diff --git a/cmd/acmesolver/main.go b/cmd/acmesolver/main.go index e776c50f9..3cc075dbf 100644 --- a/cmd/acmesolver/main.go +++ b/cmd/acmesolver/main.go @@ -39,8 +39,8 @@ var ( func main() { logs.InitLogs(nil) defer logs.FlushLogs() - flag.Parse() + ctx := logs.NewContext(nil, nil, "acmesolver") s := &solver.HTTP01Solver{ ListenPort: *listenPort, @@ -49,7 +49,7 @@ func main() { Key: *key, } - if err := s.Listen(); err != nil { + if err := s.Listen(ctx); err != nil { log.Fatalf("error listening for connections: %s", err.Error()) } } diff --git a/pkg/issuer/acme/http/solver/BUILD.bazel b/pkg/issuer/acme/http/solver/BUILD.bazel index b24fcdfd4..1c486b17e 100644 --- a/pkg/issuer/acme/http/solver/BUILD.bazel +++ b/pkg/issuer/acme/http/solver/BUILD.bazel @@ -8,6 +8,7 @@ go_library( ], importpath = "github.com/jetstack/cert-manager/pkg/issuer/acme/http/solver", visibility = ["//visibility:public"], + deps = ["//pkg/logs:go_default_library"], ) filegroup( diff --git a/pkg/issuer/acme/http/solver/solver.go b/pkg/issuer/acme/http/solver/solver.go index cd91128fc..bc7edd22e 100644 --- a/pkg/issuer/acme/http/solver/solver.go +++ b/pkg/issuer/acme/http/solver/solver.go @@ -17,11 +17,13 @@ limitations under the License. package solver import ( + "context" "fmt" - "log" "net/http" "path" "strings" + + logf "github.com/jetstack/cert-manager/pkg/logs" ) type HTTP01Solver struct { @@ -32,43 +34,56 @@ type HTTP01Solver struct { Key string } -func (h *HTTP01Solver) Listen() error { +func (h *HTTP01Solver) Listen(ctx context.Context) error { + log := logf.FromContext(ctx) + log.Info("starting listener", + "expected_domain", h.Domain, + "expected_token", h.Token, + "expected_key", h.Key, + "listen_port", h.ListenPort, + ) + handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { // extract vars from the request host := strings.Split(r.Host, ":")[0] basePath := path.Dir(r.URL.EscapedPath()) token := path.Base(r.URL.EscapedPath()) + log := log.WithValues( + "host", host, + "path", r.URL.EscapedPath(), + "base_path", basePath, + "token", token, + ) if r.URL.EscapedPath() == "/" || r.URL.EscapedPath() == "/healthz" { - log.Printf("[%s] Responding OK to health check '%s'", h.Domain, r.URL.EscapedPath()) + log.Info("responding OK to health check") w.WriteHeader(http.StatusOK) return } - - log.Printf("[%s] Validating request. basePath=%s, token=%s", h.Domain, basePath, token) + log.Info("validating request") // verify the base path is correct if basePath != HTTPChallengePath { - log.Printf("[%s] Invalid basePath, got '%s' but expected '%s'", h.Domain, basePath, HTTPChallengePath) + log.Info("invalid base_path", "expected_base_path", HTTPChallengePath) http.NotFound(w, r) return } - log.Printf("[%s] Comparing actual host '%s' against expected '%s'", host, host, h.Domain) - + log.Info("comparing host", "expected_host", h.Domain) if h.Domain != host { - log.Printf("[%s] Invalid host '%s'", h.Domain, host) + log.Info("invalid host", "expected_host", h.Domain) http.NotFound(w, r) return } + log.Info("comparing token", "expected_token", h.Token) if h.Token != token { // if nothing else, we return a 404 here - log.Printf("[%s] Invalid token '%s', expected: '%s'", h.Domain, token, h.Token) + log.Info("invalid token", "expected_token", h.Token) http.NotFound(w, r) return } - log.Printf("[%s] Got successful challenge request, writing key...", h.Domain) + log.Info("got successful challenge request, writing key") w.WriteHeader(http.StatusOK) fmt.Fprint(w, h.Key) })