Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add serial number and revision number to svid minting log entries #3699

Merged
merged 4 commits into from
Dec 22, 2022
Merged

Add serial number and revision number to svid minting log entries #3699

merged 4 commits into from
Dec 22, 2022

Conversation

alexviktorov
Copy link
Contributor

@alexviktorov alexviktorov commented Dec 13, 2022
edited
Loading

Pull Request check list

  • Commit conforms to CONTRIBUTING.md?
  • Proper tests/regressions included?
  • Documentation updated?

Affected functionality
Log entries will include extra fields; datetime of Svid minting audit logs changed format from Unix to RFC3339

Description of change
Added serial number and revision number to svid minting log entries: both for Batch/NewX509Svid and only serial number for MintX509Svid

Which issue this PR fixes
#3688

@alexviktorov alexviktorov marked this pull request as ready for review December 13, 2022 19:45
@evan2645 evan2645 self-assigned this Dec 13, 2022
@evan2645 evan2645 added this to the 1.5.4 milestone Dec 13, 2022
evan2645
evan2645 reviewed Dec 14, 2022
View reviewed changes
Copy link
Member

@evan2645 evan2645 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks so much for this contribution @alexviktorov! Couple minor comments, should be good to go after that.

pkg/server/api/svid/v1/service.go
@@ -115,11 +115,12 @@ func (s *Service) MintX509SVID(ctx context.Context, req *svidv1.MintX509SVIDRequ
}

rpccontext.AddRPCAuditFields(ctx, logrus.Fields{
telemetry.ExpiresAt: x509SVID[0].NotAfter.Unix(),
telemetry.ExpiresAt: x509SVID[0].NotAfter.Format(time.RFC3339),
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Was this change intentional? I don't have a strong opinion on the formatting here, the concern from my end is more around backward compatibility for folks using this field today

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, just a couple of lines below on line 122 the Expiration is logged in time.RFC3339 format so changed it for consistency's sake after discussing with Ryan. I don't have a strong opinion though, I can easily revert it.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah gotcha ... alrighty then.

pkg/server/api/svid/v1/service.go Outdated
})

rpccontext.AuditRPCWithFields(ctx, commonX509SVIDLogFields)
log.WithField(telemetry.Expiration, x509SVID[0].NotAfter.Format(time.RFC3339)).
WithField(telemetry.SerialNumber, x509SVID[0].SerialNumber).
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is an x509.Certificate type, and the SerialNumber field there is actually *big.Int which is a struct. I think we need to call the String() method to get something printable

Suggested change
WithField(telemetry.SerialNumber, x509SVID[0].SerialNumber).
WithField(telemetry.SerialNumber, x509SVID[0].SerialNumber.String()).

evan2645
evan2645 approved these changes Dec 22, 2022
View reviewed changes
Copy link
Member

@evan2645 evan2645 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you @alexviktorov!

pkg/server/api/svid/v1/service.go
@@ -115,11 +115,12 @@ func (s *Service) MintX509SVID(ctx context.Context, req *svidv1.MintX509SVIDRequ
}

rpccontext.AddRPCAuditFields(ctx, logrus.Fields{
telemetry.ExpiresAt: x509SVID[0].NotAfter.Unix(),
telemetry.ExpiresAt: x509SVID[0].NotAfter.Format(time.RFC3339),
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah gotcha ... alrighty then.

@amartinezfayo amartinezfayo merged commit 42540ae into spiffe:main Dec 22, 2022
divaspathak pushed a commit to divaspathak/spire that referenced this pull request Dec 24, 2022
@alexviktorov @divaspathak
Add serial number and revision number to svid minting log entries (sp…
98542ca 
…iffe#3699)

* Added svid serial number and entry revision number where applicable

Signed-off-by: Alexander Viktorov <[email protected]>
Signed-off-by: divaspathak <[email protected]>
@alexviktorov alexviktorov deleted the aviktorov/3688 branch January 17, 2023 21:17
stevend-uber pushed a commit to stevend-uber/spire that referenced this pull request Oct 16, 2023
@alexviktorov @stevend-uber
Add serial number and revision number to svid minting log entries (sp…
05c2e11 
…iffe#3699)

* Added svid serial number and entry revision number where applicable

Signed-off-by: Alexander Viktorov <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@evan2645 evan2645 evan2645 approved these changes

@amartinezfayo amartinezfayo Awaiting requested review from amartinezfayo amartinezfayo is a code owner

@azdagron azdagron Awaiting requested review from azdagron azdagron is a code owner

@MarcosDY MarcosDY Awaiting requested review from MarcosDY MarcosDY is a code owner

@rturner3 rturner3 Awaiting requested review from rturner3 rturner3 is a code owner

Assignees

@evan2645 evan2645

Labels
None yet
Projects
None yet
Milestone
1.5.4
Development

Successfully merging this pull request may close these issues.
3 participants
@alexviktorov @evan2645 @amartinezfayo