diff --git a/internal/logger/logger.go b/internal/logger/logger.go index 97aec4a8e..32f355224 100644 --- a/internal/logger/logger.go +++ b/internal/logger/logger.go @@ -62,6 +62,16 @@ const ( Server componentType = "server" // ReferrerStore is the component type for the referrer store. ReferrerStore componentType = "referrerStore" + // Cache is the component type for the cache. + Cache componentType = "cache" + // CertProvider is the component type for certificate provider. + CertProvider componentType = "certificateProvider" + // AuthProvider is the component type for auth provider. + AuthProvider componentType = "authProvider" + // PolicyProvider is the component type for policy provider. + PolicyProvider componentType = "policyProvider" + // Verifier is the component type for verifier. + Verifier componentType = "verifier" traceIDHeaderName = "traceIDHeaderName" ) diff --git a/pkg/cache/dapr/dapr.go b/pkg/cache/dapr/dapr.go index a041ffb38..3b94e0556 100644 --- a/pkg/cache/dapr/dapr.go +++ b/pkg/cache/dapr/dapr.go @@ -23,13 +23,17 @@ import ( "time" "github.com/dapr/go-sdk/client" + "github.com/deislabs/ratify/internal/logger" "github.com/deislabs/ratify/pkg/cache" "github.com/deislabs/ratify/pkg/featureflag" - "github.com/sirupsen/logrus" ) const DaprCacheType = "dapr" +var logOpt = logger.Option{ + ComponentType: logger.Cache, +} + type factory struct{} type daprCache struct { @@ -67,11 +71,11 @@ func (d *daprCache) Get(ctx context.Context, key string) (string, bool) { func (d *daprCache) Set(ctx context.Context, key string, value interface{}) bool { bytes, err := json.Marshal(value) if err != nil { - logrus.Error("Error marshalling value for redis: ", err) + logger.GetLogger(ctx, logOpt).Error("Error marshalling value for redis: ", err) return false } if err := d.daprClient.SaveState(ctx, d.cacheName, key, bytes, nil); err != nil { - logrus.Error("Error saving value to redis: ", err) + logger.GetLogger(ctx, logOpt).Error("Error saving value to redis: ", err) return false } return true @@ -80,13 +84,13 @@ func (d *daprCache) Set(ctx context.Context, key string, value interface{}) bool func (d *daprCache) SetWithTTL(ctx context.Context, key string, value interface{}, ttl time.Duration) bool { bytes, err := json.Marshal(value) if err != nil { - logrus.Error("Error marshalling value for redis: ", err) + logger.GetLogger(ctx, logOpt).Error("Error marshalling value for redis: ", err) return false } ttlString := strconv.Itoa(int(ttl.Seconds())) md := map[string]string{"ttlInSeconds": ttlString} if err := d.daprClient.SaveState(ctx, d.cacheName, key, bytes, md); err != nil { - logrus.Error("Error saving value to redis: ", err) + logger.GetLogger(ctx, logOpt).Error("Error saving value to redis: ", err) return false } return true @@ -94,7 +98,7 @@ func (d *daprCache) SetWithTTL(ctx context.Context, key string, value interface{ func (d *daprCache) Delete(ctx context.Context, key string) bool { if err := d.daprClient.DeleteState(ctx, d.cacheName, key, nil); err != nil { - logrus.Error("Error deleting value from redis: ", err) + logger.GetLogger(ctx, logOpt).Error("Error deleting value from redis: ", err) return false } return true diff --git a/pkg/cache/ristretto/ristretto.go b/pkg/cache/ristretto/ristretto.go index 9409f63ae..d46cc9e5e 100644 --- a/pkg/cache/ristretto/ristretto.go +++ b/pkg/cache/ristretto/ristretto.go @@ -22,14 +22,18 @@ import ( "time" "github.com/cespare/xxhash/v2" + "github.com/deislabs/ratify/internal/logger" "github.com/deislabs/ratify/pkg/cache" "github.com/dgraph-io/ristretto" "github.com/dgraph-io/ristretto/z" - "github.com/sirupsen/logrus" ) const RistrettoCacheType = "ristretto" +var logOpt = logger.Option{ + ComponentType: logger.Cache, +} + type factory struct { once sync.Once } @@ -42,7 +46,7 @@ func init() { cache.Register(RistrettoCacheType, &factory{}) } -func (f *factory) Create(_ context.Context, _ string, cacheSize int) (cache.CacheProvider, error) { +func (f *factory) Create(ctx context.Context, _ string, cacheSize int) (cache.CacheProvider, error) { var err error var memoryCache *ristretto.Cache f.once.Do(func() { @@ -54,7 +58,7 @@ func (f *factory) Create(_ context.Context, _ string, cacheSize int) (cache.Cach }) }) if err != nil { - logrus.Errorf("could not create cache, err: %v", err) + logger.GetLogger(ctx, logOpt).Errorf("could not create cache, err: %v", err) return &ristrettoCache{}, err } @@ -72,19 +76,19 @@ func (r *ristrettoCache) Get(_ context.Context, key string) (string, bool) { return returnValue, ok } -func (r *ristrettoCache) Set(_ context.Context, key string, value interface{}) bool { +func (r *ristrettoCache) Set(ctx context.Context, key string, value interface{}) bool { bytes, err := json.Marshal(value) if err != nil { - logrus.Error("Error marshalling value for ristretto: ", err) + logger.GetLogger(ctx, logOpt).Error("Error marshalling value for ristretto: ", err) return false } return r.memoryCache.Set(key, string(bytes), 1) } -func (r *ristrettoCache) SetWithTTL(_ context.Context, key string, value interface{}, ttl time.Duration) bool { +func (r *ristrettoCache) SetWithTTL(ctx context.Context, key string, value interface{}, ttl time.Duration) bool { bytes, err := json.Marshal(value) if err != nil { - logrus.Error("Error marshalling value for ristretto: ", err) + logger.GetLogger(ctx, logOpt).Error("Error marshalling value for ristretto: ", err) return false } return r.memoryCache.SetWithTTL(key, string(bytes), 1, ttl) diff --git a/pkg/certificateprovider/azurekeyvault/provider.go b/pkg/certificateprovider/azurekeyvault/provider.go index 6e4d39cc3..473272c1c 100644 --- a/pkg/certificateprovider/azurekeyvault/provider.go +++ b/pkg/certificateprovider/azurekeyvault/provider.go @@ -28,6 +28,7 @@ import ( "time" re "github.com/deislabs/ratify/errors" + "github.com/deislabs/ratify/internal/logger" "github.com/deislabs/ratify/pkg/certificateprovider" "github.com/deislabs/ratify/pkg/certificateprovider/azurekeyvault/types" "github.com/deislabs/ratify/pkg/metrics" @@ -35,7 +36,6 @@ import ( kv "github.com/Azure/azure-sdk-for-go/services/keyvault/v7.1/keyvault" "github.com/Azure/go-autorest/autorest/azure" - "github.com/sirupsen/logrus" "gopkg.in/yaml.v2" ) @@ -45,6 +45,10 @@ const ( PEMContentType string = "application/x-pem-file" ) +var logOpt = logger.Option{ + ComponentType: logger.CertProvider, +} + type akvCertProvider struct{} // init calls to register the provider @@ -80,7 +84,7 @@ func (s *akvCertProvider) GetCertificates(ctx context.Context, attrib map[string return nil, nil, re.ErrorCodeConfigInvalid.NewError(re.CertProvider, providerName, re.EmptyLink, nil, fmt.Sprintf("cloudName %s is not valid", cloudName), re.HideStackTrace) } - keyVaultCerts, err := getKeyvaultRequestObj(attrib) + keyVaultCerts, err := getKeyvaultRequestObj(ctx, attrib) if err != nil { return nil, nil, re.ErrorCodeConfigInvalid.NewError(re.CertProvider, providerName, re.AKVLink, err, "failed to get keyvault request object from provider attributes", re.HideStackTrace) } @@ -89,7 +93,7 @@ func (s *akvCertProvider) GetCertificates(ctx context.Context, attrib map[string return nil, nil, re.ErrorCodeConfigInvalid.NewError(re.CertProvider, providerName, re.EmptyLink, nil, "no keyvault certificate configured", re.PrintStackTrace) } - logrus.Debugf("vaultURI %s", keyvaultURI) + logger.GetLogger(ctx, logOpt).Debugf("vaultURI %s", keyvaultURI) kvClient, err := initializeKvClient(ctx, azureCloudEnv.KeyVaultEndpoint, tenantID, workloadIdentityClientID) if err != nil { @@ -99,7 +103,7 @@ func (s *akvCertProvider) GetCertificates(ctx context.Context, attrib map[string certs := []*x509.Certificate{} certsStatus := []map[string]string{} for _, keyVaultCert := range keyVaultCerts { - logrus.Debugf("fetching secret from key vault, certName %v, keyvault %v", keyVaultCert.CertificateName, keyvaultURI) + logger.GetLogger(ctx, logOpt).Debugf("fetching secret from key vault, certName %v, keyvault %v", keyVaultCert.CertificateName, keyvaultURI) // fetch the object from Key Vault // GetSecret is required so we can fetch the entire cert chain. See issue https://github.com/deislabs/ratify/issues/695 for details @@ -110,7 +114,7 @@ func (s *akvCertProvider) GetCertificates(ctx context.Context, attrib map[string return nil, nil, fmt.Errorf("failed to get secret objectName:%s, objectVersion:%s, error: %w", keyVaultCert.CertificateName, keyVaultCert.CertificateVersion, err) } - certResult, certProperty, err := getCertsFromSecretBundle(secretBundle, keyVaultCert.CertificateName) + certResult, certProperty, err := getCertsFromSecretBundle(ctx, secretBundle, keyVaultCert.CertificateName) if err != nil { return nil, nil, fmt.Errorf("failed to get certificates from secret bundle:%w", err) @@ -132,7 +136,7 @@ func getCertStatusMap(certsStatus []map[string]string) certificateprovider.Certi } // parse the requested keyvault cert object from the input attributes -func getKeyvaultRequestObj(attrib map[string]string) ([]types.KeyVaultCertificate, error) { +func getKeyvaultRequestObj(ctx context.Context, attrib map[string]string) ([]types.KeyVaultCertificate, error) { keyVaultCerts := []types.KeyVaultCertificate{} certificatesStrings := types.GetCertificates(attrib) @@ -140,13 +144,13 @@ func getKeyvaultRequestObj(attrib map[string]string) ([]types.KeyVaultCertificat return nil, re.ErrorCodeConfigInvalid.NewError(re.CertProvider, providerName, re.EmptyLink, nil, "certificates is not set", re.HideStackTrace) } - logrus.Debugf("certificates string defined in ratify certStore class, certificates %v", certificatesStrings) + logger.GetLogger(ctx, logOpt).Debugf("certificates string defined in ratify certStore class, certificates %v", certificatesStrings) objects, err := types.GetCertificatesArray(certificatesStrings) if err != nil { return nil, re.ErrorCodeDataDecodingFailure.NewError(re.CertProvider, providerName, re.EmptyLink, err, "failed to yaml unmarshal objects", re.HideStackTrace) } - logrus.Debugf("unmarshaled objects yaml, objectsArray %v", objects.Array) + logger.GetLogger(ctx, logOpt).Debugf("unmarshaled objects yaml, objectsArray %v", objects.Array) for i, object := range objects.Array { var keyVaultCert types.KeyVaultCertificate @@ -159,7 +163,7 @@ func getKeyvaultRequestObj(attrib map[string]string) ([]types.KeyVaultCertificat keyVaultCerts = append(keyVaultCerts, keyVaultCert) } - logrus.Debugf("unmarshaled %v key vault objects, keyVaultObjects: %v", len(keyVaultCerts), keyVaultCerts) + logger.GetLogger(ctx, logOpt).Debugf("unmarshaled %v key vault objects, keyVaultObjects: %v", len(keyVaultCerts), keyVaultCerts) return keyVaultCerts, nil } @@ -221,7 +225,7 @@ func initializeKvClient(ctx context.Context, keyVaultEndpoint, tenantID, clientI // Parse the secret bundle and return an array of certificates // In a certificate chain scenario, all certificates from root to leaf will be returned -func getCertsFromSecretBundle(secretBundle kv.SecretBundle, certName string) ([]*x509.Certificate, []map[string]string, error) { +func getCertsFromSecretBundle(ctx context.Context, secretBundle kv.SecretBundle, certName string) ([]*x509.Certificate, []map[string]string, error) { if secretBundle.ContentType == nil || secretBundle.Value == nil || secretBundle.ID == nil { return nil, nil, re.ErrorCodeCertInvalid.NewError(re.CertProvider, providerName, re.EmptyLink, nil, "found invalid secret bundle for certificate %s, contentType, value, and id must not be nil", re.HideStackTrace) } @@ -264,7 +268,7 @@ func getCertsFromSecretBundle(secretBundle kv.SecretBundle, certName string) ([] for block != nil { switch block.Type { case "PRIVATE KEY": - logrus.Warnf("azure keyvault certificate provider: certificate %s, version %s private key skipped. Please see doc to learn how to create a new certificate in keyvault with non exportable keys. https://learn.microsoft.com/en-us/azure/key-vault/certificates/how-to-export-certificate?tabs=azure-cli#exportable-and-non-exportable-keys", certName, version) + logger.GetLogger(ctx, logOpt).Warnf("azure keyvault certificate provider: certificate %s, version %s private key skipped. Please see doc to learn how to create a new certificate in keyvault with non exportable keys. https://learn.microsoft.com/en-us/azure/key-vault/certificates/how-to-export-certificate?tabs=azure-cli#exportable-and-non-exportable-keys", certName, version) case "CERTIFICATE": var pemData []byte pemData = append(pemData, pem.EncodeToMemory(block)...) @@ -278,7 +282,7 @@ func getCertsFromSecretBundle(secretBundle kv.SecretBundle, certName string) ([] certsStatus = append(certsStatus, certProperty) } default: - logrus.Warnf("certificate '%s', version '%s': azure keyvault certificate provider detected unknown block type %s", certName, version, block.Type) + logger.GetLogger(ctx, logOpt).Warnf("certificate '%s', version '%s': azure keyvault certificate provider detected unknown block type %s", certName, version, block.Type) } block, rest = pem.Decode(rest) @@ -286,7 +290,7 @@ func getCertsFromSecretBundle(secretBundle kv.SecretBundle, certName string) ([] return nil, nil, re.ErrorCodeCertInvalid.NewError(re.CertProvider, providerName, re.EmptyLink, nil, fmt.Sprintf("certificate '%s', version '%s': azure keyvault certificate provider error, block is nil and remaining block to parse > 0", certName, version), re.HideStackTrace) } } - logrus.Debugf("azurekeyvault certprovider getCertsFromSecretBundle: %v certificates parsed, Certificate '%s', version '%s'", len(results), certName, version) + logger.GetLogger(ctx, logOpt).Debugf("azurekeyvault certprovider getCertsFromSecretBundle: %v certificates parsed, Certificate '%s', version '%s'", len(results), certName, version) return results, certsStatus, nil } diff --git a/pkg/certificateprovider/azurekeyvault/provider_test.go b/pkg/certificateprovider/azurekeyvault/provider_test.go index 3888b1b42..6d18cabab 100644 --- a/pkg/certificateprovider/azurekeyvault/provider_test.go +++ b/pkg/certificateprovider/azurekeyvault/provider_test.go @@ -264,7 +264,7 @@ func TestGetKeyvaultRequestObj(t *testing.T) { attrib["tenantID"] = "TestIDABC" attrib["certificates"] = "array:\n- |\n certificateName: wabbit-networks-io \n certificateVersion: \"testversion\"\n" - result, err := getKeyvaultRequestObj(attrib) + result, err := getKeyvaultRequestObj(context.Background(), attrib) if err != nil { logrus.Infof("err %v", err) @@ -327,7 +327,7 @@ func Test(t *testing.T) { ContentType: &tc.contentType, } - certs, status, err := getCertsFromSecretBundle(testdata, "certName") + certs, status, err := getCertsFromSecretBundle(context.Background(), testdata, "certName") if tc.expectedErr { assert.NotNil(t, err) assert.Nil(t, certs) @@ -363,7 +363,7 @@ func TestGetKeyvaultRequestObj_error(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { - _, err := getKeyvaultRequestObj(tc.attrib) + _, err := getKeyvaultRequestObj(context.Background(), tc.attrib) if tc.expectedErr { assert.NotNil(t, err) } else { diff --git a/pkg/common/oras/authprovider/azure/azureidentity.go b/pkg/common/oras/authprovider/azure/azureidentity.go index 7983fbcbf..4b7ca8b90 100644 --- a/pkg/common/oras/authprovider/azure/azureidentity.go +++ b/pkg/common/oras/authprovider/azure/azureidentity.go @@ -23,8 +23,8 @@ import ( "time" re "github.com/deislabs/ratify/errors" + "github.com/deislabs/ratify/internal/logger" provider "github.com/deislabs/ratify/pkg/common/oras/authprovider" - "github.com/sirupsen/logrus" "github.com/Azure/azure-sdk-for-go/sdk/azcore" "github.com/Azure/azure-sdk-for-go/sdk/azcore/policy" @@ -129,7 +129,7 @@ func (d *azureManagedIdentityAuthProvider) Provide(ctx context.Context, artifact return provider.AuthConfig{}, re.ErrorCodeAuthDenied.NewError(re.AuthProvider, "", re.AzureManagedIdentityLink, err, "could not refresh azure managed identity token", re.HideStackTrace) } d.identityToken = newToken - logrus.Info("successfully refreshed azure managed identity token") + logger.GetLogger(ctx, logOpt).Info("successfully refreshed azure managed identity token") } // add protocol to generate complete URI serverURL := "https://" + artifactHostName diff --git a/pkg/common/oras/authprovider/azure/azureworkloadidentity.go b/pkg/common/oras/authprovider/azure/azureworkloadidentity.go index 008470ded..5541940fa 100644 --- a/pkg/common/oras/authprovider/azure/azureworkloadidentity.go +++ b/pkg/common/oras/authprovider/azure/azureworkloadidentity.go @@ -22,13 +22,13 @@ import ( "time" re "github.com/deislabs/ratify/errors" + "github.com/deislabs/ratify/internal/logger" provider "github.com/deislabs/ratify/pkg/common/oras/authprovider" "github.com/deislabs/ratify/pkg/metrics" "github.com/deislabs/ratify/pkg/utils/azureauth" "github.com/Azure/azure-sdk-for-go/services/preview/containerregistry/runtime/2019-08-15-preview/containerregistry" "github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential" - "github.com/sirupsen/logrus" ) type AzureWIProviderFactory struct{} //nolint:revive // ignore linter to have unique type name @@ -123,7 +123,7 @@ func (d *azureWIAuthProvider) Provide(ctx context.Context, artifact string) (pro return provider.AuthConfig{}, re.ErrorCodeAuthDenied.NewError(re.AuthProvider, "", re.AzureWorkloadIdentityLink, nil, "could not refresh AAD token", re.HideStackTrace) } d.aadToken = newToken - logrus.Info("successfully refreshed AAD token") + logger.GetLogger(ctx, logOpt).Info("successfully refreshed AAD token") } // add protocol to generate complete URI diff --git a/pkg/common/oras/authprovider/azure/const.go b/pkg/common/oras/authprovider/azure/const.go index 53dcaee7b..e0014ea84 100644 --- a/pkg/common/oras/authprovider/azure/const.go +++ b/pkg/common/oras/authprovider/azure/const.go @@ -15,10 +15,18 @@ limitations under the License. package azure -import "time" +import ( + "time" + + "github.com/deislabs/ratify/internal/logger" +) const ( dockerTokenLoginUsernameGUID = "00000000-0000-0000-0000-000000000000" AADResource = "https://containerregistry.azure.net/.default" defaultACRExpiryDuration time.Duration = 3 * time.Hour ) + +var logOpt = logger.Option{ + ComponentType: logger.AuthProvider, +} diff --git a/pkg/policyprovider/regopolicy/regopolicy.go b/pkg/policyprovider/regopolicy/regopolicy.go index b9f7fc35a..ad3d85057 100644 --- a/pkg/policyprovider/regopolicy/regopolicy.go +++ b/pkg/policyprovider/regopolicy/regopolicy.go @@ -22,6 +22,7 @@ import ( "os" re "github.com/deislabs/ratify/errors" + "github.com/deislabs/ratify/internal/logger" "github.com/deislabs/ratify/pkg/common" "github.com/deislabs/ratify/pkg/executor/types" "github.com/deislabs/ratify/pkg/ocispecs" @@ -32,7 +33,6 @@ import ( opa "github.com/deislabs/ratify/pkg/policyprovider/policyengine/opaengine" query "github.com/deislabs/ratify/pkg/policyprovider/policyquery/rego" policyTypes "github.com/deislabs/ratify/pkg/policyprovider/types" - "github.com/sirupsen/logrus" ) type policyEnforcer struct { @@ -51,6 +51,10 @@ type policyEnforcerConf struct { // Factory is a factory for creating rego policy enforcers. type Factory struct{} +var logOpt = logger.Option{ + ComponentType: logger.PolicyProvider, +} + // init calls Register for our rego policy provider. func init() { pf.Register(policyTypes.RegoPolicy, &Factory{}) @@ -121,7 +125,7 @@ func (e *policyEnforcer) OverallVerifyResult(ctx context.Context, verifierReport nestedReports["verifierReports"] = verifierReports result, err := e.OpaEngine.Evaluate(ctx, nestedReports) if err != nil { - logrus.Errorf("failed to evaluate policy: %v", err) + logger.GetLogger(ctx, logOpt).Errorf("failed to evaluate policy: %v", err) return false } return result diff --git a/pkg/referrerstore/oras/cache.go b/pkg/referrerstore/oras/cache.go index c2699ccd4..3b983fa1e 100644 --- a/pkg/referrerstore/oras/cache.go +++ b/pkg/referrerstore/oras/cache.go @@ -22,12 +22,11 @@ import ( "time" "github.com/deislabs/ratify/errors" + "github.com/deislabs/ratify/internal/logger" "github.com/deislabs/ratify/pkg/cache" "github.com/deislabs/ratify/pkg/common" "github.com/deislabs/ratify/pkg/ocispecs" "github.com/deislabs/ratify/pkg/referrerstore" - - "github.com/sirupsen/logrus" ) const defaultTTL = 10 @@ -57,24 +56,24 @@ func (store *orasStoreWithInMemoryCache) ListReferrers(ctx context.Context, subj cacheKey := fmt.Sprintf(cache.CacheKeyListReferrers, subjectReference.Original) cacheProvider := cache.GetCacheProvider() if cacheProvider == nil { - logrus.Warningf("failed to get cache provider") + logger.GetLogger(ctx, logOpt).Warnf("failed to get cache provider") } else { val, found := cacheProvider.Get(ctx, cacheKey) if val != "" && found { if err = json.Unmarshal([]byte(val), &result); err != nil { - logrus.Warning(errors.ErrorCodeDataDecodingFailure.NewError(errors.Cache, "", errors.EmptyLink, err, fmt.Sprintf("failed to unmarshal cache value for key %s: %s", cacheKey, val), errors.HideStackTrace)) + logger.GetLogger(ctx, logOpt).Warn(errors.ErrorCodeDataDecodingFailure.NewError(errors.Cache, "", errors.EmptyLink, err, fmt.Sprintf("failed to unmarshal cache value for key %s: %s", cacheKey, val), errors.HideStackTrace)) } else { - logrus.Debug("cache hit for list referrers") + logger.GetLogger(ctx, logOpt).Debug("cache hit for list referrers") return result, nil } } } - logrus.Debugf("list referrers cache miss for value: %s", subjectReference.Original) + logger.GetLogger(ctx, logOpt).Debugf("list referrers cache miss for value: %s", subjectReference.Original) result, err = store.ReferrerStore.ListReferrers(ctx, subjectReference, artifactTypes, nextToken, subjectDesc) if err == nil { if cacheProvider != nil { if added := cacheProvider.SetWithTTL(ctx, cacheKey, result, time.Duration(store.cacheConf.TTL)*time.Second); !added { // TODO: convert ttl to duration in helm values - logrus.WithContext(ctx).Warnf("failed to add cache with key: %+v, val: %+v", cacheKey, result) + logger.GetLogger(ctx, logOpt).Warnf("failed to add cache with key: %+v, val: %+v", cacheKey, result) } } } @@ -87,25 +86,25 @@ func (store *orasStoreWithInMemoryCache) GetSubjectDescriptor(ctx context.Contex var err error cacheProvider := cache.GetCacheProvider() if cacheProvider == nil { - logrus.Warningf("failed to get cache provider") + logger.GetLogger(ctx, logOpt).Warnf("failed to get cache provider") } else { val, found := cacheProvider.Get(ctx, fmt.Sprintf(cache.CacheKeySubjectDescriptor, subjectReference.Digest)) if val != "" && found { if err = json.Unmarshal([]byte(val), result); err != nil { - logrus.Warning(errors.ErrorCodeDataDecodingFailure.NewError(errors.Cache, "", errors.EmptyLink, err, fmt.Sprintf("failed to unmarshal cache value: %v", val), errors.HideStackTrace)) + logger.GetLogger(ctx, logOpt).Warn(errors.ErrorCodeDataDecodingFailure.NewError(errors.Cache, "", errors.EmptyLink, err, fmt.Sprintf("failed to unmarshal cache value: %v", val), errors.HideStackTrace)) } else { - logrus.Debug("cache hit for subject descriptor") + logger.GetLogger(ctx, logOpt).Debug("cache hit for subject descriptor") return result, nil } } } - logrus.Debugf("subject descriptor cache miss for value: %s", subjectReference.Original) + logger.GetLogger(ctx, logOpt).Debugf("subject descriptor cache miss for value: %s", subjectReference.Original) result, err = store.ReferrerStore.GetSubjectDescriptor(ctx, subjectReference) if err == nil { if cacheProvider != nil { cacheKey := fmt.Sprintf(cache.CacheKeySubjectDescriptor, result.Digest) if added := cacheProvider.Set(ctx, cacheKey, *result); !added { - logrus.WithContext(ctx).Warnf("failed to add cache with key: %+v, val: %+v", cacheKey, result) + logger.GetLogger(ctx, logOpt).Warnf("failed to add cache with key: %+v, val: %+v", cacheKey, result) } } } diff --git a/pkg/referrerstore/utils/utils.go b/pkg/referrerstore/utils/utils.go index 86d9dca9f..9afd5ed67 100644 --- a/pkg/referrerstore/utils/utils.go +++ b/pkg/referrerstore/utils/utils.go @@ -19,19 +19,23 @@ import ( "context" "github.com/deislabs/ratify/errors" + "github.com/deislabs/ratify/internal/logger" "github.com/deislabs/ratify/pkg/common" "github.com/deislabs/ratify/pkg/ocispecs" "github.com/deislabs/ratify/pkg/referrerstore" - "github.com/sirupsen/logrus" ) +var logOpt = logger.Option{ + ComponentType: logger.ReferrerStore, +} + func ResolveSubjectDescriptor(ctx context.Context, stores *[]referrerstore.ReferrerStore, subRef common.Reference) (*ocispecs.SubjectDescriptor, error) { for _, referrerStore := range *stores { desc, err := referrerStore.GetSubjectDescriptor(ctx, subRef) if err == nil { return desc, nil } - logrus.Warn(errors.ErrorCodeGetSubjectDescriptorFailure.NewError(errors.ReferrerStore, referrerStore.Name(), errors.EmptyLink, err, "failed to resolve the subject descriptor", errors.HideStackTrace)) + logger.GetLogger(ctx, logOpt).Warn(errors.ErrorCodeGetSubjectDescriptorFailure.NewError(errors.ReferrerStore, referrerStore.Name(), errors.EmptyLink, err, "failed to resolve the subject descriptor", errors.HideStackTrace)) } return nil, errors.ErrorCodeReferrerStoreFailure.WithDetail("could not resolve descriptor for a subject from any stores").WithComponentType(errors.ReferrerStore) diff --git a/pkg/verifier/notation/truststore.go b/pkg/verifier/notation/truststore.go index 3fb91e519..95632a375 100644 --- a/pkg/verifier/notation/truststore.go +++ b/pkg/verifier/notation/truststore.go @@ -21,12 +21,16 @@ import ( "errors" "fmt" + "github.com/deislabs/ratify/internal/logger" "github.com/deislabs/ratify/pkg/controllers" "github.com/deislabs/ratify/pkg/utils" "github.com/notaryproject/notation-go/verifier/truststore" - "github.com/sirupsen/logrus" ) +var logOpt = logger.Option{ + ComponentType: logger.Verifier, +} + type trustStore struct { certPaths []string certStores map[string][]string @@ -36,15 +40,15 @@ type trustStore struct { // Note: this api gets invoked when Ratify calls verify API, so the certificates // will be loaded for each signature verification. // And this API must follow the Notation Trust Store spec: https://github.com/notaryproject/notaryproject/blob/main/specs/trust-store-trust-policy.md#trust-store -func (s trustStore) GetCertificates(_ context.Context, _ truststore.Type, namedStore string) ([]*x509.Certificate, error) { - certs, err := s.getCertificatesInternal(namedStore, controllers.GetCertificatesMap()) +func (s trustStore) GetCertificates(ctx context.Context, _ truststore.Type, namedStore string) ([]*x509.Certificate, error) { + certs, err := s.getCertificatesInternal(ctx, namedStore, controllers.GetCertificatesMap()) if err != nil { return nil, err } return s.filterValidCerts(certs) } -func (s trustStore) getCertificatesInternal(namedStore string, certificatesMap map[string][]*x509.Certificate) ([]*x509.Certificate, error) { +func (s trustStore) getCertificatesInternal(ctx context.Context, namedStore string, certificatesMap map[string][]*x509.Certificate) ([]*x509.Certificate, error) { certs := make([]*x509.Certificate, 0) // certs configured for this namedStore overrides cert path @@ -52,7 +56,7 @@ func (s trustStore) getCertificatesInternal(namedStore string, certificatesMap m for _, certStore := range certGroup { result := certificatesMap[certStore] if len(result) == 0 { - logrus.Warnf("no certificate fetched for certStore %+v", certStore) + logger.GetLogger(ctx, logOpt).Warnf("no certificate fetched for certStore %+v", certStore) } certs = append(certs, result...) } diff --git a/pkg/verifier/notation/truststore_test.go b/pkg/verifier/notation/truststore_test.go index fad9d9540..d767c2421 100644 --- a/pkg/verifier/notation/truststore_test.go +++ b/pkg/verifier/notation/truststore_test.go @@ -1,6 +1,7 @@ package notation import ( + "context" "crypto/x509" "encoding/pem" "os" @@ -24,7 +25,7 @@ func TestGetCertificates_EmptyCertMap(t *testing.T) { } certificatesMap := map[string][]*x509.Certificate{} - if _, err := store.getCertificatesInternal("store1", certificatesMap); err == nil { + if _, err := store.getCertificatesInternal(context.Background(), "store1", certificatesMap); err == nil { t.Fatalf("error expected if cert map is empty") } } @@ -46,7 +47,7 @@ func TestGetCertificates_NamedStore(t *testing.T) { certificatesMap["kv2"] = []*x509.Certificate{kv2Cert} // only the certificate in the specified namedStore should be returned - result, _ := store.getCertificatesInternal("store1", certificatesMap) + result, _ := store.getCertificatesInternal(context.Background(), "store1", certificatesMap) expectedLen := 1 if len(result) != expectedLen { @@ -71,7 +72,7 @@ func TestGetCertificates_certPath(t *testing.T) { trustStore := &trustStore{ certPaths: []string{tmpFile.Name()}, } - certs, err := trustStore.getCertificatesInternal("", nil) + certs, err := trustStore.getCertificatesInternal(context.Background(), "", nil) if err != nil { t.Fatalf("failed to get certs: %v", err) }