1
0
Fork 0
mirror of https://github.com/Luzifer/vault-openvpn.git synced 2024-12-26 14:51:19 +00:00

Improve logging output

Signed-off-by: Knut Ahlers <knut@ahlers.me>
This commit is contained in:
Knut Ahlers 2017-05-03 21:34:07 +02:00
parent c0d159bc2a
commit bae2952fb1
Signed by: luzifer
GPG key ID: DC2729FDD34BE99E

37
main.go
View file

@ -2,11 +2,11 @@ package main
import ( import (
"crypto/x509" "crypto/x509"
"encoding/json"
"encoding/pem" "encoding/pem"
"errors" "errors"
"fmt" "fmt"
"io/ioutil" "io/ioutil"
"log"
"os" "os"
"strings" "strings"
"text/template" "text/template"
@ -14,6 +14,7 @@ import (
"github.com/Luzifer/go_helpers/str" "github.com/Luzifer/go_helpers/str"
"github.com/Luzifer/rconfig" "github.com/Luzifer/rconfig"
log "github.com/Sirupsen/logrus"
"github.com/hashicorp/vault/api" "github.com/hashicorp/vault/api"
homedir "github.com/mitchellh/go-homedir" homedir "github.com/mitchellh/go-homedir"
) )
@ -35,7 +36,8 @@ var (
AutoRevoke bool `flag:"auto-revoke" default:"false" description:"Automatically revoke older certificates for this FQDN"` AutoRevoke bool `flag:"auto-revoke" default:"false" description:"Automatically revoke older certificates for this FQDN"`
CertTTL time.Duration `flag:"ttl" default:"8760h" description:"Set the TTL for this certificate"` CertTTL time.Duration `flag:"ttl" default:"8760h" description:"Set the TTL for this certificate"`
VersionAndExit bool `flag:"version" default:"false" description:"Prints current version and exits"` LogLevel string `flag:"log-level" default:"info" description:"Log level to use (debug, info, warning, error)"`
VersionAndExit bool `flag:"version" default:"false" description:"Prints current version and exits"`
}{} }{}
version = "dev" version = "dev"
@ -72,6 +74,12 @@ func init() {
log.Fatalf("Unable to parse commandline options: %s", err) log.Fatalf("Unable to parse commandline options: %s", err)
} }
if logLevel, err := log.ParseLevel(cfg.LogLevel); err == nil {
log.SetLevel(logLevel)
} else {
log.Fatalf("Unable to interprete log level: %s", err)
}
if cfg.VersionAndExit { if cfg.VersionAndExit {
fmt.Printf("vault-openvpn %s\n", version) fmt.Printf("vault-openvpn %s\n", version)
os.Exit(0) os.Exit(0)
@ -178,7 +186,20 @@ func revokeOlderCertificate(fqdn string) error {
return err return err
} }
log.Printf("Found certificate %s with CN %s", serial, cn) if revokationTime, ok := cs.Data["revocation_time"]; ok {
rt, err := revokationTime.(json.Number).Int64()
if err == nil && rt < time.Now().Unix() && rt > 0 {
log.WithFields(log.Fields{
"cn": cn,
}).Debug("Found revoked certificate")
continue
}
}
log.WithFields(log.Fields{
"cn": cn,
"serial": serial,
}).Info("Found valid certificate")
if cn == fqdn { if cn == fqdn {
path := strings.Join([]string{strings.Trim(cfg.PKIMountPoint, "/"), "revoke"}, "/") path := strings.Join([]string{strings.Trim(cfg.PKIMountPoint, "/"), "revoke"}, "/")
@ -187,7 +208,10 @@ func revokeOlderCertificate(fqdn string) error {
}); err != nil { }); err != nil {
return errors.New("Revoke of serial " + serial.(string) + " failed: " + err.Error()) return errors.New("Revoke of serial " + serial.(string) + " failed: " + err.Error())
} }
log.Printf("Revoked certificate %s", serial) log.WithFields(log.Fields{
"cn": cn,
"serial": serial,
}).Info("Revoked certificate")
} }
} }
@ -229,6 +253,11 @@ func generateCertificate(fqdn string) (*templateVars, error) {
return nil, errors.New("Got no data from backend") return nil, errors.New("Got no data from backend")
} }
log.WithField(log.Fields{
"cn": fqdn,
"serial": secret.Data["serial_number"].(string),
}).Info("Generated new certificate")
return &templateVars{ return &templateVars{
Certificate: secret.Data["certificate"].(string), Certificate: secret.Data["certificate"].(string),
PrivateKey: secret.Data["private_key"].(string), PrivateKey: secret.Data["private_key"].(string),