mirror of
https://github.com/Luzifer/vault-openvpn.git
synced 2024-12-26 14:51:19 +00:00
Improve logging output
Signed-off-by: Knut Ahlers <knut@ahlers.me>
This commit is contained in:
parent
c0d159bc2a
commit
bae2952fb1
1 changed files with 33 additions and 4 deletions
37
main.go
37
main.go
|
@ -2,11 +2,11 @@ package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"crypto/x509"
|
"crypto/x509"
|
||||||
|
"encoding/json"
|
||||||
"encoding/pem"
|
"encoding/pem"
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"log"
|
|
||||||
"os"
|
"os"
|
||||||
"strings"
|
"strings"
|
||||||
"text/template"
|
"text/template"
|
||||||
|
@ -14,6 +14,7 @@ import (
|
||||||
|
|
||||||
"github.com/Luzifer/go_helpers/str"
|
"github.com/Luzifer/go_helpers/str"
|
||||||
"github.com/Luzifer/rconfig"
|
"github.com/Luzifer/rconfig"
|
||||||
|
log "github.com/Sirupsen/logrus"
|
||||||
"github.com/hashicorp/vault/api"
|
"github.com/hashicorp/vault/api"
|
||||||
homedir "github.com/mitchellh/go-homedir"
|
homedir "github.com/mitchellh/go-homedir"
|
||||||
)
|
)
|
||||||
|
@ -35,7 +36,8 @@ var (
|
||||||
AutoRevoke bool `flag:"auto-revoke" default:"false" description:"Automatically revoke older certificates for this FQDN"`
|
AutoRevoke bool `flag:"auto-revoke" default:"false" description:"Automatically revoke older certificates for this FQDN"`
|
||||||
CertTTL time.Duration `flag:"ttl" default:"8760h" description:"Set the TTL for this certificate"`
|
CertTTL time.Duration `flag:"ttl" default:"8760h" description:"Set the TTL for this certificate"`
|
||||||
|
|
||||||
VersionAndExit bool `flag:"version" default:"false" description:"Prints current version and exits"`
|
LogLevel string `flag:"log-level" default:"info" description:"Log level to use (debug, info, warning, error)"`
|
||||||
|
VersionAndExit bool `flag:"version" default:"false" description:"Prints current version and exits"`
|
||||||
}{}
|
}{}
|
||||||
|
|
||||||
version = "dev"
|
version = "dev"
|
||||||
|
@ -72,6 +74,12 @@ func init() {
|
||||||
log.Fatalf("Unable to parse commandline options: %s", err)
|
log.Fatalf("Unable to parse commandline options: %s", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if logLevel, err := log.ParseLevel(cfg.LogLevel); err == nil {
|
||||||
|
log.SetLevel(logLevel)
|
||||||
|
} else {
|
||||||
|
log.Fatalf("Unable to interprete log level: %s", err)
|
||||||
|
}
|
||||||
|
|
||||||
if cfg.VersionAndExit {
|
if cfg.VersionAndExit {
|
||||||
fmt.Printf("vault-openvpn %s\n", version)
|
fmt.Printf("vault-openvpn %s\n", version)
|
||||||
os.Exit(0)
|
os.Exit(0)
|
||||||
|
@ -178,7 +186,20 @@ func revokeOlderCertificate(fqdn string) error {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
log.Printf("Found certificate %s with CN %s", serial, cn)
|
if revokationTime, ok := cs.Data["revocation_time"]; ok {
|
||||||
|
rt, err := revokationTime.(json.Number).Int64()
|
||||||
|
if err == nil && rt < time.Now().Unix() && rt > 0 {
|
||||||
|
log.WithFields(log.Fields{
|
||||||
|
"cn": cn,
|
||||||
|
}).Debug("Found revoked certificate")
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
log.WithFields(log.Fields{
|
||||||
|
"cn": cn,
|
||||||
|
"serial": serial,
|
||||||
|
}).Info("Found valid certificate")
|
||||||
|
|
||||||
if cn == fqdn {
|
if cn == fqdn {
|
||||||
path := strings.Join([]string{strings.Trim(cfg.PKIMountPoint, "/"), "revoke"}, "/")
|
path := strings.Join([]string{strings.Trim(cfg.PKIMountPoint, "/"), "revoke"}, "/")
|
||||||
|
@ -187,7 +208,10 @@ func revokeOlderCertificate(fqdn string) error {
|
||||||
}); err != nil {
|
}); err != nil {
|
||||||
return errors.New("Revoke of serial " + serial.(string) + " failed: " + err.Error())
|
return errors.New("Revoke of serial " + serial.(string) + " failed: " + err.Error())
|
||||||
}
|
}
|
||||||
log.Printf("Revoked certificate %s", serial)
|
log.WithFields(log.Fields{
|
||||||
|
"cn": cn,
|
||||||
|
"serial": serial,
|
||||||
|
}).Info("Revoked certificate")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -229,6 +253,11 @@ func generateCertificate(fqdn string) (*templateVars, error) {
|
||||||
return nil, errors.New("Got no data from backend")
|
return nil, errors.New("Got no data from backend")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
log.WithField(log.Fields{
|
||||||
|
"cn": fqdn,
|
||||||
|
"serial": secret.Data["serial_number"].(string),
|
||||||
|
}).Info("Generated new certificate")
|
||||||
|
|
||||||
return &templateVars{
|
return &templateVars{
|
||||||
Certificate: secret.Data["certificate"].(string),
|
Certificate: secret.Data["certificate"].(string),
|
||||||
PrivateKey: secret.Data["private_key"].(string),
|
PrivateKey: secret.Data["private_key"].(string),
|
||||||
|
|
Loading…
Reference in a new issue