Disable initialization log output if started with --quiet
This commit is contained in:
Herman Slatman
parent
cebb7d7ef0
commit
c9ee4a9f9d
3 changed files with 36 additions and 9 deletions
|
|
@ -73,7 +73,7 @@ type Authority struct {
|
||||||
sshCAUserFederatedCerts []ssh.PublicKey
|
sshCAUserFederatedCerts []ssh.PublicKey
|
||||||
sshCAHostFederatedCerts []ssh.PublicKey
|
sshCAHostFederatedCerts []ssh.PublicKey
|
||||||
|
|
||||||
// Do not re-initialize
|
// If true, do not re-initialize
|
||||||
initOnce bool
|
initOnce bool
|
||||||
startTime time.Time
|
startTime time.Time
|
||||||
|
|
||||||
|
|
@ -91,8 +91,11 @@ type Authority struct {
|
||||||
|
|
||||||
adminMutex sync.RWMutex
|
adminMutex sync.RWMutex
|
||||||
|
|
||||||
// Do Not initialize the authority
|
// If true, do not initialize the authority
|
||||||
skipInit bool
|
skipInit bool
|
||||||
|
|
||||||
|
// If true, does not output initialization logs
|
||||||
|
quietInit bool
|
||||||
}
|
}
|
||||||
|
|
||||||
// Info contains information about the authority.
|
// Info contains information about the authority.
|
||||||
|
|
@ -600,10 +603,9 @@ func (a *Authority) init() error {
|
||||||
return admin.WrapErrorISE(err, "error loading provisioners to initialize authority")
|
return admin.WrapErrorISE(err, "error loading provisioners to initialize authority")
|
||||||
}
|
}
|
||||||
if len(provs) == 0 && !strings.EqualFold(a.config.AuthorityConfig.DeploymentType, "linked") {
|
if len(provs) == 0 && !strings.EqualFold(a.config.AuthorityConfig.DeploymentType, "linked") {
|
||||||
|
|
||||||
var firstJWKProvisioner *linkedca.Provisioner
|
var firstJWKProvisioner *linkedca.Provisioner
|
||||||
if len(a.config.AuthorityConfig.Provisioners) > 0 {
|
if len(a.config.AuthorityConfig.Provisioners) > 0 {
|
||||||
log.Printf("Starting migration of provisioners")
|
a.initLogf("Starting migration of provisioners")
|
||||||
// Existing provisioners detected; try migrating them to DB storage
|
// Existing provisioners detected; try migrating them to DB storage
|
||||||
for _, p := range a.config.AuthorityConfig.Provisioners {
|
for _, p := range a.config.AuthorityConfig.Provisioners {
|
||||||
lp, err := ProvisionerToLinkedca(p)
|
lp, err := ProvisionerToLinkedca(p)
|
||||||
|
|
@ -619,9 +621,9 @@ func (a *Authority) init() error {
|
||||||
// Mark the first JWK provisioner, so that it can be used for administration purposes
|
// Mark the first JWK provisioner, so that it can be used for administration purposes
|
||||||
if firstJWKProvisioner == nil && lp.Type == linkedca.Provisioner_JWK {
|
if firstJWKProvisioner == nil && lp.Type == linkedca.Provisioner_JWK {
|
||||||
firstJWKProvisioner = lp
|
firstJWKProvisioner = lp
|
||||||
log.Printf("Migrated JWK provisioner %q with admin permissions", p.GetName()) // TODO(hs): change the wording?
|
a.initLogf("Migrated JWK provisioner %q with admin permissions", p.GetName()) // TODO(hs): change the wording?
|
||||||
} else {
|
} else {
|
||||||
log.Printf("Migrated %s provisioner %q", p.GetType(), p.GetName())
|
a.initLogf("Migrated %s provisioner %q", p.GetType(), p.GetName())
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -630,7 +632,12 @@ func (a *Authority) init() error {
|
||||||
// every error. The next time the CA runs, it won't have perform the migration,
|
// every error. The next time the CA runs, it won't have perform the migration,
|
||||||
// because there'll be at least a JWK provisioner.
|
// because there'll be at least a JWK provisioner.
|
||||||
|
|
||||||
log.Printf("Finished migrating provisioners")
|
// 1. check if prerequisites for writing files look OK (user/group, permission bits, etc)
|
||||||
|
// 2. update the configuration to write (internal representation; do a deep copy first?)
|
||||||
|
// 3. try writing the new ca.json
|
||||||
|
// 4. on failure, perform rollback of the write (restore original in internal representation)
|
||||||
|
|
||||||
|
a.initLogf("Finished migrating provisioners")
|
||||||
}
|
}
|
||||||
|
|
||||||
// Create first JWK provisioner for remote administration purposes if none exists yet
|
// Create first JWK provisioner for remote administration purposes if none exists yet
|
||||||
|
|
@ -639,7 +646,7 @@ func (a *Authority) init() error {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return admin.WrapErrorISE(err, "error creating first provisioner")
|
return admin.WrapErrorISE(err, "error creating first provisioner")
|
||||||
}
|
}
|
||||||
log.Printf("Created JWK provisioner %q with admin permissions", firstJWKProvisioner.GetName()) // TODO(hs): change the wording?
|
a.initLogf("Created JWK provisioner %q with admin permissions", firstJWKProvisioner.GetName()) // TODO(hs): change the wording?
|
||||||
}
|
}
|
||||||
|
|
||||||
// Create first super admin, belonging to the first JWK provisioner
|
// Create first super admin, belonging to the first JWK provisioner
|
||||||
|
|
@ -652,7 +659,7 @@ func (a *Authority) init() error {
|
||||||
return admin.WrapErrorISE(err, "error creating first admin")
|
return admin.WrapErrorISE(err, "error creating first admin")
|
||||||
}
|
}
|
||||||
|
|
||||||
log.Printf("Created super admin %q for JWK provisioner %q", firstSuperAdminSubject, firstJWKProvisioner.GetName())
|
a.initLogf("Created super admin %q for JWK provisioner %q", firstSuperAdminSubject, firstJWKProvisioner.GetName())
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -702,6 +709,14 @@ func (a *Authority) init() error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// initLogf is used to log initialization information. The output
|
||||||
|
// can be disabled by starting the CA with the `--quiet` flag.
|
||||||
|
func (a *Authority) initLogf(format string, v ...any) {
|
||||||
|
if !a.quietInit {
|
||||||
|
log.Printf(format, v...)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// GetID returns the define authority id or a zero uuid.
|
// GetID returns the define authority id or a zero uuid.
|
||||||
func (a *Authority) GetID() string {
|
func (a *Authority) GetID() string {
|
||||||
const zeroUUID = "00000000-0000-0000-0000-000000000000"
|
const zeroUUID = "00000000-0000-0000-0000-000000000000"
|
||||||
|
|
|
||||||
|
|
@ -86,6 +86,14 @@ func WithDatabase(d db.AuthDB) Option {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// WithQuietInit disables log output when the authority is initialized.
|
||||||
|
func WithQuietInit() Option {
|
||||||
|
return func(a *Authority) error {
|
||||||
|
a.quietInit = true
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// WithWebhookClient sets the http.Client to be used for outbound requests.
|
// WithWebhookClient sets the http.Client to be used for outbound requests.
|
||||||
func WithWebhookClient(c *http.Client) Option {
|
func WithWebhookClient(c *http.Client) Option {
|
||||||
return func(a *Authority) error {
|
return func(a *Authority) error {
|
||||||
|
|
|
||||||
4
ca/ca.go
4
ca/ca.go
|
|
@ -156,6 +156,10 @@ func (ca *CA) Init(cfg *config.Config) (*CA, error) {
|
||||||
opts = append(opts, authority.WithDatabase(ca.opts.database))
|
opts = append(opts, authority.WithDatabase(ca.opts.database))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ca.opts.quiet {
|
||||||
|
opts = append(opts, authority.WithQuietInit())
|
||||||
|
}
|
||||||
|
|
||||||
webhookTransport := http.DefaultTransport.(*http.Transport).Clone()
|
webhookTransport := http.DefaultTransport.(*http.Transport).Clone()
|
||||||
opts = append(opts, authority.WithWebhookClient(&http.Client{Transport: webhookTransport}))
|
opts = append(opts, authority.WithWebhookClient(&http.Client{Transport: webhookTransport}))
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue