiscoverySucceeded","status":"True","reason":"Success","message":"discovered issuer configuration"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"AdditionalAuthorizeParametersValid","status":"True","reason":"Success","message":"additionalAuthorizeParameters parameter names are allowed"}`, }, wantResultingCache: []*oidctestutil.TestUpstreamOIDCIdentityProvider{ { @@ -1223,9 +1226,9 @@ Get "` + testIssuerURL + `/valid-url-that-is-really-really-long-nananananananana Data: testValidSecretData, }}, wantLogs: []string{ - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="loaded client credentials" "reason"="Success" "status"="True" "type"="ClientCredentialsSecretValid"`, - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="discovered issuer configuration" "reason"="Success" "status"="True" "type"="OIDCDiscoverySucceeded"`, - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="additionalAuthorizeParameters parameter names are allowed" "reason"="Success" "status"="True" "type"="AdditionalAuthorizeParametersValid"`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"ClientCredentialsSecretValid","status":"True","reason":"Success","message":"loaded client credentials"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"OIDCDiscoverySucceeded","status":"True","reason":"Success","message":"discovered issuer configuration"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"AdditionalAuthorizeParametersValid","status":"True","reason":"Success","message":"additionalAuthorizeParameters parameter names are allowed"}`, }, wantResultingCache: []*oidctestutil.TestUpstreamOIDCIdentityProvider{ { @@ -1287,10 +1290,10 @@ Get "` + testIssuerURL + `/valid-url-that-is-really-really-long-nananananananana }}, wantErr: controllerlib.ErrSyntheticRequeue.Error(), wantLogs: []string{ - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="loaded client credentials" "reason"="Success" "status"="True" "type"="ClientCredentialsSecretValid"`, - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="discovered issuer configuration" "reason"="Success" "status"="True" "type"="OIDCDiscoverySucceeded"`, - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="the following additionalAuthorizeParameters are not allowed: response_type,scope,client_id,state,nonce,code_challenge,code_challenge_method,redirect_uri,hd" "reason"="DisallowedParameterName" "status"="False" "type"="AdditionalAuthorizeParametersValid"`, - `oidc-upstream-observer "msg"="found failing condition" "error"="OIDCIdentityProvider has a failing condition" "message"="the following additionalAuthorizeParameters are not allowed: response_type,scope,client_id,state,nonce,code_challenge,code_challenge_method,redirect_uri,hd" "name"="test-name" "namespace"="test-namespace" "reason"="DisallowedParameterName" "type"="AdditionalAuthorizeParametersValid"`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"ClientCredentialsSecretValid","status":"True","reason":"Success","message":"loaded client credentials"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"OIDCDiscoverySucceeded","status":"True","reason":"Success","message":"discovered issuer configuration"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"AdditionalAuthorizeParametersValid","status":"False","reason":"DisallowedParameterName","message":"the following additionalAuthorizeParameters are not allowed: response_type,scope,client_id,state,nonce,code_challenge,code_challenge_method,redirect_uri,hd"}`, + `{"level":"error","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"oidcupstreamwatcher/oidc_upstream_watcher.go:$oidcupstreamwatcher.(*oidcWatcherController).validateUpstream","message":"found failing condition","namespace":"test-namespace","name":"test-name","type":"AdditionalAuthorizeParametersValid","reason":"DisallowedParameterName","message":"the following additionalAuthorizeParameters are not allowed: response_type,scope,client_id,state,nonce,code_challenge,code_challenge_method,redirect_uri,hd","error":"OIDCIdentityProvider has a failing condition"}`, }, wantResultingCache: []*oidctestutil.TestUpstreamOIDCIdentityProvider{}, wantResultingUpstreams: []idpv1alpha1.OIDCIdentityProvider{{ @@ -1324,11 +1327,11 @@ Get "` + testIssuerURL + `/valid-url-that-is-really-really-long-nananananananana }}, wantErr: controllerlib.ErrSyntheticRequeue.Error(), wantLogs: []string{ - `oidc-upstream-observer "msg"="failed to perform OIDC discovery" "error"="oidc: issuer did not match the issuer returned by provider, expected \"` + testIssuerURL + `/ends-with-slash\" got \"` + testIssuerURL + `/ends-with-slash/\"" "issuer"="` + testIssuerURL + `/ends-with-slash" "name"="test-name" "namespace"="test-namespace"`, - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="loaded client credentials" "reason"="Success" "status"="True" "type"="ClientCredentialsSecretValid"`, - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="failed to perform OIDC discovery against \"` + testIssuerURL + `/ends-with-slash\":\noidc: issuer did not match the issuer returned by provider, expected \"` + testIssuerURL + `/ends-with-slash\" got \"` + testIssuerURL + `/ends-with-slash/\"" "reason"="Unreachable" "status"="False" "type"="OIDCDiscoverySucceeded"`, - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="additionalAuthorizeParameters parameter names are allowed" "reason"="Success" "status"="True" "type"="AdditionalAuthorizeParametersValid"`, - `oidc-upstream-observer "msg"="found failing condition" "error"="OIDCIdentityProvider has a failing condition" "message"="failed to perform OIDC discovery against \"` + testIssuerURL + `/ends-with-slash\":\noidc: issuer did not match the issuer returned by provider, expected \"` + testIssuerURL + `/ends-with-slash\" got \"` + testIssuerURL + `/ends-with-slash/\"" "name"="test-name" "namespace"="test-namespace" "reason"="Unreachable" "type"="OIDCDiscoverySucceeded"`, + `{"level":"error","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"oidcupstreamwatcher/oidc_upstream_watcher.go:$oidcupstreamwatcher.(*oidcWatcherController).validateIssuer","message":"failed to perform OIDC discovery","namespace":"test-namespace","name":"test-name","issuer":"` + testIssuerURL + `/ends-with-slash","error":"oidc: issuer did not match the issuer returned by provider, expected \"` + testIssuerURL + `/ends-with-slash\" got \"` + testIssuerURL + `/ends-with-slash/\""}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"ClientCredentialsSecretValid","status":"True","reason":"Success","message":"loaded client credentials"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"OIDCDiscoverySucceeded","status":"False","reason":"Unreachable","message":"failed to perform OIDC discovery against \"` + testIssuerURL + `/ends-with-slash\":\noidc: issuer did not match the issuer returned by provider, expected \"` + testIssuerURL + `/ends-with-slash\" got \"` + testIssuerURL + `/ends-with-slash/\""}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"AdditionalAuthorizeParametersValid","status":"True","reason":"Success","message":"additionalAuthorizeParameters parameter names are allowed"}`, + `{"level":"error","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"oidcupstreamwatcher/oidc_upstream_watcher.go:$oidcupstreamwatcher.(*oidcWatcherController).validateUpstream","message":"found failing condition","namespace":"test-namespace","name":"test-name","type":"OIDCDiscoverySucceeded","reason":"Unreachable","message":"failed to perform OIDC discovery against \"` + testIssuerURL + `/ends-with-slash\":\noidc: issuer did not match the issuer returned by provider, expected \"` + testIssuerURL + `/ends-with-slash\" got \"` + testIssuerURL + `/ends-with-slash/\"","error":"OIDCIdentityProvider has a failing condition"}`, }, wantResultingCache: []*oidctestutil.TestUpstreamOIDCIdentityProvider{}, wantResultingUpstreams: []idpv1alpha1.OIDCIdentityProvider{{ @@ -1373,11 +1376,11 @@ oidc: issuer did not match the issuer returned by provider, expected "` + testIs }}, wantErr: controllerlib.ErrSyntheticRequeue.Error(), wantLogs: []string{ - `oidc-upstream-observer "msg"="failed to perform OIDC discovery" "error"="oidc: issuer did not match the issuer returned by provider, expected \"` + testIssuerURL + `/\" got \"` + testIssuerURL + `\"" "issuer"="` + testIssuerURL + `/" "name"="test-name" "namespace"="test-namespace"`, - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="loaded client credentials" "reason"="Success" "status"="True" "type"="ClientCredentialsSecretValid"`, - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="failed to perform OIDC discovery against \"` + testIssuerURL + `/\":\noidc: issuer did not match the issuer returned by provider, expected \"` + testIssuerURL + `/\" got \"` + testIssuerURL + `\"" "reason"="Unreachable" "status"="False" "type"="OIDCDiscoverySucceeded"`, - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="additionalAuthorizeParameters parameter names are allowed" "reason"="Success" "status"="True" "type"="AdditionalAuthorizeParametersValid"`, - `oidc-upstream-observer "msg"="found failing condition" "error"="OIDCIdentityProvider has a failing condition" "message"="failed to perform OIDC discovery against \"` + testIssuerURL + `/\":\noidc: issuer did not match the issuer returned by provider, expected \"` + testIssuerURL + `/\" got \"` + testIssuerURL + `\"" "name"="test-name" "namespace"="test-namespace" "reason"="Unreachable" "type"="OIDCDiscoverySucceeded"`, + `{"level":"error","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"oidcupstreamwatcher/oidc_upstream_watcher.go:$oidcupstreamwatcher.(*oidcWatcherController).validateIssuer","message":"failed to perform OIDC discovery","namespace":"test-namespace","name":"test-name","issuer":"` + testIssuerURL + `/","error":"oidc: issuer did not match the issuer returned by provider, expected \"` + testIssuerURL + `/\" got \"` + testIssuerURL + `\""}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"ClientCredentialsSecretValid","status":"True","reason":"Success","message":"loaded client credentials"}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"OIDCDiscoverySucceeded","status":"False","reason":"Unreachable","message":"failed to perform OIDC discovery against \"` + testIssuerURL + `/\":\noidc: issuer did not match the issuer returned by provider, expected \"` + testIssuerURL + `/\" got \"` + testIssuerURL + `\""}`, + `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"conditionsutil/conditions_util.go:$conditionsutil.MergeConditions","message":"updated condition","namespace":"test-namespace","name":"test-name","type":"AdditionalAuthorizeParametersValid","status":"True","reason":"Success","message":"additionalAuthorizeParameters parameter names are allowed"}`, + `{"level":"error","timestamp":"2099-08-08T13:57:36.123456Z","logger":"oidc-upstream-observer","caller":"oidcupstreamwatcher/oidc_upstream_watcher.go:$oidcupstreamwatcher.(*oidcWatcherController).validateUpstream","message":"found failing condition","namespace":"test-namespace","name":"test-name","type":"OIDCDiscoverySucceeded","reason":"Unreachable","message":"failed to perform OIDC discovery against \"` + testIssuerURL + `/\":\noidc: issuer did not match the issuer returned by provider, expected \"` + testIssuerURL + `/\" got \"` + testIssuerURL + `\"","error":"OIDCIdentityProvider has a failing condition"}`, }, wantResultingCache: []*oidctestutil.TestUpstreamOIDCIdentityProvider{}, wantResultingUpstreams: []idpv1alpha1.OIDCIdentityProvider{{ @@ -1413,18 +1416,20 @@ oidc: issuer did not match the issuer returned by provider, expected "` + testIs pinnipedInformers := supervisorinformers.NewSharedInformerFactory(fakePinnipedClient, 0) fakeKubeClient := fake.NewSimpleClientset(tt.inputSecrets...) kubeInformers := informers.NewSharedInformerFactory(fakeKubeClient, 0) - testLog := testlogger.NewLegacy(t) //nolint:staticcheck // old test with lots of log statements cache := dynamicupstreamprovider.NewDynamicUpstreamIDPProvider() cache.SetOIDCIdentityProviders([]upstreamprovider.UpstreamOIDCIdentityProviderI{ &upstreamoidc.ProviderConfig{Name: "initial-entry"}, }) + var log bytes.Buffer + logger := plog.TestLogger(t, &log) + controller := New( cache, fakePinnipedClient, pinnipedInformers.IDP().V1alpha1().OIDCIdentityProviders(), kubeInformers.Core().V1().Secrets(), - testLog.Logger, + logger, controllerlib.WithInformer, ) @@ -1442,7 +1447,9 @@ oidc: issuer did not match the issuer returned by provider, expected "` + testIs } else { require.NoError(t, err) } - require.Equal(t, strings.Join(tt.wantLogs, "\n"), strings.Join(testLog.Lines(), "\n")) + if len(tt.wantLogs) > 0 { + require.Equal(t, strings.Join(tt.wantLogs, "\n")+"\n", log.String()) + } actualIDPList := cache.GetOIDCIdentityProviders() require.Equal(t, len(tt.wantResultingCache), len(actualIDPList)) diff --git a/internal/controllermanager/prepare_controllers.go b/internal/controllermanager/prepare_controllers.go index 379db68a4..a7edc4fd4 100644 --- a/internal/controllermanager/prepare_controllers.go +++ b/internal/controllermanager/prepare_controllers.go @@ -227,7 +227,7 @@ func PrepareControllers(c *Config) (controllerinit.RunnerBuilder, error) { //nol agentConfig, client, informers.installationNamespaceK8s.Core().V1().Pods(), - plog.Logr(), //nolint:staticcheck // old controller with lots of log statements + plog.New(), ), singletonWorker, ). @@ -258,7 +258,7 @@ func PrepareControllers(c *Config) (controllerinit.RunnerBuilder, error) { //nol c.AuthenticatorCache, informers.pinniped.Authentication().V1alpha1().WebhookAuthenticators(), informers.pinniped.Authentication().V1alpha1().JWTAuthenticators(), - plog.Logr(), //nolint:staticcheck // old controller with lots of log statements + plog.New(), ), singletonWorker, ). @@ -284,7 +284,7 @@ func PrepareControllers(c *Config) (controllerinit.RunnerBuilder, error) { //nol impersonator.New, c.NamesConfig.ImpersonationSignerSecret, c.ImpersonationSigningCertProvider, - plog.Logr(), //nolint:staticcheck // old controller with lots of log statements + plog.New(), c.ImpersonationProxyTokenCache, ), singletonWorker, diff --git a/internal/mocks/mockoidcclientoptions/mockoidcclientoptions.go b/internal/mocks/mockoidcclientoptions/mockoidcclientoptions.go index 231d3f897..5e30aa131 100644 --- a/internal/mocks/mockoidcclientoptions/mockoidcclientoptions.go +++ b/internal/mocks/mockoidcclientoptions/mockoidcclientoptions.go @@ -117,6 +117,20 @@ func (mr *MockOIDCClientOptionsMockRecorder) WithLoginFlow(arg0, arg1 any) *gomo return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "WithLoginFlow", reflect.TypeOf((*MockOIDCClientOptions)(nil).WithLoginFlow), arg0, arg1) } +// WithLoginLogger mocks base method. +func (m *MockOIDCClientOptions) WithLoginLogger(arg0 oidcclient.Logger) oidcclient.Option { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "WithLoginLogger", arg0) + ret0, _ := ret[0].(oidcclient.Option) + return ret0 +} + +// WithLoginLogger indicates an expected call of WithLoginLogger. +func (mr *MockOIDCClientOptionsMockRecorder) WithLoginLogger(arg0 any) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "WithLoginLogger", reflect.TypeOf((*MockOIDCClientOptions)(nil).WithLoginLogger), arg0) +} + // WithRequestAudience mocks base method. func (m *MockOIDCClientOptions) WithRequestAudience(arg0 string) oidcclient.Option { m.ctrl.T.Helper() diff --git a/internal/supervisor/server/server.go b/internal/supervisor/server/server.go index 7d98f0a60..b83922faa 100644 --- a/internal/supervisor/server/server.go +++ b/internal/supervisor/server/server.go @@ -303,7 +303,7 @@ func prepareControllers( pinnipedClient, pinnipedInformers.IDP().V1alpha1().OIDCIdentityProviders(), secretInformer, - plog.Logr(), //nolint:staticcheck // old controller with lots of log statements + plog.New(), controllerlib.WithInformer, ), singletonWorker). diff --git a/pkg/oidcclient/login.go b/pkg/oidcclient/login.go index fa1f214af..f1b7e6d71 100644 --- a/pkg/oidcclient/login.go +++ b/pkg/oidcclient/login.go @@ -80,13 +80,15 @@ func stdin() int { return int(os.Stdin.Fd()) } type handlerState struct { // Basic parameters. ctx context.Context - logger logr.Logger + logger Logger issuer string clientID string scopes []string cache SessionCache out io.Writer // this is stderr except in unit tests + loggerOptionsCount int + // Tracking the usage of some other functional options. upstreamIdentityProviderName string upstreamIdentityProviderType idpdiscoveryv1alpha1.IDPType @@ -143,11 +145,57 @@ func WithContext(ctx context.Context) Option { } } +type Logger interface { + Error(msg string, err error, keysAndValues ...any) + Info(msg string, keysAndValues ...any) +} + +type logrLoggerWrapper struct { + logger logr.Logger +} + +var _ Logger = (*logrLoggerWrapper)(nil) + +func (l *logrLoggerWrapper) Error(msg string, err error, keysAndValues ...any) { + l.logger.V(plog.KlogLevelDebug).Error(err, msg, keysAndValues...) +} + +func (l *logrLoggerWrapper) Info(msg string, keysAndValues ...any) { + l.logger.V(plog.KlogLevelDebug).Info(msg, keysAndValues...) +} + +type emptyLogger struct{} + +var _ Logger = (*emptyLogger)(nil) + +func (e emptyLogger) Error(_ string, _ error, _ ...any) { + // NOOP +} + +func (e emptyLogger) Info(_ string, _ ...any) { + // NOOP +} + // WithLogger specifies a PLogger to use with the login. -// If not specified this will default to a new logger. +// If not specified this will default to a no-op logger. +// +// Deprecated: Use WithLoginLogger instead. +// This option will be removed in a future version of Pinniped. +// If this option is used along with WithLoginLogger, it will cause an error. func WithLogger(logger logr.Logger) Option { + return func(h *handlerState) error { + h.logger = &logrLoggerWrapper{logger: logger} + h.loggerOptionsCount++ + return nil + } +} + +// WithLoginLogger specifies a Logger to use. +// If not specified this will default to a no-op logger. +func WithLoginLogger(logger Logger) Option { return func(h *handlerState) error { h.logger = logger + h.loggerOptionsCount++ return nil } } @@ -319,7 +367,7 @@ func Login(issuer string, clientID string, opts ...Option) (*oidctypes.Token, er cache: &nopCache{}, callbackPath: "/callback", ctx: context.Background(), - logger: logr.Discard(), // discard logs unless a logger is specified + logger: &emptyLogger{}, callbacks: make(chan callbackResult, 2), httpClient: phttp.Default(nil), @@ -352,6 +400,10 @@ func Login(issuer string, clientID string, opts ...Option) (*oidctypes.Token, er h.loginFlow = idpdiscoveryv1alpha1.IDPFlowCLIPassword } + if h.loggerOptionsCount > 1 { + return nil, fmt.Errorf("please use only one mechanism to specify the logger") + } + // Copy the configured HTTP client to set a request timeout (the Go default client has no timeout configured). httpClientWithTimeout := *h.httpClient httpClientWithTimeout.Timeout = httpRequestTimeout @@ -444,7 +496,7 @@ func (h *handlerState) baseLogin() (*oidctypes.Token, error) { // return the cached tokens immediately and skip the rest of the flow. cached := h.cache.GetToken(cacheKey) if valid, whichTokenWasValid := h.tokenValidForNearFuture(cached); valid { - h.logger.V(plog.KlogLevelDebug).Info("Pinniped: Found unexpired cached token.", "type", whichTokenWasValid) + h.logger.Info("Pinniped: Found unexpired cached token.", "type", whichTokenWasValid) return cached, nil } @@ -713,7 +765,7 @@ func (h *handlerState) getUsernameAndPassword() (string, string, error) { return "", "", fmt.Errorf("error prompting for username: %w", err) } } else { - h.logger.V(plog.KlogLevelDebug).Info("Pinniped: Read username from environment variable", "name", defaultUsernameEnvVarName) + h.logger.Info("Pinniped: Read username from environment variable", "name", defaultUsernameEnvVarName) } password := h.getEnv(defaultPasswordEnvVarName) @@ -723,7 +775,7 @@ func (h *handlerState) getUsernameAndPassword() (string, string, error) { return "", "", fmt.Errorf("error prompting for password: %w", err) } } else { - h.logger.V(plog.KlogLevelDebug).Info("Pinniped: Read password from environment variable", "name", defaultPasswordEnvVarName) + h.logger.Info("Pinniped: Read password from environment variable", "name", defaultPasswordEnvVarName) } return username, password, nil @@ -735,7 +787,7 @@ func (h *handlerState) webBrowserBasedAuth(authorizeOptions *[]oauth2.AuthCodeOp // Attempt to open a local TCP listener, logging but otherwise ignoring any error. listener, err := h.listen("tcp", h.listenAddr) if err != nil { - h.logger.V(plog.KlogLevelDebug).Error(err, "could not open callback listener") + h.logger.Error("could not open callback listener", err) } // If the listener failed to start and stdin is not a TTY, then we have no hope of succeeding, @@ -774,7 +826,7 @@ func (h *handlerState) webBrowserBasedAuth(authorizeOptions *[]oauth2.AuthCodeOp openedBrowser := false if !h.skipBrowser { if err := h.openURL(authorizeURL); err != nil { - h.logger.V(plog.KlogLevelDebug).Error(err, "could not open browser") + h.logger.Error("could not open browser", err) } else { openedBrowser = true } @@ -924,7 +976,7 @@ func (h *handlerState) initOIDCDiscovery() error { return err } - h.logger.V(plog.KlogLevelDebug).Info("Pinniped: Performing OIDC discovery", "issuer", h.issuer) + h.logger.Info("Pinniped: Performing OIDC discovery", "issuer", h.issuer) var err error h.provider, err = coreosoidc.NewProvider(h.ctx, h.issuer) if err != nil { @@ -1027,7 +1079,7 @@ func validateURLUsesHTTPS(uri string, uriName string) error { } func (h *handlerState) tokenExchangeRFC8693(baseToken *oidctypes.Token) (*oidctypes.Token, error) { - h.logger.V(plog.KlogLevelDebug).Info("Pinniped: Performing RFC8693 token exchange", "requestedAudience", h.requestedAudience) + h.logger.Info("Pinniped: Performing RFC8693 token exchange", "requestedAudience", h.requestedAudience) // Perform OIDC discovery. This may have already been performed if there was not a cached base token. if err := h.initOIDCDiscovery(); err != nil { return nil, err @@ -1098,13 +1150,13 @@ func (h *handlerState) tokenExchangeRFC8693(baseToken *oidctypes.Token) (*oidcty } func (h *handlerState) handleRefresh(ctx context.Context, refreshToken *oidctypes.RefreshToken) (*oidctypes.Token, error) { - h.logger.V(plog.KlogLevelDebug).Info("Pinniped: Refreshing cached tokens.") + h.logger.Info("Pinniped: Refreshing cached tokens.") upstreamOIDCIdentityProvider := h.getProvider(h.oauth2Config, h.provider, h.httpClient) refreshed, err := upstreamOIDCIdentityProvider.PerformRefresh(ctx, refreshToken.Token) if err != nil { // Ignore errors during refresh, but return nil which will trigger the full login flow. - h.logger.V(plog.KlogLevelDebug).Info("Pinniped: Refresh failed.", "error", err.Error()) + h.logger.Info("Pinniped: Refresh failed.", "error", err.Error()) return nil, nil } @@ -1153,11 +1205,11 @@ func (h *handlerState) handleAuthCodeCallback(w http.ResponseWriter, r *http.Req origin := r.Header.Get("Origin") if origin == "" { // The CORS preflight request should have an origin. - h.logger.V(plog.KlogLevelDebug).Info("Pinniped: Got OPTIONS request without origin header") + h.logger.Info("Pinniped: Got OPTIONS request without origin header") w.WriteHeader(http.StatusBadRequest) return nil // keep listening for more requests } - h.logger.V(plog.KlogLevelDebug).Info("Pinniped: Got CORS preflight request from browser", "origin", origin) + h.logger.Info("Pinniped: Got CORS preflight request from browser", "origin", origin) // To tell the browser that it is okay to make the real POST or GET request, return the following response. w.Header().Set("Access-Control-Allow-Origin", allowOrigin) w.Header().Set("Vary", "*") // supposed to use Vary when Access-Control-Allow-Origin is a specific host @@ -1188,7 +1240,7 @@ func (h *handlerState) handleAuthCodeCallback(w http.ResponseWriter, r *http.Req default: // Return HTTP 405 for anything that's not a POST, GET, or an OPTIONS request. - h.logger.V(plog.KlogLevelDebug).Info("Pinniped: Got unexpected request on callback listener", "method", r.Method) + h.logger.Info("Pinniped: Got unexpected request on callback listener", "method", r.Method) w.WriteHeader(http.StatusMethodNotAllowed) return nil // keep listening for more requests } diff --git a/pkg/oidcclient/login_test.go b/pkg/oidcclient/login_test.go index 89352a110..c0a4d6375 100644 --- a/pkg/oidcclient/login_test.go +++ b/pkg/oidcclient/login_test.go @@ -22,6 +22,7 @@ import ( "time" coreosoidc "github.com/coreos/go-oidc/v3/oidc" + "github.com/go-logr/logr" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "go.uber.org/mock/gomock" @@ -3370,7 +3371,7 @@ func TestHandleAuthCodeCallback(t *testing.T) { state: state.State("test-state"), pkce: pkce.Code("test-pkce"), nonce: nonce.Nonce("test-nonce"), - logger: plog.Logr(), //nolint:staticcheck // old test with no log assertions + logger: plog.New(), issuer: "https://valid-issuer.com/with/some/path", } if tt.opt != nil { @@ -3864,3 +3865,49 @@ func TestMaybePerformPinnipedSupervisorValidations(t *testing.T) { }) } } + +func TestLoggers(t *testing.T) { + t.Run("with deprecated logger and new logger, returns an error", func(t *testing.T) { + token, err := Login("https://127.0.0.1", "clientID", + WithLogger(logr.Discard()), + WithLoginLogger(plog.New()), + ) + require.EqualError(t, err, "please use only one mechanism to specify the logger") + require.Nil(t, token) + }) + + issuer, _ := tlsserver.TestServerIPv4(t, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + http.Error(w, "some discovery error", http.StatusInternalServerError) + }), nil) + + t.Run("with new logger, outputs logs", func(t *testing.T) { + var log bytes.Buffer + + token, err := Login(issuer.URL, "clientID", + WithLoginLogger(plog.TestLogger(t, &log)), + ) + // This error is expected, we're testing logs not discovery + require.EqualError(t, err, `could not perform OIDC discovery for "`+issuer.URL+`": Get "`+issuer.URL+`/.well-known/openid-configuration": tls: failed to verify certificate: x509: certificate signed by unknown authority`) + require.Nil(t, token) + + wantLog := `{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"oidcclient/login.go:$oidcclient.(*handlerState).initOIDCDiscovery","message":"Pinniped: Performing OIDC discovery","issuer":"` + issuer.URL + `"}` + require.Equal(t, wantLog+"\n", log.String()) + }) + + t.Run("with deprecated logger, outputs logs", func(t *testing.T) { + testLog := testlogger.NewLegacy(t) //nolint:staticcheck // This is specifically meant to test deprecated code + token, err := Login(issuer.URL, "clientID", + WithLogger(testLog.Logger), + ) + // This error is expected, we're testing logs not discovery + require.EqualError(t, err, `could not perform OIDC discovery for "`+issuer.URL+`": Get "`+issuer.URL+`/.well-known/openid-configuration": tls: failed to verify certificate: x509: certificate signed by unknown authority`) + require.Nil(t, token) + + wantLogs := []string{ + `"level"=4 "msg"="Pinniped: Performing OIDC discovery" "issuer"="` + issuer.URL + `"`, + } + require.Equal(t, wantLogs, testLog.Lines()) + }) + + // NOTE: We can't really test logs with the default (e.g. no logger option specified) +}