Merge branch 'main' into Ninja243/apk-push-issue

.github/workflows/release.yml

@@ -143,7 +143,7 @@ jobs:
       - name: Create repo structure
         run: |
           cp ~/.abuild/abuild.rsa.pub otc-auth.rsa.pub
-          echo -e "  # <img src='https://iits-consulting.de/wp-content/uploads/2021/08/iits-logo-2021-red-square-xl.png' width="150"/> otc-auth apk-repo \n This repo contains .apk files built from the [latest version of otc-auth](https://github.com/iits-consulting/otc-auth/releases).\n\n ## Usage \n \`\`\`bash \n apk add curl \n curl -SsL -o /etc/apk/keys/otc-auth.rsa.pub https://iits-consulting.github.io/apk-repo otc-auth.rsa.pub \n apk add otc-auth --repository='https://iits-consulting.github.io/apk-repo' \n \`\`\`" > README.md;
+          echo -e "  # <img src='https://github.com/iits-consulting/otc-auth/blob/main/static/images/iits-2024.svg' width="150"/> otc-auth apk-repo \n This repo contains .apk files built from the [latest version of otc-auth](https://github.com/iits-consulting/otc-auth/releases).\n\n ## Usage \n \`\`\`bash \n apk add curl \n curl -SsL -o /etc/apk/keys/otc-auth.rsa.pub https://iits-consulting.github.io/apk-repo otc-auth.rsa.pub \n apk add otc-auth --repository='https://iits-consulting.github.io/apk-repo' \n \`\`\`" > README.md;
 
       - name: Cleanup
         run: |
@@ -193,7 +193,7 @@ jobs:
           gpg --armor --export "[email protected]" > KEY.gpg;
           cd ../../
           echo -e "[rpm-repo]\nname=otc-auth RPM repo\nbaseurl=http://iits-consulting.github.io/rpm-repo/packages\nenabled=1\ngpgcheck=1\ngpgkey=http://iits-consulting.github.io/rpm-repo/KEY.gpg" > rpm-repo.repo
-          echo -e " # <img src='https://iits-consulting.de/wp-content/uploads/2021/08/iits-logo-2021-red-square-xl.png' width="150"/> otc-auth RPM Repo \n This repo contains .rpm files built from the [latest version of otc-auth](https://github.com/iits-consulting/otc-auth/releases).\n\n ## Usage \n \`\`\`bash \n yum-config-manager --add-repo https://iits-consulting.github.io/rpm-repo.repo \n yum install -y hello-world \n \`\`\`" > README.md;
+          echo -e " # <img src='https://github.com/iits-consulting/otc-auth/blob/main/static/images/iits-2024.svg' width="150"/> otc-auth RPM Repo \n This repo contains .rpm files built from the [latest version of otc-auth](https://github.com/iits-consulting/otc-auth/releases).\n\n ## Usage \n \`\`\`bash \n yum-config-manager --add-repo https://iits-consulting.github.io/rpm-repo.repo \n yum install -y hello-world \n \`\`\`" > README.md;
         env:
           GPG_PPA_PRIV_KEY: ${{ secrets.GPG_PPA_PRIV_KEY }}
           GPG_PPA_PRIV_KEY_PASSPHRASE: ${{ secrets.GPG_PPA_PRIV_KEY_PASSPHRASE }}
@@ -225,7 +225,7 @@ jobs:
           gzip -k -f Packages;
           apt-ftparchive release . > Release;
           echo "deb [signed-by=/etc/apt/trusted.gpg.d/otc-auth_ppa.gpg] https://iits-consulting.github.io/ppa/debian ./" > otc-auth.list
-          echo -e " # <img src='https://iits-consulting.de/wp-content/uploads/2021/08/iits-logo-2021-red-square-xl.png' width="150"/> otc-auth PPA \n This repo (based on the one [here](https://github.com/assafmo/ppa)) contains .deb files built from the [latest version of otc-auth](https://github.com/iits-consulting/otc-auth/releases).\n\n ## Usage \n \`\`\`bash \n sudo curl -SsL -o /etc/apt/trusted.gpg.d/otc-auth_ppa.gpg https://iits-consulting.github.io/ppa/debian/KEY.gpg \n sudo curl -SsL -o /etc/apt/sources.list.d/otc-auth.list https://iits-consulting.github.io/ppa/debian/otc-auth.list \n cat /etc/apt/trusted.gpg.d/otc-auth_ppa.gpg | gpg --dearmor | tee /etc/apt/trusted.gpg.d/otc-auth_ppa.gpg >/dev/null \n sudo apt update \n sudo apt install otc-auth \n \`\`\`" > README.md;
+          echo -e " # <img src='https://github.com/iits-consulting/otc-auth/blob/main/static/images/iits-2024.svg' width="150"/> otc-auth PPA \n This repo (based on the one [here](https://github.com/assafmo/ppa)) contains .deb files built from the [latest version of otc-auth](https://github.com/iits-consulting/otc-auth/releases).\n\n ## Usage \n \`\`\`bash \n sudo curl -SsL -o /etc/apt/trusted.gpg.d/otc-auth_ppa.gpg https://iits-consulting.github.io/ppa/debian/KEY.gpg \n sudo curl -SsL -o /etc/apt/sources.list.d/otc-auth.list https://iits-consulting.github.io/ppa/debian/otc-auth.list \n cat /etc/apt/trusted.gpg.d/otc-auth_ppa.gpg | gpg --dearmor | tee /etc/apt/trusted.gpg.d/otc-auth_ppa.gpg >/dev/null \n sudo apt update \n sudo apt install otc-auth \n \`\`\`" > README.md;
 
       - name: Generate keys
         run: |

README.md

@@ -39,6 +39,7 @@ This tool can also be used to manage (create) a pair of Access Key/ Secret Key i
     * [Openstack Integration](#openstack-integration)
     * [Environment Variables](#environment-variables)
     * [Auto-Completions](#auto-completions)
+    * [Debugging](#debugging)
 
 ## Demo
 
@@ -256,3 +257,21 @@ they are aligned with the Open Stack environment variables (starting with OS).
 
 You install the auto completions for your shell by running. Please follow the instructions by
 running `otc-auth completion --help` in your terminal.
+
+## Debugging
+
+Is something not working the way you've expected? otc-auth uses [glog](https://pkg.go.dev/github.com/golang/glog) for logging with all info output at log-level 1.
+In the following example, we'd like to have the logs from the OIDC login command be saved to our current directory:
+
+```bash
+otc-auth login idp-oidc -v 1 --log_dir .
+```
+
+We could also just print the logs to stderr instead of writing them to a file:
+
+```bash
+otc-auth login idp-oidc -v 1 --logtostderr=true
+```
+
+The more advanced logging features (like logging to both a file and stderr, emitting a stack trace at a specific line, buffering log messages and more) 
+are described in the [glog documentation](https://pkg.go.dev/github.com/golang/glog#pkg-overview).

accesstoken/accesstoken.go

@@ -10,32 +10,33 @@ import (
 	"otc-auth/common/endpoints"
 	"otc-auth/config"
 
+	"github.com/golang/glog"
 	golangsdk "github.com/opentelekomcloud/gophertelekomcloud"
 	"github.com/opentelekomcloud/gophertelekomcloud/openstack"
 	"github.com/opentelekomcloud/gophertelekomcloud/openstack/identity/v3/credentials"
 	"github.com/opentelekomcloud/gophertelekomcloud/openstack/identity/v3/tokens"
 )
 
-func CreateAccessToken(tokenDescription string) {
-	log.Println("info: creating access token file with GTC...")
+func CreateAccessToken(tokenDescription string, printAkSk bool) {
+	glog.V(1).Infof("info: creating access token file with GTC...")
 	resp, err := getAccessTokenFromServiceProvider(tokenDescription)
 	if err != nil {
 		// A 404 error is thrown when trying to create a permanent AK/SK when logged in with OIDC or SAML
 		var notFound golangsdk.ErrDefault404
 		if errors.As(err, &notFound) &&
 			strings.Contains(notFound.URL, "OS-CREDENTIAL/credentials") &&
 			strings.Contains(string(notFound.Body), "Could not find user:") {
-			log.Fatalf(
+			glog.Fatalf(
 				"fatal: cannot create permanent access token when logged in via OIDC or SAML")
 		}
-		log.Fatal(err)
+		glog.Fatal(err)
 	}
-	makeAccessFile(resp, nil)
+	makeAccessFile(resp, nil, printAkSk)
 }
 
-func makeAccessFile(resp *credentials.Credential, tempResp *credentials.TemporaryCredential) {
+func makeAccessFile(resp *credentials.Credential, tempResp *credentials.TemporaryCredential, printAkSk bool) {
 	if resp == nil && tempResp == nil {
-		log.Fatalf("fatal: no temporary or permanent access keys to write")
+		glog.Fatalf("fatal: no temporary or permanent access keys to write")
 	}
 	var accessKeyFileContent string
 	if resp != nil {
@@ -62,19 +63,26 @@ func makeAccessFile(resp *credentials.Credential, tempResp *credentials.Temporar
 			tempResp.SecurityToken)
 	}
 
-	common.WriteStringToFile("./ak-sk-env.sh", accessKeyFileContent)
-	log.Println("info: access token file created successfully")
-	log.Println("info: please source the ak-sk-env.sh file in the current directory manually")
+	if printAkSk {
+		_, errWriter := log.Writer().Write(append([]byte(accessKeyFileContent), '\n'))
+		if errWriter != nil {
+			glog.Fatal(errWriter)
+		}
+	} else {
+		common.WriteStringToFile("./ak-sk-env.sh", accessKeyFileContent)
+		glog.V(1).Info("info: access token file created successfully")
+		glog.V(1).Info("info: please source the ak-sk-env.sh file in the current directory manually")
+	}
 }
 
-func CreateTemporaryAccessToken(durationSeconds int) error {
-	log.Println("info: creating temporary access token file with GTC...")
+func CreateTemporaryAccessToken(durationSeconds int, printAkSk bool) error {
+	glog.V(1).Info("info: creating temporary access token file with GTC...")
 	resp, err := getTempAccessTokenFromServiceProvider(durationSeconds)
 	if err != nil {
 		return err
 	}
 
-	makeAccessFile(nil, resp)
+	makeAccessFile(nil, resp, printAkSk)
 	return nil
 }
 
@@ -102,7 +110,7 @@ func getTempAccessTokenFromServiceProvider(durationSeconds int) (*credentials.Te
 	if err != nil {
 		return nil, err
 	}
-	log.Printf("warning: access key will only be valid until: %v (UTC)", tempCreds.ExpiresAt)
+	glog.Warningf("warning: access key will only be valid until: %v (UTC)", tempCreds.ExpiresAt)
 	return tempCreds, err
 }
 
@@ -140,7 +148,7 @@ func handlePotentialLimitError(err error,
 
 		//nolint:gomnd // The OpenTelekomCloud only lets users have up to two keys
 		if len(accessTokens) == 2 {
-			log.Printf("warning: hit the limit for access keys on OTC. You can only have 2. Removing keys made by otc-auth...")
+			glog.Warning("warning: hit the limit for access keys on OTC. You can only have 2. Removing keys made by otc-auth...")
 			return conditionallyReplaceAccessTokens(user, client, tokenDescription, accessTokens)
 		}
 		return nil, err

cce/cce.go

@@ -11,6 +11,7 @@ import (
 	"otc-auth/common/endpoints"
 	"otc-auth/config"
 
+	"github.com/golang/glog"
 	golangsdk "github.com/opentelekomcloud/gophertelekomcloud"
 	"github.com/opentelekomcloud/gophertelekomcloud/openstack"
 	"github.com/opentelekomcloud/gophertelekomcloud/openstack/cce/v3/clusters"
@@ -21,7 +22,7 @@ import (
 func GetClusterNames(projectName string) config.Clusters {
 	clustersResult, err := getClustersForProjectFromServiceProvider(projectName)
 	if err != nil {
-		log.Fatal(err)
+		glog.Fatal(err)
 	}
 
 	var clustersArr config.Clusters
@@ -34,15 +35,17 @@ func GetClusterNames(projectName string) config.Clusters {
 	}
 
 	config.UpdateClusters(clustersArr)
-	log.Printf("info: CCE clusters for project %s:\n%s", projectName, strings.Join(clustersArr.GetClusterNames(), ",\n"))
+	glog.V(1).Infof(
+		"info: CCE clusters for project %s:\n%s",
+		projectName, strings.Join(clustersArr.GetClusterNames(), ",\n"))
 
 	return clustersArr
 }
 
 func GetKubeConfig(configParams KubeConfigParams, skipKubeTLS bool, printKubeConfig bool) {
 	kubeConfig, err := getKubeConfig(configParams)
 	if err != nil {
-		log.Fatal(err)
+		glog.Fatal(err)
 	}
 
 	if skipKubeTLS || configParams.Server != "" {
@@ -60,18 +63,18 @@ func GetKubeConfig(configParams KubeConfigParams, skipKubeTLS bool, printKubeCon
 	if printKubeConfig {
 		configBytes, errMarshal := json.Marshal(kubeConfig)
 		if errMarshal != nil {
-			log.Fatal(errMarshal)
+			glog.Fatal(errMarshal)
 		}
 		configBytes = append([]byte{'\n'}, configBytes...)
 		configBytes = append(configBytes, '\n', '\n')
 		_, errWriter := log.Writer().Write(configBytes)
 		if err != nil {
-			log.Fatal(errWriter)
+			glog.Fatal(errWriter)
 		}
-		log.Printf("info: successfully fetched kube config for cce cluster %s. \n", configParams.ClusterName)
+		glog.V(1).Info("info: successfully fetched kube config for cce cluster %s. \n", configParams.ClusterName)
 	} else {
 		mergeKubeConfig(configParams, kubeConfig)
-		log.Printf("info: successfully fetched and merge kube config for cce cluster %s. \n", configParams.ClusterName)
+		glog.V(1).Infof("info: successfully fetched and merge kube config for cce cluster %s. \n", configParams.ClusterName)
 	}
 }
 
@@ -104,24 +107,24 @@ func getClusterCertFromServiceProvider(kubeConfigParams KubeConfigParams, cluste
 		TenantID:         project.ID,
 	})
 	if err != nil {
-		log.Fatal(err)
+		glog.Fatal(err)
 	}
 	client, err := openstack.NewCCE(provider, golangsdk.EndpointOpts{})
 	if err != nil {
-		log.Fatal(err)
+		glog.Fatal(err)
 	}
 
 	var expOpts clusters.ExpirationOpts
 	expOpts.Duration, err = strconv.Atoi(kubeConfigParams.DaysValid)
 	if err != nil {
-		log.Fatal(err)
+		glog.Fatal(err)
 	}
 	cert := clusters.GetCertWithExpiration(client, clusterID, expOpts).Body
 	certWithContext := addContextInformationToKubeConfig(kubeConfigParams.ProjectName,
 		kubeConfigParams.ClusterName, string(cert))
 	extractedCert, err := clientcmd.NewClientConfigFromBytes([]byte(certWithContext))
 	if err != nil {
-		log.Fatal(err)
+		glog.Fatal(err)
 	}
 	return extractedCert.RawConfig()
 }
@@ -135,7 +138,7 @@ func getClusterID(clusterName string, projectName string) (clusterID string, err
 
 	clustersResult, err := getClustersForProjectFromServiceProvider(projectName)
 	if err != nil {
-		log.Fatal(err)
+		glog.Fatal(err)
 	}
 
 	var clusterArr config.Clusters
@@ -145,7 +148,7 @@ func getClusterID(clusterName string, projectName string) (clusterID string, err
 			ID:   cluster.Metadata.Id,
 		})
 	}
-	log.Printf("info: clusters for project %s:\n%s", projectName, strings.Join(clusterArr.GetClusterNames(), ",\n"))
+	glog.V(1).Info("info: clusters for project %s:\n%s", projectName, strings.Join(clusterArr.GetClusterNames(), ",\n"))
 
 	config.UpdateClusters(clusterArr)
 	cloud = config.GetActiveCloudConfig()

cce/kube_config.go

@@ -2,25 +2,25 @@ package cce
 
 import (
 	"fmt"
-	"log"
 	"os"
 	"path"
 	"path/filepath"
 	"strings"
 
 	"otc-auth/config"
 
+	"github.com/golang/glog"
 	"k8s.io/client-go/tools/clientcmd"
 	"k8s.io/client-go/tools/clientcmd/api"
 	"k8s.io/client-go/util/homedir"
 )
 
 func getKubeConfig(kubeConfigParams KubeConfigParams) (api.Config, error) {
-	log.Println("info: getting kube config...")
+	glog.V(1).Infof("info: getting kube config...")
 
 	clusterID, err := getClusterID(kubeConfigParams.ClusterName, kubeConfigParams.ProjectName)
 	if err != nil {
-		log.Fatalf("fatal: error receiving cluster id: %s", err)
+		glog.Fatalf("fatal: error receiving cluster id: %s", err)
 	}
 
 	return getClusterCertFromServiceProvider(kubeConfigParams, clusterID)
@@ -29,19 +29,19 @@ func getKubeConfig(kubeConfigParams KubeConfigParams) (api.Config, error) {
 func mergeKubeConfig(configParams KubeConfigParams, kubeConfig api.Config) {
 	currentConfig, err := clientcmd.NewDefaultClientConfigLoadingRules().GetStartingConfig()
 	if err != nil {
-		log.Fatal(err)
+		glog.Fatal(err)
 	}
 
 	filenameNewFile := "kubeConfig_new"
 	filenameCurrentFile := "kubeConfig_current"
 
 	err = clientcmd.WriteToFile(kubeConfig, filenameNewFile)
 	if err != nil {
-		log.Fatal(err)
+		glog.Fatal(err)
 	}
 	err = clientcmd.WriteToFile(*currentConfig, filenameCurrentFile)
 	if err != nil {
-		log.Fatal(err)
+		glog.Fatal(err)
 	}
 
 	loadingRules := clientcmd.ClientConfigLoadingRules{
@@ -50,11 +50,11 @@ func mergeKubeConfig(configParams KubeConfigParams, kubeConfig api.Config) {
 
 	mergedConfig, err := loadingRules.Load()
 	if err != nil {
-		log.Fatal(err)
+		glog.Fatal(err)
 	}
 	err = clientcmd.WriteToFile(*mergedConfig, determineTargetLocation(configParams.TargetLocation))
 	if err != nil {
-		log.Fatal(err)
+		glog.Fatal(err)
 	}
 
 	_ = os.RemoveAll(filenameNewFile)
@@ -66,7 +66,7 @@ func determineTargetLocation(targetLocation string) string {
 	if targetLocation != "" {
 		err := os.MkdirAll(filepath.Dir(targetLocation), os.ModePerm)
 		if err != nil {
-			log.Fatal(err)
+			glog.Fatal(err)
 		}
 		return targetLocation
 	}