From ecd01c6ac4ae9f46d35398fe1f3a64b37c80a058 Mon Sep 17 00:00:00 2001 From: Noah Stride Date: Mon, 2 Dec 2024 10:56:52 +0000 Subject: [PATCH] Update the help commands and slogging Signed-off-by: Noah Stride --- cmd/credential_file.go | 46 +++++++++++++++++++-------------------- cmd/credential_process.go | 8 +------ cmd/main.go | 8 +++++++ 3 files changed, 32 insertions(+), 30 deletions(-) diff --git a/cmd/credential_file.go b/cmd/credential_file.go index ec3e896..6788822 100644 --- a/cmd/credential_file.go +++ b/cmd/credential_file.go @@ -18,8 +18,8 @@ func newX509CredentialFileOneshotCmd() (*cobra.Command, error) { sf := &sharedFlags{} cmd := &cobra.Command{ Use: "x509-credential-file-oneshot", - Short: ``, - Long: ``, + Short: `Exchanges an X509 SVID for a short-lived set of AWS credentials using AWS Roles Anywhere. Writes the credentials to a file in the 'credential file' format expected by the AWS CLI and SDKs.`, + Long: `Exchanges an X509 SVID for a short-lived set of AWS credentials using AWS Roles Anywhere. Writes the credentials to a file in the 'credential file' format expected by the AWS CLI and SDKs.`, RunE: func(cmd *cobra.Command, args []string) error { return oneshotX509CredentialFile( cmd.Context(), force, replace, awsCredentialsPath, sf, @@ -64,12 +64,9 @@ func oneshotX509CredentialFile( return fmt.Errorf("fetching x509 context: %w", err) } svid := x509Ctx.DefaultSVID() - slog.Debug( + slog.Info( "Fetched X509 SVID", - slog.Group("svid", - "spiffe_id", svid.ID, - "hint", svid.Hint, - ), + "svid", svidValue(svid), ) credentials, err := exchangeX509SVIDForAWSCredentials(sf, svid) @@ -77,6 +74,11 @@ func oneshotX509CredentialFile( return fmt.Errorf("exchanging X509 SVID for AWS credentials: %w", err) } + expiresAt, err := time.Parse(time.RFC3339, credentials.Expiration) + if err != nil { + return fmt.Errorf("parsing expiration time: %w", err) + } + // Now we write this to disk in the format that the AWS CLI/SDK // expects for a credentials file. err = internal.UpsertAWSCredentialsFileProfile( @@ -95,7 +97,11 @@ func oneshotX509CredentialFile( if err != nil { return fmt.Errorf("writing credentials to file: %w", err) } - slog.Info("Wrote AWS credential to file", "path", "./my-credential") + slog.Info( + "Wrote AWS credential to file", + "path", awsCredentialsPath, + "aws_expires_at", expiresAt, + ) return nil } @@ -106,15 +112,13 @@ func newX509CredentialFileCmd() (*cobra.Command, error) { sf := &sharedFlags{} cmd := &cobra.Command{ Use: "x509-credential-file", - Short: ``, - Long: ``, + Short: `On a regular basis, this daemon exchanges an X509 SVID for a short-lived set of AWS credentials using AWS Roles Anywhere. Writes the credentials to a file in the 'credential file' format expected by the AWS CLI and SDKs.`, + Long: `On a regular basis, this daemon exchanges an X509 SVID for a short-lived set of AWS credentials using AWS Roles Anywhere. Writes the credentials to a file in the 'credential file' format expected by the AWS CLI and SDKs.`, RunE: func(cmd *cobra.Command, args []string) error { return daemonX509CredentialFile( cmd.Context(), force, replace, awsCredentialsPath, sf, ) }, - // Hidden for now as the daemon is likely more "usable" - Hidden: true, } if err := sf.addFlags(cmd); err != nil { return nil, fmt.Errorf("adding shared flags: %w", err) @@ -166,20 +170,20 @@ func daemonX509CredentialFile( if err != nil { return fmt.Errorf("fetching initial X509 SVID: %w", err) } - slog.Debug("Fetched initial X509 SVID", slog.Group("svid", - "spiffe_id", svid.ID, - "hint", svid.Hint, - "expires_at", svid.Certificates[0].NotAfter, - )) + slog.Info("Fetched initial X509 SVID", "svid", svidValue(svid)) for { - slog.Debug("Exchanging X509 SVID for AWS credentials") + slog.Debug( + "Exchanging X509 SVID for AWS credentials", + "svid", svidValue(svid), + ) credentials, err := exchangeX509SVIDForAWSCredentials(sf, svid) if err != nil { return fmt.Errorf("exchanging X509 SVID for AWS credentials: %w", err) } slog.Info( "Successfully exchanged X509 SVID for AWS credentials", + "svid", svidValue(svid), ) expiresAt, err := time.Parse(time.RFC3339, credentials.Expiration) @@ -237,11 +241,7 @@ func daemonX509CredentialFile( } slog.Info( "Received new X509 SVID from Workload API, will update AWS credentials", - slog.Group("svid", - "spiffe_id", newSVID.ID, - "hint", newSVID.Hint, - "expires_at", newSVID.Certificates[0].NotAfter, - ), + "svid", svidValue(svid), ) svid = newSVID case <-ctx.Done(): diff --git a/cmd/credential_process.go b/cmd/credential_process.go index ae2d643..79e762d 100644 --- a/cmd/credential_process.go +++ b/cmd/credential_process.go @@ -38,13 +38,7 @@ func newX509CredentialProcessCmd() (*cobra.Command, error) { // TODO(strideynet): Implement SVID selection mechanism, for now, // we'll just use the first returned SVID (a.k.a the default). svid := x509Ctx.DefaultSVID() - slog.Debug( - "Fetched X509 SVID", - slog.Group("svid", - "spiffe_id", svid.ID, - "hint", svid.Hint, - ), - ) + slog.Debug("Fetched X509 SVID", "svid", svidValue(svid)) credentials, err := exchangeX509SVIDForAWSCredentials(sf, svid) if err != nil { diff --git a/cmd/main.go b/cmd/main.go index b58b9ca..1e4fb83 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -122,3 +122,11 @@ func exchangeX509SVIDForAWSCredentials( ) return credentials, nil } + +func svidValue(svid *x509svid.SVID) slog.Value { + return slog.GroupValue( + slog.String("id", svid.ID.String()), + slog.String("hint", svid.Hint), + slog.Time("expires_at", svid.Certificates[0].NotAfter), + ) +}