From 7f12fb346c0d5a762f1be45837a8e465c0e134de Mon Sep 17 00:00:00 2001 From: Euan Kemp Date: Wed, 4 Apr 2018 15:35:51 -0700 Subject: [PATCH 1/7] issuer/acme: move 'user-agent' logic to util This logic should be shared by things like the aws client as well. --- pkg/issuer/acme/acme.go | 22 +++------------------- pkg/util/useragent_roundtripper.go | 28 ++++++++++++++++++++++++++++ 2 files changed, 31 insertions(+), 19 deletions(-) create mode 100644 pkg/util/useragent_roundtripper.go diff --git a/pkg/issuer/acme/acme.go b/pkg/issuer/acme/acme.go index 74333c71b..80637dcee 100644 --- a/pkg/issuer/acme/acme.go +++ b/pkg/issuer/acme/acme.go @@ -94,22 +94,6 @@ func New(issuer v1alpha1.GenericIssuer, }, nil } -// uaRoundTripper implements the http.RoundTripper interface and adds a User-Agent -// header. Note that this is a stopgap until upstream `crypto/acme` adds a -// facility for setting User-Agent. - -type uaRoundTripper struct { - nethttp.RoundTripper - ua string -} - -var acmeUserAgent = "jetstack-cert-manager/" + util.AppVersion - -func (uat uaRoundTripper) RoundTrip(req *nethttp.Request) (*nethttp.Response, error) { - req.Header.Add("User-Agent", acmeUserAgent) - return uat.RoundTripper.RoundTrip(req) -} - func (a *Acme) acmeClient() (*acme.Client, error) { secretName, secretKey := a.acmeAccountPrivateKeyMeta() glog.V(4).Infof("getting private key (%s->%s) for acme issuer %s/%s", secretName, secretKey, a.issuerResourcesNamespace, a.issuer.GetObjectMeta().Name) @@ -122,9 +106,9 @@ func (a *Acme) acmeClient() (*acme.Client, error) { Key: accountPrivKey, DirectoryURL: a.issuer.GetSpec().ACME.Server, HTTPClient: &nethttp.Client{ - Transport: uaRoundTripper{ - RoundTripper: nethttp.DefaultTransport, - }, + // Stopgap user-agent roundtripper until the upstream 'crypto/acme' + // provides a better method for setting user-agent. + Transport: util.UserAgentRoundTripper(nethttp.DefaultTransport), }, } return cl, nil diff --git a/pkg/util/useragent_roundtripper.go b/pkg/util/useragent_roundtripper.go new file mode 100644 index 000000000..f062e3548 --- /dev/null +++ b/pkg/util/useragent_roundtripper.go @@ -0,0 +1,28 @@ +package util + +import ( + "net/http" +) + +// UserAgentRoundTripper implements the http.RoundTripper interface and adds a User-Agent +// header. +type userAgentRoundTripper struct { + inner http.RoundTripper +} + +// CertManagerUserAgent is the user agent that http clients in this codebase should use +const CertManagerUserAgent = "jetstack-cert-manager/" + AppVersion + +// UserAgentRoundTripper returns a RoundTripper that functions identically to +// the provided 'inner' round tripper, other than also setting a user agent. +func UserAgentRoundTripper(inner http.RoundTripper) http.RoundTripper { + return UserAgentRoundTripper{ + inner: inner, + } +} + +// RoundTrip implements http.RoundTripper +func (u userAgentRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) { + req.Header.Add("User-Agent", CertManagerUserAgent) + return u.inner.RoundTrip(req) +} From f122c9c9c2f50714af4fefb25911f976ccd23056 Mon Sep 17 00:00:00 2001 From: Euan Kemp Date: Wed, 4 Apr 2018 15:37:34 -0700 Subject: [PATCH 2/7] issuer/acme: add a timeout to the http client --- pkg/issuer/acme/acme.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkg/issuer/acme/acme.go b/pkg/issuer/acme/acme.go index 80637dcee..3bd854c56 100644 --- a/pkg/issuer/acme/acme.go +++ b/pkg/issuer/acme/acme.go @@ -4,6 +4,7 @@ import ( "context" "fmt" nethttp "net/http" + "time" "github.com/golang/glog" "golang.org/x/crypto/acme" @@ -109,6 +110,7 @@ func (a *Acme) acmeClient() (*acme.Client, error) { // Stopgap user-agent roundtripper until the upstream 'crypto/acme' // provides a better method for setting user-agent. Transport: util.UserAgentRoundTripper(nethttp.DefaultTransport), + Timeout: 30 * time.Second, }, } return cl, nil From 34391f07268383388034f7456491dac9b7844bd9 Mon Sep 17 00:00:00 2001 From: Euan Kemp Date: Wed, 4 Apr 2018 15:41:06 -0700 Subject: [PATCH 3/7] issuer/dns/cloudflare: set user-agent --- pkg/issuer/acme/dns/cloudflare/cloudflare.go | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/pkg/issuer/acme/dns/cloudflare/cloudflare.go b/pkg/issuer/acme/dns/cloudflare/cloudflare.go index 96408a287..f9151a1c0 100644 --- a/pkg/issuer/acme/dns/cloudflare/cloudflare.go +++ b/pkg/issuer/acme/dns/cloudflare/cloudflare.go @@ -12,6 +12,7 @@ import ( "time" "github.com/jetstack/cert-manager/pkg/issuer/acme/dns/util" + pkgutil "github.com/jetstack/cert-manager/pkg/util" ) // CloudFlareAPIURL represents the API endpoint to call. @@ -180,9 +181,11 @@ func (c *DNSProvider) makeRequest(method, uri string, body io.Reader) (json.RawM req.Header.Set("X-Auth-Email", c.authEmail) req.Header.Set("X-Auth-Key", c.authKey) - //req.Header.Set("User-Agent", userAgent()) + req.Header.Set("User-Agent", pkgutil.CertManagerUserAgent) - client := http.Client{Timeout: 30 * time.Second} + client := http.Client{ + Timeout: 30 * time.Second, + } resp, err := client.Do(req) if err != nil { return nil, fmt.Errorf("Error querying Cloudflare API -> %v", err) From 4d9b0e836eb72049161285365de85908de8b888e Mon Sep 17 00:00:00 2001 From: Euan Kemp Date: Wed, 4 Apr 2018 15:50:58 -0700 Subject: [PATCH 4/7] issuer/dns/akamai: set user-agent --- pkg/issuer/acme/dns/akamai/akamai.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkg/issuer/acme/dns/akamai/akamai.go b/pkg/issuer/acme/dns/akamai/akamai.go index 84d3f8d97..52a37c71b 100644 --- a/pkg/issuer/acme/dns/akamai/akamai.go +++ b/pkg/issuer/acme/dns/akamai/akamai.go @@ -15,6 +15,7 @@ import ( "github.com/golang/glog" "github.com/jetstack/cert-manager/pkg/issuer/acme/dns/util" + pkgutil "github.com/jetstack/cert-manager/pkg/util" "github.com/pkg/errors" ) @@ -165,6 +166,8 @@ func (a *DNSProvider) saveZoneData(domain string, data zoneData) error { } func (a *DNSProvider) makeRequest(req *http.Request) ([]byte, error) { + req.Header.Set("User-Agent", pkgutil.CertManagerUserAgent) + if err := a.auth.SignRequest(req); err != nil { return nil, errors.Wrap(err, "failed to sign HTTP request") } From 9c3b4e83b421d02834a480931b11f4a047270fc0 Mon Sep 17 00:00:00 2001 From: Euan Kemp Date: Wed, 4 Apr 2018 15:51:06 -0700 Subject: [PATCH 5/7] pkg/util/kube: set user-agent This should make it slightly easier to filter api-server logs for cert-manager activity --- pkg/util/kube/config.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkg/util/kube/config.go b/pkg/util/kube/config.go index 31ae6de17..f323bf316 100644 --- a/pkg/util/kube/config.go +++ b/pkg/util/kube/config.go @@ -3,6 +3,7 @@ package kube import ( "fmt" + "github.com/jetstack/cert-manager/pkg/util" "k8s.io/client-go/rest" "k8s.io/client-go/tools/clientcmd" ) @@ -26,11 +27,11 @@ func KubeConfig(apiServerHost string) (*rest.Config, error) { } cfg, err = clientcmd.NewDefaultClientConfig(*apiCfg, &clientcmd.ConfigOverrides{}).ClientConfig() - if err != nil { return nil, fmt.Errorf("error loading cluster client config: %s", err.Error()) } } + cfg.UserAgent = util.CertManagerUserAgent return cfg, nil } From 4e5a2d16461fa7fafb8459d8bf2a0789c4ff7715 Mon Sep 17 00:00:00 2001 From: Euan Kemp Date: Wed, 4 Apr 2018 16:18:29 -0700 Subject: [PATCH 6/7] issuer/dns/route53: append our user-agent --- pkg/issuer/acme/dns/route53/route53.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkg/issuer/acme/dns/route53/route53.go b/pkg/issuer/acme/dns/route53/route53.go index 5ac972017..c57fc91aa 100644 --- a/pkg/issuer/acme/dns/route53/route53.go +++ b/pkg/issuer/acme/dns/route53/route53.go @@ -17,6 +17,7 @@ import ( "github.com/golang/glog" "github.com/jetstack/cert-manager/pkg/issuer/acme/dns/util" + pkgutil "github.com/jetstack/cert-manager/pkg/util" ) const ( @@ -93,6 +94,7 @@ func NewDNSProvider(accessKeyID, secretAccessKey, hostedZoneID, region string, a if err != nil { return nil, fmt.Errorf("unable to create aws session: %s", err) } + sess.Handlers.Build.PushBack(request.WithAppendUserAgent(pkgutil.CertManagerUserAgent)) client := route53.New(sess, config) return &DNSProvider{ From 6b4e33a483b7134b4c1ef3fd45fc9bb895f3490f Mon Sep 17 00:00:00 2001 From: Euan Kemp Date: Wed, 4 Apr 2018 16:18:37 -0700 Subject: [PATCH 7/7] util/useragent: use more verbose version --- pkg/util/useragent_roundtripper.go | 8 ++++---- pkg/util/version.go | 13 +++++++++++++ 2 files changed, 17 insertions(+), 4 deletions(-) diff --git a/pkg/util/useragent_roundtripper.go b/pkg/util/useragent_roundtripper.go index f062e3548..96c96199f 100644 --- a/pkg/util/useragent_roundtripper.go +++ b/pkg/util/useragent_roundtripper.go @@ -4,19 +4,19 @@ import ( "net/http" ) +// CertManagerUserAgent is the user agent that http clients in this codebase should use +var CertManagerUserAgent = "jetstack-cert-manager/" + version() + // UserAgentRoundTripper implements the http.RoundTripper interface and adds a User-Agent // header. type userAgentRoundTripper struct { inner http.RoundTripper } -// CertManagerUserAgent is the user agent that http clients in this codebase should use -const CertManagerUserAgent = "jetstack-cert-manager/" + AppVersion - // UserAgentRoundTripper returns a RoundTripper that functions identically to // the provided 'inner' round tripper, other than also setting a user agent. func UserAgentRoundTripper(inner http.RoundTripper) http.RoundTripper { - return UserAgentRoundTripper{ + return userAgentRoundTripper{ inner: inner, } } diff --git a/pkg/util/version.go b/pkg/util/version.go index 3ab75874b..c516efc06 100644 --- a/pkg/util/version.go +++ b/pkg/util/version.go @@ -1,7 +1,20 @@ package util +import "fmt" + var ( AppGitState = "" AppGitCommit = "" AppVersion = "canary" ) + +func version() string { + v := AppVersion + if AppGitCommit != "" { + v += "-" + AppGitCommit + } + if AppGitState != "" { + v += fmt.Sprintf(" (%v)", AppGitState) + } + return v +}