Skip to content

Commit

Permalink
Update the help commands and slogging
Browse files Browse the repository at this point in the history
Signed-off-by: Noah Stride <noah.stride@goteleport.com>
  • Loading branch information
strideynet committed Dec 2, 2024
1 parent 10624f0 commit ecd01c6
Show file tree
Hide file tree
Showing 3 changed files with 32 additions and 30 deletions.
46 changes: 23 additions & 23 deletions cmd/credential_file.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,8 @@ func newX509CredentialFileOneshotCmd() (*cobra.Command, error) {
sf := &sharedFlags{}
cmd := &cobra.Command{
Use: "x509-credential-file-oneshot",
Short: ``,
Long: ``,
Short: `Exchanges an X509 SVID for a short-lived set of AWS credentials using AWS Roles Anywhere. Writes the credentials to a file in the 'credential file' format expected by the AWS CLI and SDKs.`,
Long: `Exchanges an X509 SVID for a short-lived set of AWS credentials using AWS Roles Anywhere. Writes the credentials to a file in the 'credential file' format expected by the AWS CLI and SDKs.`,
RunE: func(cmd *cobra.Command, args []string) error {
return oneshotX509CredentialFile(
cmd.Context(), force, replace, awsCredentialsPath, sf,
Expand Down Expand Up @@ -64,19 +64,21 @@ func oneshotX509CredentialFile(
return fmt.Errorf("fetching x509 context: %w", err)
}
svid := x509Ctx.DefaultSVID()
slog.Debug(
slog.Info(
"Fetched X509 SVID",
slog.Group("svid",
"spiffe_id", svid.ID,
"hint", svid.Hint,
),
"svid", svidValue(svid),
)

credentials, err := exchangeX509SVIDForAWSCredentials(sf, svid)
if err != nil {
return fmt.Errorf("exchanging X509 SVID for AWS credentials: %w", err)
}

expiresAt, err := time.Parse(time.RFC3339, credentials.Expiration)
if err != nil {
return fmt.Errorf("parsing expiration time: %w", err)
}

// Now we write this to disk in the format that the AWS CLI/SDK
// expects for a credentials file.
err = internal.UpsertAWSCredentialsFileProfile(
Expand All @@ -95,7 +97,11 @@ func oneshotX509CredentialFile(
if err != nil {
return fmt.Errorf("writing credentials to file: %w", err)
}
slog.Info("Wrote AWS credential to file", "path", "./my-credential")
slog.Info(
"Wrote AWS credential to file",
"path", awsCredentialsPath,
"aws_expires_at", expiresAt,
)
return nil
}

Expand All @@ -106,15 +112,13 @@ func newX509CredentialFileCmd() (*cobra.Command, error) {
sf := &sharedFlags{}
cmd := &cobra.Command{
Use: "x509-credential-file",
Short: ``,
Long: ``,
Short: `On a regular basis, this daemon exchanges an X509 SVID for a short-lived set of AWS credentials using AWS Roles Anywhere. Writes the credentials to a file in the 'credential file' format expected by the AWS CLI and SDKs.`,
Long: `On a regular basis, this daemon exchanges an X509 SVID for a short-lived set of AWS credentials using AWS Roles Anywhere. Writes the credentials to a file in the 'credential file' format expected by the AWS CLI and SDKs.`,
RunE: func(cmd *cobra.Command, args []string) error {
return daemonX509CredentialFile(
cmd.Context(), force, replace, awsCredentialsPath, sf,
)
},
// Hidden for now as the daemon is likely more "usable"
Hidden: true,
}
if err := sf.addFlags(cmd); err != nil {
return nil, fmt.Errorf("adding shared flags: %w", err)
Expand Down Expand Up @@ -166,20 +170,20 @@ func daemonX509CredentialFile(
if err != nil {
return fmt.Errorf("fetching initial X509 SVID: %w", err)
}
slog.Debug("Fetched initial X509 SVID", slog.Group("svid",
"spiffe_id", svid.ID,
"hint", svid.Hint,
"expires_at", svid.Certificates[0].NotAfter,
))
slog.Info("Fetched initial X509 SVID", "svid", svidValue(svid))

for {
slog.Debug("Exchanging X509 SVID for AWS credentials")
slog.Debug(
"Exchanging X509 SVID for AWS credentials",
"svid", svidValue(svid),
)
credentials, err := exchangeX509SVIDForAWSCredentials(sf, svid)
if err != nil {
return fmt.Errorf("exchanging X509 SVID for AWS credentials: %w", err)
}
slog.Info(
"Successfully exchanged X509 SVID for AWS credentials",
"svid", svidValue(svid),
)

expiresAt, err := time.Parse(time.RFC3339, credentials.Expiration)
Expand Down Expand Up @@ -237,11 +241,7 @@ func daemonX509CredentialFile(
}
slog.Info(
"Received new X509 SVID from Workload API, will update AWS credentials",
slog.Group("svid",
"spiffe_id", newSVID.ID,
"hint", newSVID.Hint,
"expires_at", newSVID.Certificates[0].NotAfter,
),
"svid", svidValue(svid),
)
svid = newSVID
case <-ctx.Done():
Expand Down
8 changes: 1 addition & 7 deletions cmd/credential_process.go
Original file line number Diff line number Diff line change
Expand Up @@ -38,13 +38,7 @@ func newX509CredentialProcessCmd() (*cobra.Command, error) {
// TODO(strideynet): Implement SVID selection mechanism, for now,
// we'll just use the first returned SVID (a.k.a the default).
svid := x509Ctx.DefaultSVID()
slog.Debug(
"Fetched X509 SVID",
slog.Group("svid",
"spiffe_id", svid.ID,
"hint", svid.Hint,
),
)
slog.Debug("Fetched X509 SVID", "svid", svidValue(svid))

credentials, err := exchangeX509SVIDForAWSCredentials(sf, svid)
if err != nil {
Expand Down
8 changes: 8 additions & 0 deletions cmd/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -122,3 +122,11 @@ func exchangeX509SVIDForAWSCredentials(
)
return credentials, nil
}

func svidValue(svid *x509svid.SVID) slog.Value {
return slog.GroupValue(
slog.String("id", svid.ID.String()),
slog.String("hint", svid.Hint),
slog.Time("expires_at", svid.Certificates[0].NotAfter),
)
}

0 comments on commit ecd01c6

Please sign in to comment.