From bae2952fb157dc3d48b986d70477ad4602e2ffc4 Mon Sep 17 00:00:00 2001
From: Knut Ahlers <knut@ahlers.me>
Date: Wed, 3 May 2017 21:34:07 +0200
Subject: [PATCH] Improve logging output

Signed-off-by: Knut Ahlers <knut@ahlers.me>
---
 main.go | 37 +++++++++++++++++++++++++++++++++----
 1 file changed, 33 insertions(+), 4 deletions(-)

diff --git a/main.go b/main.go
index e425bb6..5e68de0 100644
--- a/main.go
+++ b/main.go
@@ -2,11 +2,11 @@ package main
 
 import (
 	"crypto/x509"
+	"encoding/json"
 	"encoding/pem"
 	"errors"
 	"fmt"
 	"io/ioutil"
-	"log"
 	"os"
 	"strings"
 	"text/template"
@@ -14,6 +14,7 @@ import (
 
 	"github.com/Luzifer/go_helpers/str"
 	"github.com/Luzifer/rconfig"
+	log "github.com/Sirupsen/logrus"
 	"github.com/hashicorp/vault/api"
 	homedir "github.com/mitchellh/go-homedir"
 )
@@ -35,7 +36,8 @@ var (
 		AutoRevoke bool          `flag:"auto-revoke" default:"false" description:"Automatically revoke older certificates for this FQDN"`
 		CertTTL    time.Duration `flag:"ttl" default:"8760h" description:"Set the TTL for this certificate"`
 
-		VersionAndExit bool `flag:"version" default:"false" description:"Prints current version and exits"`
+		LogLevel       string `flag:"log-level" default:"info" description:"Log level to use (debug, info, warning, error)"`
+		VersionAndExit bool   `flag:"version" default:"false" description:"Prints current version and exits"`
 	}{}
 
 	version = "dev"
@@ -72,6 +74,12 @@ func init() {
 		log.Fatalf("Unable to parse commandline options: %s", err)
 	}
 
+	if logLevel, err := log.ParseLevel(cfg.LogLevel); err == nil {
+		log.SetLevel(logLevel)
+	} else {
+		log.Fatalf("Unable to interprete log level: %s", err)
+	}
+
 	if cfg.VersionAndExit {
 		fmt.Printf("vault-openvpn %s\n", version)
 		os.Exit(0)
@@ -178,7 +186,20 @@ func revokeOlderCertificate(fqdn string) error {
 			return err
 		}
 
-		log.Printf("Found certificate %s with CN %s", serial, cn)
+		if revokationTime, ok := cs.Data["revocation_time"]; ok {
+			rt, err := revokationTime.(json.Number).Int64()
+			if err == nil && rt < time.Now().Unix() && rt > 0 {
+				log.WithFields(log.Fields{
+					"cn": cn,
+				}).Debug("Found revoked certificate")
+				continue
+			}
+		}
+
+		log.WithFields(log.Fields{
+			"cn":     cn,
+			"serial": serial,
+		}).Info("Found valid certificate")
 
 		if cn == fqdn {
 			path := strings.Join([]string{strings.Trim(cfg.PKIMountPoint, "/"), "revoke"}, "/")
@@ -187,7 +208,10 @@ func revokeOlderCertificate(fqdn string) error {
 			}); err != nil {
 				return errors.New("Revoke of serial " + serial.(string) + " failed: " + err.Error())
 			}
-			log.Printf("Revoked certificate %s", serial)
+			log.WithFields(log.Fields{
+				"cn":     cn,
+				"serial": serial,
+			}).Info("Revoked certificate")
 		}
 	}
 
@@ -229,6 +253,11 @@ func generateCertificate(fqdn string) (*templateVars, error) {
 		return nil, errors.New("Got no data from backend")
 	}
 
+	log.WithField(log.Fields{
+		"cn":     fqdn,
+		"serial": secret.Data["serial_number"].(string),
+	}).Info("Generated new certificate")
+
 	return &templateVars{
 		Certificate: secret.Data["certificate"].(string),
 		PrivateKey:  secret.Data["private_key"].(string),