From eaaa786313c90bf16cd942aeead973ba2016985e Mon Sep 17 00:00:00 2001 From: Carl Lundin Date: Sat, 3 Dec 2022 00:21:40 +0000 Subject: [PATCH] feat: Gate ECP logs behind ENABLE_ENTERPRISE_CERTIFICATE_LOGS environment variable. --- README.md | 14 ++++++++++++++ client/client.go | 2 ++ cshared/main.go | 3 +++ go.mod | 4 ++++ internal/signer/darwin/go.mod | 6 +++++- internal/signer/darwin/signer.go | 3 +++ internal/signer/linux/go.mod | 4 ++++ internal/signer/linux/signer.go | 3 +++ internal/signer/windows/go.mod | 3 +++ internal/signer/windows/signer.go | 3 +++ utils/go.mod | 3 +++ utils/util.go | 18 ++++++++++++++++++ utils/util_test.go | 25 +++++++++++++++++++++++++ 13 files changed, 90 insertions(+), 1 deletion(-) create mode 100644 utils/go.mod create mode 100644 utils/util.go create mode 100644 utils/util_test.go diff --git a/README.md b/README.md index cea0145..59ed609 100644 --- a/README.md +++ b/README.md @@ -126,6 +126,20 @@ ECP relies on the `certificate_config.json` file to read all the metadata inform } ``` +### Logging + +To enable logging set the "ENABLE_ENTERPRISE_CERTIFICATE_LOGS" environment +variable. + +#### Example + +``` +export ENABLE_ENTERPRISE_CERTIFICATE_LOGS=1 # Now the +enterprise-certificate-proxy will output logs to stdout. +``` + + + ## Build binaries For amd64 MacOS, run `./build/scripts/darwin_amd64.sh`. The binaries will be placed in `build/bin/darwin_amd64` folder. diff --git a/client/client.go b/client/client.go index 0d22a2c..050de75 100644 --- a/client/client.go +++ b/client/client.go @@ -20,6 +20,7 @@ import ( "os/exec" "github.com/googleapis/enterprise-certificate-proxy/client/util" + "github.com/googleapis/enterprise-certificate-proxy/utils" ) const signAPI = "EnterpriseCertSigner.Sign" @@ -105,6 +106,7 @@ func (k *Key) Sign(_ io.Reader, digest []byte, opts crypto.SignerOpts) (signed [ // // The config file also specifies which certificate the signer should use. func Cred(configFilePath string) (*Key, error) { + utils.EnableECPLogging() if configFilePath == "" { configFilePath = util.GetDefaultConfigFilePath() } diff --git a/cshared/main.go b/cshared/main.go index cf88b13..1fdd343 100644 --- a/cshared/main.go +++ b/cshared/main.go @@ -22,6 +22,7 @@ import ( "unsafe" "github.com/googleapis/enterprise-certificate-proxy/client" + "github.com/googleapis/enterprise-certificate-proxy/utils" ) func getCertPem(configFilePath string) []byte { @@ -54,6 +55,7 @@ func getCertPem(configFilePath string) []byte { // //export GetCertPemForPython func GetCertPemForPython(configFilePath *C.char, certHolder *byte, certHolderLen int) int { + utils.EnableECPLogging() pemBytes := getCertPem(C.GoString(configFilePath)) if certHolder != nil { cert := unsafe.Slice(certHolder, certHolderLen) @@ -68,6 +70,7 @@ func GetCertPemForPython(configFilePath *C.char, certHolder *byte, certHolderLen //export SignForPython func SignForPython(configFilePath *C.char, digest *byte, digestLen int, sigHolder *byte, sigHolderLen int) int { // First create a handle around the specified certificate and private key. + utils.EnableECPLogging() key, err := client.Cred(C.GoString(configFilePath)) if err != nil { log.Printf("Could not create client using config %s: %v", C.GoString(configFilePath), err) diff --git a/go.mod b/go.mod index 21a213d..d4f728c 100644 --- a/go.mod +++ b/go.mod @@ -1,3 +1,7 @@ module github.com/googleapis/enterprise-certificate-proxy go 1.18 + +replace github.com/googleapis/enterprise-certificate-proxy/utils => ./utils + +require github.com/googleapis/enterprise-certificate-proxy/utils v0.0.0-00010101000000-000000000000 // indirect diff --git a/internal/signer/darwin/go.mod b/internal/signer/darwin/go.mod index 1f7b137..4e8e531 100644 --- a/internal/signer/darwin/go.mod +++ b/internal/signer/darwin/go.mod @@ -1,3 +1,7 @@ module signer -go 1.18 \ No newline at end of file +go 1.18 + +replace github.com/googleapis/enterprise-certificate-proxy/utils => ../../../utils + +require github.com/googleapis/enterprise-certificate-proxy/utils v0.0.0-00010101000000-000000000000 // indirect diff --git a/internal/signer/darwin/signer.go b/internal/signer/darwin/signer.go index 7ed31df..dbc795d 100644 --- a/internal/signer/darwin/signer.go +++ b/internal/signer/darwin/signer.go @@ -20,6 +20,8 @@ import ( "signer/keychain" "signer/util" "time" + + "github.com/googleapis/enterprise-certificate-proxy/utils" ) func init() { @@ -76,6 +78,7 @@ func (k *EnterpriseCertSigner) Sign(args SignArgs, resp *[]byte) (err error) { } func main() { + utils.EnableECPLogging() if len(os.Args) != 2 { log.Fatalln("Signer is not meant to be invoked manually, exiting...") } diff --git a/internal/signer/linux/go.mod b/internal/signer/linux/go.mod index bd8d251..eeaeeea 100644 --- a/internal/signer/linux/go.mod +++ b/internal/signer/linux/go.mod @@ -3,3 +3,7 @@ module signer go 1.18 require github.com/google/go-pkcs11 v0.2.0 + +require github.com/googleapis/enterprise-certificate-proxy/utils v0.0.0-00010101000000-000000000000 // indirect + +replace github.com/googleapis/enterprise-certificate-proxy/utils => ../../../utils diff --git a/internal/signer/linux/signer.go b/internal/signer/linux/signer.go index fe75cd9..3edf47a 100644 --- a/internal/signer/linux/signer.go +++ b/internal/signer/linux/signer.go @@ -20,6 +20,8 @@ import ( "os" "signer/util" "time" + + "github.com/googleapis/enterprise-certificate-proxy/utils" ) func init() { @@ -76,6 +78,7 @@ func (k *EnterpriseCertSigner) Sign(args SignArgs, resp *[]byte) (err error) { } func main() { + utils.EnableECPLogging() if len(os.Args) != 2 { log.Fatalln("Signer is not meant to be invoked manually, exiting...") } diff --git a/internal/signer/windows/go.mod b/internal/signer/windows/go.mod index 6da0c37..c97c864 100644 --- a/internal/signer/windows/go.mod +++ b/internal/signer/windows/go.mod @@ -3,6 +3,9 @@ module signer go 1.18 require ( + github.com/googleapis/enterprise-certificate-proxy/utils v0.0.0-00010101000000-000000000000 // indirect golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4 // indirect golang.org/x/sys v0.0.0-20220412211240-33da011f77ad // indirect ) + +replace github.com/googleapis/enterprise-certificate-proxy/utils => ../../../utils diff --git a/internal/signer/windows/signer.go b/internal/signer/windows/signer.go index ffa1977..9564a0b 100644 --- a/internal/signer/windows/signer.go +++ b/internal/signer/windows/signer.go @@ -20,6 +20,8 @@ import ( "signer/ncrypt" "signer/util" "time" + + "github.com/googleapis/enterprise-certificate-proxy/utils" ) func init() { @@ -76,6 +78,7 @@ func (k *EnterpriseCertSigner) Sign(args SignArgs, resp *[]byte) (err error) { } func main() { + utils.EnableECPLogging() if len(os.Args) != 2 { log.Fatalln("Signer is not meant to be invoked manually, exiting...") } diff --git a/utils/go.mod b/utils/go.mod new file mode 100644 index 0000000..9778d60 --- /dev/null +++ b/utils/go.mod @@ -0,0 +1,3 @@ +module utils + +go 1.20 diff --git a/utils/util.go b/utils/util.go new file mode 100644 index 0000000..b2da491 --- /dev/null +++ b/utils/util.go @@ -0,0 +1,18 @@ +package utils + +import ( + "io/ioutil" + "log" + "os" +) + +// / If ECP Logging is enabled return true +// / Otherwise return false +func EnableECPLogging() bool { + if os.Getenv("ENABLE_ENTERPRISE_CERTIFICATE_LOGS") != "" { + return true + } + + log.SetOutput(ioutil.Discard) + return false +} diff --git a/utils/util_test.go b/utils/util_test.go new file mode 100644 index 0000000..5b52ccb --- /dev/null +++ b/utils/util_test.go @@ -0,0 +1,25 @@ +package utils_test + +import ( + "testing" + + "os" + + "github.com/googleapis/enterprise-certificate-proxy/utils" +) + +func TestEnabledLogging(t *testing.T) { + os.Setenv("ENABLE_ENTERPRISE_CERTIFICATE_LOGS", "1") + + if !utils.EnableECPLogging() { + t.Error("ECP Logging should be enabled if ENABLE_ENTERPRISE_CERTIFICATE_LOGS is set.") + } +} + +func TestDisabledLogging(t *testing.T) { + os.Unsetenv("ENABLE_ENTERPRISE_CERTIFICATE_LOGS") + + if utils.EnableECPLogging() { + t.Error("ECP Logging should be enabled if ENABLE_ENTERPRISE_CERTIFICATE_LOGS is set.") + } +}