Remove log level suffix from all log identifiers

Log suffix is redundant, as it is written in the same line with the log. This allows the log level change from Info to Debug without impacting the log identifier.
cyberark · Sep 22, 2020 · c914688 · c914688
1 parent b2f7da7
commit c914688
Show file tree

Hide file tree

Showing 19 changed files with 123 additions and 129 deletions.
diff --git a/cmd/authenticator/main.go b/cmd/authenticator/main.go
@@ -13,19 +13,19 @@ import (
 )
 
 func main() {
-	log.Info(log.CAKC014I, authenticator.FullVersionName)
+	log.Info(log.CAKC048, authenticator.FullVersionName)
 
 	var err error
 
 	config, err := authnConfig.NewFromEnv()
 	if err != nil {
-		printErrorAndExit(log.CAKC018E)
+		printErrorAndExit(log.CAKC018)
 	}
 
 	// Create new Authenticator
 	authn, err := authenticator.New(*config)
 	if err != nil {
-		printErrorAndExit(log.CAKC019E)
+		printErrorAndExit(log.CAKC019)
 	}
 
 	// Configure exponential backoff
@@ -38,25 +38,25 @@ func main() {
 
 	err = backoff.Retry(func() error {
 		for {
-			log.Info(log.CAKC006I, authn.Config.Username)
+			log.Info(log.CAKC040, authn.Config.Username)
 
 			resp, err := authn.Authenticate()
 			if err != nil {
-				return log.RecordedError(log.CAKC016E)
+				return log.RecordedError(log.CAKC016)
 			}
 
 			err = authn.ParseAuthenticationResponse(resp)
 			if err != nil {
-				return log.RecordedError(log.CAKC020E)
+				return log.RecordedError(log.CAKC020)
 			}
 
-			log.Info(log.CAKC001I)
+			log.Info(log.CAKC035)
 
 			if authn.Config.ContainerMode == "init" {
 				os.Exit(0)
 			}
 
-			log.Info(log.CAKC013I, authn.Config.TokenRefreshTimeout)
+			log.Info(log.CAKC047, authn.Config.TokenRefreshTimeout)
 
 			fmt.Println()
 			time.Sleep(authn.Config.TokenRefreshTimeout)
@@ -67,7 +67,7 @@ func main() {
 	}, expBackoff)
 
 	if err != nil {
-		printErrorAndExit(log.CAKC031E)
+		printErrorAndExit(log.CAKC031)
 	}
 }
 

diff --git a/design/fips-compliance.md b/design/fips-compliance.md
@@ -215,7 +215,7 @@ We will not implement the tests in bash scripts like we do in the `secrets-provi
 Regardless of how we will run our tests, it is not optimal that we have only
  a vanilla flow. We should add another test where in case the authenticator-client 
  fails to authenticate with Conjur we don't provide an access token
-  and the log shows `CAKC015E Login failed`.
+  and the log shows `CAKC015 Login failed`.
 
 We do not need to test different permutations of error flows (e.g host does
 not exist, host is not permitted on the `authn-k8s/prod` authenticator) as
@@ -225,7 +225,7 @@ these test run in the `conjur` repository. As far as the authenticator-client
 | **Scenario**            | **Given**                                                    | **When**                                                 | **Then**                                                                                               |
 |-------------------------|--------------------------------------------------------------|----------------------------------------------------------|--------------------------------------------------------------------------------------------------------|
 | Authentication succeeds | A Running Conjur cluster with a configured K8s Authenticator | I run the authenticator client with a valid k8s host     | An access token is provided to the application container and it can retrieve a secret with it          |
-| Authentication fails    | A Running Conjur cluster with a configured K8s Authenticator | I run the authenticator client with a non-valid k8s host | An access token is not provided to the application container and the log shows `CAKC015E Login failed` |
+| Authentication fails    | A Running Conjur cluster with a configured K8s Authenticator | I run the authenticator client with a non-valid k8s host | An access token is not provided to the application container and the log shows `CAKC015 Login failed` |
 
 ## Docs
 

diff --git a/pkg/access_token/file/access_token.go b/pkg/access_token/file/access_token.go
@@ -22,15 +22,15 @@ func NewAccessToken(filePath string) (*AccessToken, error) {
 
 func (token AccessToken) Read() ([]byte, error) {
 	if token.Data == nil {
-		return nil, log.RecordedError(log.CAKC006E)
+		return nil, log.RecordedError(log.CAKC006)
 	}
 
 	return token.Data, nil
 }
 
 func (token *AccessToken) Write(Data []byte) (err error) {
 	if Data == nil {
-		return log.RecordedError(log.CAKC005E)
+		return log.RecordedError(log.CAKC005)
 	}
 
 	token.Data = Data
@@ -41,14 +41,14 @@ func (token *AccessToken) Write(Data []byte) (err error) {
 		err = os.MkdirAll(tokenDir, 755)
 		if err != nil {
 			// Do not specify the directory in the error message for security reasons
-			return log.RecordedError(log.CAKC004E)
+			return log.RecordedError(log.CAKC004)
 		}
 	}
 
 	err = ioutil.WriteFile(token.FilePath, token.Data, 0644)
 	if err != nil {
 		// Do not specify the file path in the error message for security reasons
-		return log.RecordedError(log.CAKC003E)
+		return log.RecordedError(log.CAKC003)
 	}
 
 	return nil
@@ -58,7 +58,7 @@ func (token *AccessToken) Delete() (err error) {
 	err = os.Remove(token.FilePath)
 	if err != nil {
 		// Do not specify the file path in the error message for security reasons
-		return log.RecordedError(log.CAKC002E)
+		return log.RecordedError(log.CAKC002)
 	}
 
 	// Clear Data

diff --git a/pkg/access_token/file/access_token_test.go b/pkg/access_token/file/access_token_test.go
@@ -49,7 +49,7 @@ func TestAccessTokenFile(t *testing.T) {
 				_, err := accessToken.Read()
 
 				Convey("Raises an error that the data is empty", func() {
-					So(err.Error(), ShouldEqual, log.CAKC006E)
+					So(err.Error(), ShouldEqual, log.CAKC006)
 				})
 			})
 		})
@@ -108,7 +108,7 @@ func TestAccessTokenFile(t *testing.T) {
 				err := accessToken.Write(nil)
 
 				Convey("Raises an error that the access token data is empty", func() {
-					So(err.Error(), ShouldEqual, log.CAKC005E)
+					So(err.Error(), ShouldEqual, log.CAKC005)
 				})
 			})
 		})
@@ -177,7 +177,7 @@ func TestAccessTokenFile(t *testing.T) {
 					err = accessToken.Delete()
 
 					Convey("Finishes with proper error", func() {
-						So(err.Error(), ShouldContainSubstring, log.CAKC002E)
+						So(err.Error(), ShouldContainSubstring, log.CAKC002)
 					})
 				})
 			})
@@ -209,7 +209,7 @@ func TestAccessTokenFile(t *testing.T) {
 						})
 
 						Convey("Raises the proper error", func() {
-							So(err.Error(), ShouldEqual, log.CAKC006E)
+							So(err.Error(), ShouldEqual, log.CAKC006)
 						})
 					})
 				})

diff --git a/pkg/access_token/memory/access_token.go b/pkg/access_token/memory/access_token.go
@@ -16,15 +16,15 @@ func NewAccessToken() (token *AccessToken, err error) {
 
 func (token AccessToken) Read() ([]byte, error) {
 	if token.Data == nil {
-		return nil, log.RecordedError(log.CAKC006E)
+		return nil, log.RecordedError(log.CAKC006)
 	}
 
 	return token.Data, nil
 }
 
 func (token *AccessToken) Write(Data []byte) (err error) {
 	if Data == nil {
-		return log.RecordedError(log.CAKC005E)
+		return log.RecordedError(log.CAKC005)
 	}
 
 	token.Data = Data

diff --git a/pkg/access_token/memory/access_token_test.go b/pkg/access_token/memory/access_token_test.go
@@ -48,7 +48,7 @@ func TestAccessTokenMemory(t *testing.T) {
 				_, err := accessToken.Read()
 
 				Convey("Raises an error that the data is empty", func() {
-					So(err.Error(), ShouldEqual, log.CAKC006E)
+					So(err.Error(), ShouldEqual, log.CAKC006)
 				})
 			})
 		})
@@ -79,7 +79,7 @@ func TestAccessTokenMemory(t *testing.T) {
 			err := accessToken.Write(nil)
 
 			Convey("Raises an error that the data is empty", func() {
-				So(err.Error(), ShouldEqual, log.CAKC005E)
+				So(err.Error(), ShouldEqual, log.CAKC005)
 			})
 		})
 	})
@@ -153,7 +153,7 @@ func TestAccessTokenMemory(t *testing.T) {
 						})
 
 						Convey("Raises the proper error", func() {
-							So(err.Error(), ShouldEqual, log.CAKC006E)
+							So(err.Error(), ShouldEqual, log.CAKC006)
 						})
 					})
 				})

diff --git a/pkg/authenticator/authenticator.go b/pkg/authenticator/authenticator.go
@@ -49,7 +49,7 @@ const (
 func New(config authnConfig.Config) (*Authenticator, error) {
 	accessToken, err := file.NewAccessToken(config.TokenFilePath)
 	if err != nil {
-		return nil, log.RecordedError(log.CAKC001E)
+		return nil, log.RecordedError(log.CAKC001)
 	}
 
 	return NewWithAccessToken(config, accessToken)
@@ -59,7 +59,7 @@ func New(config authnConfig.Config) (*Authenticator, error) {
 func NewWithAccessToken(config authnConfig.Config, accessToken access_token.AccessToken) (*Authenticator, error) {
 	signingKey, err := rsa.GenerateKey(rand.Reader, 1024)
 	if err != nil {
-		return nil, log.RecordedError(log.CAKC030E, err)
+		return nil, log.RecordedError(log.CAKC030, err)
 	}
 
 	client, err := newHTTPSClient(config.SSLCertificate, nil, nil)
@@ -113,7 +113,7 @@ func (auth *Authenticator) GenerateCSR(commonName string) ([]byte, error) {
 // successfully retrieved
 func (auth *Authenticator) Login() error {
 
-	log.Debug(log.CAKC007I, auth.Config.Username)
+	log.Debug(log.CAKC041, auth.Config.Username)
 
 	csrRawBytes, err := auth.GenerateCSR(auth.Config.Username.Suffix)
 
@@ -128,12 +128,12 @@ func (auth *Authenticator) Login() error {
 
 	resp, err := auth.client.Do(req)
 	if err != nil {
-		return log.RecordedError(log.CAKC028E, err)
+		return log.RecordedError(log.CAKC028, err)
 	}
 
 	err = EmptyResponse(resp)
 	if err != nil {
-		return log.RecordedError(log.CAKC029E, err)
+		return log.RecordedError(log.CAKC029, err)
 	}
 
 	// Ensure client certificate exists before attempting to read it, with a tolerance
@@ -151,24 +151,24 @@ func (auth *Authenticator) Login() error {
 	certPEMBlock, err := ioutil.ReadFile(auth.Config.ClientCertPath)
 	if err != nil {
 		if os.IsNotExist(err) {
-			return log.RecordedError(log.CAKC011E, auth.Config.ClientCertPath)
+			return log.RecordedError(log.CAKC011, auth.Config.ClientCertPath)
 		}
 
-		return log.RecordedError(log.CAKC012E, err)
+		return log.RecordedError(log.CAKC012, err)
 	}
-	log.Debug(log.CAKC015I, auth.Config.ClientCertPath)
+	log.Debug(log.CAKC049, auth.Config.ClientCertPath)
 
 	certDERBlock, certPEMBlock := pem.Decode(certPEMBlock)
 	cert, err := x509.ParseCertificate(certDERBlock.Bytes)
 	if err != nil {
-		return log.RecordedError(log.CAKC013E, auth.Config.ClientCertPath, err)
+		return log.RecordedError(log.CAKC013, auth.Config.ClientCertPath, err)
 	}
 
 	auth.PublicCert = cert
 
 	// clean up the client cert so it's only available in memory
 	os.Remove(auth.Config.ClientCertPath)
-	log.Debug(log.CAKC016I)
+	log.Debug(log.CAKC050)
 
 	return nil
 }
@@ -183,9 +183,9 @@ func (auth *Authenticator) IsCertExpired() bool {
 	certExpiresOn := auth.PublicCert.NotAfter.UTC()
 	currentDate := time.Now().UTC()
 
-	log.Debug(log.CAKC008I, certExpiresOn)
-	log.Debug(log.CAKC009I, currentDate)
-	log.Debug(log.CAKC010I, bufferTime)
+	log.Debug(log.CAKC042, certExpiresOn)
+	log.Debug(log.CAKC043, currentDate)
+	log.Debug(log.CAKC044, bufferTime)
 
 	return currentDate.Add(bufferTime).After(certExpiresOn)
 }
@@ -194,23 +194,23 @@ func (auth *Authenticator) IsCertExpired() bool {
 // the response data. Also manages state of certificates.
 func (auth *Authenticator) Authenticate() ([]byte, error) {
 	if !auth.IsLoggedIn() {
-		log.Debug(log.CAKC005I)
+		log.Debug(log.CAKC039)
 
 		if err := auth.Login(); err != nil {
-			return nil, log.RecordedError(log.CAKC015E)
+			return nil, log.RecordedError(log.CAKC015)
 		}
 
-		log.Debug(log.CAKC002I)
+		log.Debug(log.CAKC036)
 	}
 
 	if auth.IsCertExpired() {
-		log.Debug(log.CAKC004I)
+		log.Debug(log.CAKC038)
 
 		if err := auth.Login(); err != nil {
 			return nil, err
 		}
 
-		log.Debug(log.CAKC003I)
+		log.Debug(log.CAKC037)
 	}
 
 	privDer := x509.MarshalPKCS1PrivateKey(auth.privateKey)
@@ -235,7 +235,7 @@ func (auth *Authenticator) Authenticate() ([]byte, error) {
 
 	resp, err := client.Do(req)
 	if err != nil {
-		return nil, log.RecordedError(log.CAKC027E, err)
+		return nil, log.RecordedError(log.CAKC027, err)
 	}
 
 	return DataResponse(resp)
@@ -269,7 +269,7 @@ func (auth *Authenticator) ParseAuthenticationResponse(response []byte) error {
 // generateSANURI returns the formatted uri(SPIFFEE format for now) for the certificate.
 func generateSANURI(namespace, podname string) (string, error) {
 	if namespace == "" || podname == "" {
-		return "", log.RecordedError(log.CAKC008E, namespace, podname)
+		return "", log.RecordedError(log.CAKC008, namespace, podname)
 	}
 	return fmt.Sprintf("spiffe://cluster.local/namespace/%s/podname/%s", namespace, podname), nil
 }
@@ -302,12 +302,12 @@ func decodeFromPEM(PEMBlock []byte, publicCert *x509.Certificate, privateKey cry
 	tokenDerBlock, _ := pem.Decode(PEMBlock)
 	p7, err := pkcs7.Parse(tokenDerBlock.Bytes)
 	if err != nil {
-		return nil, log.RecordedError(log.CAKC026E, err)
+		return nil, log.RecordedError(log.CAKC026, err)
 	}
 
 	decodedPEM, err = p7.Decrypt(publicCert, privateKey)
 	if err != nil {
-		return nil, log.RecordedError(log.CAKC025E, err)
+		return nil, log.RecordedError(log.CAKC025, err)
 	}
 
 	return decodedPEM, nil

diff --git a/pkg/authenticator/client.go b/pkg/authenticator/client.go
@@ -13,7 +13,7 @@ func newHTTPSClient(CACert []byte, certPEMBlock, keyPEMBlock []byte) (*http.Clie
 	caCertPool := x509.NewCertPool()
 	ok := caCertPool.AppendCertsFromPEM(CACert)
 	if !ok {
-		return nil, log.RecordedError(log.CAKC014E)
+		return nil, log.RecordedError(log.CAKC014)
 	}
 
 	// Setup HTTPS client
@@ -24,7 +24,7 @@ func newHTTPSClient(CACert []byte, certPEMBlock, keyPEMBlock []byte) (*http.Clie
 	if certPEMBlock != nil && keyPEMBlock != nil {
 		cert, err := tls.X509KeyPair(certPEMBlock, keyPEMBlock)
 		if err != nil {
-			return nil, log.RecordedError(log.CAKC017E, err)
+			return nil, log.RecordedError(log.CAKC017, err)
 		}
 
 		tlsConfig.GetClientCertificate = func(info *tls.CertificateRequestInfo) (*tls.Certificate, error) {