Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Log AWS SDK warnings and API requests at cert-manager debug level #7292

Merged
merged 1 commit into from
Sep 20, 2024
Merged

Log AWS SDK warnings and API requests at cert-manager debug level #7292

merged 1 commit into from
Sep 20, 2024

Conversation

wallrj
Copy link
Member

@wallrj wallrj commented Sep 20, 2024
edited
Loading

Allows you to see which API endpoints are being used and which region is being used in the request signature.
To help debug AWS Route53 problems in the field.

Here's how it looks at -v 4 with JSON logging enabled and using jl to parse the logs:

[2024-09-20 14:31:37] preparing to create Route53 provider [caller=dns/dns.go:296 dnsName=75b2296e-65a9-4c25-954b-d0b283c6bfd2.com domain=75b2296e-65a9-4c25-954b-d0b283c6bfd2.com logger=cert-manager.controller.Present.solverForChallenge resource_kind=Challenge resource_name=www-1-2762490819-1292702510 resource_namespace=default resource_version=v1 type=DNS-01]
[2024-09-20 14:31:37] using ambient credentials [caller=route53/route53.go:99 logger=cert-manager.route53-session-provider]
[2024-09-20 14:31:37] presenting DNS01 challenge for domain [caller=dns/dns.go:104 dnsName=75b2296e-65a9-4c25-954b-d0b283c6bfd2.com domain=75b2296e-65a9-4c25-954b-d0b283c6bfd2.com logger=cert-manager.controller.Present resource_kind=Challenge resource_name=www-1-2762490819-1292702510 resource_namespace=default resource_version=v1 type=DNS-01]
[2024-09-20 14:31:37] Request
POST / HTTP/1.1
Host: sts.us-west-2.amazonaws.com
User-Agent: aws-sdk-go-v2/1.30.4 os/linux lang/go#1.22.3 md/GOOS#linux md/GOARCH#amd64 api/sts#1.30.4
Content-Length: 1341
Amz-Sdk-Invocation-Id: fb64a1a5-aec3-47aa-9415-383cd8f1fc32
Amz-Sdk-Request: attempt=1; max=3
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip

 [aws-classification=DEBUG caller=route53/route53.go:90 dnsName=75b2296e-65a9-4c25-954b-d0b283c6bfd2.com domain=75b2296e-65a9-4c25-954b-d0b283c6bfd2.com logger=cert-manager.controller.Present resource_kind=Challenge resource_name=www-1-2762490819-1292702510 resource_namespace=default resource_version=v1 type=DNS-01]

ℹ️ Notice that the user-agent header in requests to STS does not contain the cert-manager info.

User-Agent: aws-sdk-go-v2/1.30.4 os/linux lang/go#1.22.3 md/GOOS#linux md/GOARCH#amd64 api/sts#1.30.4

That's because we currently add the user-agent after loading the config, and before instantiating Route53 client.
I'll fix that in a followup PR.

/kind feature

Feature: Log AWS SDK warnings and API requests at cert-manager debug level to help debug AWS Route53 problems in the field.

@wallrj
Log AWS SDK warnings and API requests at cert-manager debug level
ce6153c 
Allows you to see which API endpoints are being used and which region is being
used in the request signature.
To help debug AWS Route53 problems in the field.

Signed-off-by: Richard Wall <richard.wall@venafi.com>
@cert-manager-prow cert-manager-prow bot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. kind/feature Categorizes issue or PR as related to a new feature. release-note Denotes a PR that will be considered when it comes time to generate release notes. dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. area/acme Indicates a PR directly modifies the ACME Issuer code area/acme/dns01 Indicates a PR modifies ACME DNS01 provider code size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Sep 20, 2024
wallrj
wallrj commented Sep 20, 2024
View reviewed changes
pkg/issuer/acme/dns/route53/route53.go
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Read about AWS SDK ClientLogMode here:

@wallrj wallrj changed the title WIP: Log AWS SDK warnings and API requests at cert-manager debug level Log AWS SDK warnings and API requests at cert-manager debug level Sep 20, 2024
@cert-manager-prow cert-manager-prow bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Sep 20, 2024
@wallrj wallrj requested a review from inteon September 20, 2024 14:45
inteon
inteon reviewed Sep 20, 2024
View reviewed changes
Copy link
Member

@inteon inteon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve
/lgtm

@cert-manager-prow cert-manager-prow bot added the lgtm Indicates that a PR is ready to be merged. label Sep 20, 2024
@cert-manager-prow
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: inteon

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@cert-manager-prow cert-manager-prow bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Sep 20, 2024
@cert-manager-prow cert-manager-prow bot merged commit 63b158c into cert-manager:master Sep 20, 2024
6 checks passed
@wallrj wallrj deleted the route53-debug-request-logging branch September 20, 2024 14:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@inteon inteon inteon left review comments

Assignees
No one assigned
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/acme/dns01 Indicates a PR modifies ACME DNS01 provider code area/acme Indicates a PR directly modifies the ACME Issuer code dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. kind/feature Categorizes issue or PR as related to a new feature. lgtm Indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@wallrj @inteon