Log in CTL client not API handler

Removes CTL related logging from the API handler and pushes it over to the CTL client. Signed-off-by: Nathan Smith <nathan@nfsmith.ca>
sigstore · Feb 3, 2022 · 5c49e60 · 5c49e60
1 parent 0cf0977
commit 5c49e60
Show file tree

Hide file tree

Showing 4 changed files with 84 additions and 7 deletions.
diff --git a/cmd/app/serve.go b/cmd/app/serve.go
@@ -174,6 +174,7 @@ func runServeCmd(cmd *cobra.Command, args []string) {
 	var ctClient ctl.Client
 	if logURL := viper.GetString("ct-log-url"); logURL != "" {
 		ctClient = ctl.New(logURL)
+		ctClient = ctl.WithLogging(ctClient, log.Logger)
 	}
 
 	var handler http.Handler

diff --git a/pkg/api/ca.go b/pkg/api/ca.go
@@ -174,7 +174,6 @@ func (a *api) signingCert(w http.ResponseWriter, req *http.Request) {
 		}
 
 		// Submit to CTL
-		logger.Info("Submitting CTL inclusion for OIDC grant: ", subject.Value)
 		if a.ct != nil {
 			sct, err := a.ct.AddChain(csc)
 			if err != nil {
@@ -186,8 +185,6 @@ func (a *api) signingCert(w http.ResponseWriter, req *http.Request) {
 				handleFulcioAPIError(w, req, http.StatusInternalServerError, err, failedToMarshalSCT)
 				return
 			}
-			logger.Info("CTL Submission Signature Received: ", sct.Signature)
-			logger.Info("CTL Submission ID Received: ", sct.ID)
 		} else {
 			logger.Info("Skipping CT log upload.")
 		}

diff --git a/pkg/ctl/logging.go → pkg/ctl/ctl_logging.go b/pkg/ctl/logging.go → pkg/ctl/ctl_logging.go
@@ -20,12 +20,12 @@ import (
 	"go.uber.org/zap"
 )
 
-type loggingClient struct {
+type ctlLoggingClient struct {
 	next   Client
 	logger *zap.SugaredLogger
 }
 
-func (lc *loggingClient) AddChain(csc *ca.CodeSigningCertificate) (*CertChainResponse, error) {
+func (lc *ctlLoggingClient) AddChain(csc *ca.CodeSigningCertificate) (*CertChainResponse, error) {
 	lc.logger.Info("Submitting CTL inclusion for subject", csc.Subject.Value)
 	resp, err := lc.next.AddChain(csc)
 	if err != nil {
@@ -37,7 +37,8 @@ func (lc *loggingClient) AddChain(csc *ca.CodeSigningCertificate) (*CertChainRes
 	return resp, nil
 }
 
-// WithLogging adds logging to a certificate transparenct log client
+// WithLogging adds logging (in the writing helpful information to console
+// sense) to a certificate transparenct log client
 func WithLogging(next Client, logger *zap.SugaredLogger) Client {
-	return &loggingClient{next, logger}
+	return &ctlLoggingClient{next, logger}
 }
diff --git a/pkg/ctl/ctl_logging_test.go b/pkg/ctl/ctl_logging_test.go
@@ -0,0 +1,78 @@
+// Copyright 2021 The Sigstore Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package ctl
+
+import (
+	"errors"
+	"regexp"
+	"testing"
+
+	"github.com/sigstore/fulcio/pkg/ca"
+	"github.com/sigstore/fulcio/pkg/challenges"
+	"go.uber.org/zap"
+	"go.uber.org/zap/zaptest/observer"
+)
+
+type clientFunc func(csc *ca.CodeSigningCertificate) (*CertChainResponse, error)
+
+func (f clientFunc) AddChain(csc *ca.CodeSigningCertificate) (*CertChainResponse, error) {
+	return f(csc)
+}
+
+func TestWithLogging(t *testing.T) {
+	tests := map[string]struct {
+		Client         Client
+		ExpectedOutput *regexp.Regexp
+	}{
+		"Error in client should be logged": {
+			clientFunc(func(*ca.CodeSigningCertificate) (*CertChainResponse, error) {
+				return nil, errors.New(`ctl: testing error`)
+			}),
+			regexp.MustCompile(`ctl: testing error`),
+		},
+		"Success in client should log information": {
+			clientFunc(func(*ca.CodeSigningCertificate) (*CertChainResponse, error) {
+				return &CertChainResponse{}, nil
+			}),
+			regexp.MustCompile(`CTL Submission ID Received:`),
+		},
+	}
+
+	for test, data := range tests {
+		t.Run(test, func(t *testing.T) {
+			// Given
+			observedZapCore, observedLogs := observer.New(zap.InfoLevel)
+			observedLogger := zap.New(observedZapCore)
+			client := WithLogging(data.Client, observedLogger.Sugar())
+
+			csc := ca.CodeSigningCertificate{
+				Subject: &challenges.ChallengeResult{},
+			}
+
+			// When
+			_, _ = client.AddChain(&csc)
+
+			// Then
+			for _, entry := range observedLogs.All() {
+				if data.ExpectedOutput.MatchString(entry.Message) {
+					// We recieved expected output so the test passes
+					return
+				}
+			}
+			// If we got here we didn't match the expected output so test fails
+			t.Error("Didn't find expected output in logs")
+		})
+	}
+}