[VC-36032] Pass the context to Venafi clients and enable debug roundtripper

[wallrj]

• Improve orderly shutdown by abandoning ongoing requests to Venafi when the context is cancelled
• Make it easier to debug venafi data upload problems by allowing the request details to be logged with --log-level=6.

go run . agent --install-namespace venafi --one-shot --input-path out.json  --venafi-connection venafi-components -v6

I1127 09:58:16.779115 318776 metrics_transport.go:113] "outgoing http request succeeded" source="controller-runtime" method="POST" uri="https://api.venafi.eu/v1/oauth2/v2.0/9a0cab61-2b00-11ee-ba09-0733b0fe5adc/token" status="200 OK" duration="582.557289ms"
I1127 09:58:17.313520 318776 round_trippers.go:553] POST https://api.venafi.eu/v1/tlspk/upload/clusterdata/no?name=my_cluster 200 OK in 502 milliseconds
I1127 09:58:17.313624 318776 run.go:405] "Data sent successfully" logger="Run.gatherAndOutputData.postData"

W1127 09:58:17.313811 318776 reflector.go:484] pkg/mod/k8s.io/client-go@v0.31.1/tools/cache/reflector.go:243: watch of *v1alpha1.VenafiConnection ended with: an error on the server ("unable to decode an event from the watch stream: context canceled") has prevented the request from succeeding
I1127 09:58:17.313874 318776 reflector.go:311] Stopping reflector *v1alpha1.VenafiConnection (10h1m26.347417125s) from pkg/mod/k8s.io/client-go@v0.31.1/tools/cache/reflector.go:243
I1127 09:58:17.313899 318776 run.go:484] "Shutting down" logger="Run.APIServer.ListenAndServe" addr=":8081"
I1127 09:58:17.314047 318776 run.go:499] "Shutdown complete" logger="Run.APIServer.ListenAndServe" addr=":8081"

[wallrj]

https://github.com/jetstack/jetstack-secure/blob/VC-36032/context-to-client/deploy/charts/venafi-kubernetes-agent/README.md#extraargs--array

[wallrj]

Matches what is now used in the E2E test:

• https://github.com/jetstack/jetstack-secure/blob/VC-36032/context-to-client/hack/e2e/values.venafi-kubernetes-agent.yaml#L11-L13

jetstack-secure/hack/e2e/values.venafi-kubernetes-agent.yaml

Lines 11 to 13 in fcca2f1

	extraArgs:
	- --logging-format=json
	- --log-level=6

[wallrj]

Here's how it looks in Google Logs Explorer

[wallrj]

Nothing gets logged by the client in this test

$ go test ./pkg/agent/... -v -run "Test_ValidateAndCombineConfig_VenafiCloudKeyPair"
=== RUN   Test_ValidateAndCombineConfig_VenafiCloudKeyPair
=== RUN   Test_ValidateAndCombineConfig_VenafiCloudKeyPair/server,_uploader_id,_and_cluster_name_are_correctly_passed
    envtest.go:188: fake api.venafi.cloud received request: POST /v1/oauth/token/serviceaccount
    envtest.go:188: fake api.venafi.cloud received request: POST /v1/tlspk/upload/clusterdata/no
--- PASS: Test_ValidateAndCombineConfig_VenafiCloudKeyPair (0.01s)
    --- PASS: Test_ValidateAndCombineConfig_VenafiCloudKeyPair/server,_uploader_id,_and_cluster_name_are_correctly_passed (0.01s)
PASS
ok      github.com/jetstack/preflight/pkg/agent 0.044s

[wallrj]

$ go test ./pkg/agent/... -v -run "Test_ValidateAndCombineConfig_VenafiConnection"
=== RUN   Test_ValidateAndCombineConfig_VenafiConnection
=== RUN   Test_ValidateAndCombineConfig_VenafiConnection/err_when_cluster_id_field_is_empty
=== RUN   Test_ValidateAndCombineConfig_VenafiConnection/the_server_field_is_ignored_when_VenafiConnection_is_used
=== NAME  Test_ValidateAndCombineConfig_VenafiConnection
    envtest.go:188: fake api.venafi.cloud received request: POST /v1/tlspk/upload/clusterdata/no
    envtest.go:51: Waiting for envtest to exit
--- PASS: Test_ValidateAndCombineConfig_VenafiConnection (7.01s)
    --- PASS: Test_ValidateAndCombineConfig_VenafiConnection/err_when_cluster_id_field_is_empty (0.00s)
    --- PASS: Test_ValidateAndCombineConfig_VenafiConnection/the_server_field_is_ignored_when_VenafiConnection_is_used (0.17s)
PASS
ok      github.com/jetstack/preflight/pkg/agent 7.041s

[wallrj]

$ go test ./pkg/client/... -v -run "TestVenConnClient_PostDataReadin
gsWithOptions"
=== RUN   TestVenConnClient_PostDataReadingsWithOptions
=== PAUSE TestVenConnClient_PostDataReadingsWithOptions
=== CONT  TestVenConnClient_PostDataReadingsWithOptions
=== RUN   TestVenConnClient_PostDataReadingsWithOptions/valid_accessToken
    envtest.go:188: fake api.venafi.cloud received request: POST /v1/tlspk/upload/clusterdata/no
=== RUN   TestVenConnClient_PostDataReadingsWithOptions/error_when_the_apiKey_field_is_used
W1127 14:44:47.223096  366750 reflector.go:484] pkg/mod/k8s.io/client-go@v0.31.1/tools/cache/reflector.go:243: watch of *v1.PartialObjectMetadata ended with: an error on the server ("unable to decode an event from the watch stream: context canceled") has prevented the request from succeeding
    envtest.go:188: fake api.venafi.cloud received request: GET /v1/useraccounts
    envtest.go:188: fake api.venafi.cloud received request: GET /v1/useraccounts
    metrics_transport.go:113: I1127 14:44:47.488976] outgoing http request succeeded method="GET" uri="https://127.0.0.1:36713/v1/useraccounts" status="200 OK" duration="340.47µs"
W1127 14:44:47.491474  366750 reflector.go:484] pkg/mod/k8s.io/client-go@v0.31.1/tools/cache/reflector.go:243: watch of *v1alpha1.VenafiConnection ended with: an error on the server ("unable to decode an event from the watch stream: context canceled") has prevented the request from succeeding
=== RUN   TestVenConnClient_PostDataReadingsWithOptions/error_when_the_tpp_field_is_used
W1127 14:44:47.491530  366750 reflector.go:484] pkg/mod/k8s.io/client-go@v0.31.1/tools/cache/reflector.go:243: watch of *v1.PartialObjectMetadata ended with: an error on the server ("unable to decode an event from the watch stream: context canceled") has prevented the request from succeeding
    envtest.go:235: fake tpp.example.com received request: GET /vedsdk/Identity/Self
    envtest.go:235: fake tpp.example.com received request: GET /vedsdk/Identity/Self
    metrics_transport.go:113: I1127 14:44:47.756336] outgoing http request succeeded method="GET" uri="https://127.0.0.1:46053/vedsdk/Identity/Self" status="200 OK" duration="453.761µs"
=== NAME  TestVenConnClient_PostDataReadingsWithOptions
    envtest.go:51: Waiting for envtest to exit
--- PASS: TestVenConnClient_PostDataReadingsWithOptions (7.93s)
    --- PASS: TestVenConnClient_PostDataReadingsWithOptions/valid_accessToken (2.35s)
    --- PASS: TestVenConnClient_PostDataReadingsWithOptions/error_when_the_apiKey_field_is_used (0.27s)
    --- PASS: TestVenConnClient_PostDataReadingsWithOptions/error_when_the_tpp_field_is_used (0.27s)
PASS
ok      github.com/jetstack/preflight/pkg/client        7.958s

[wallrj]

client-go uses the global klog functions rather than the logger from the context. I didn't realise that when I started this PR and in hindsight the introduction of DebugWrappers could be split into a separate PR.

• https://pkg.go.dev/k8s.io/client-go@v0.30.2/transport#DebugWrappers
• https://github.com/kubernetes/client-go/blob/v0.30.2/transport/round_trippers.go#L459-L476

[maelvls]

I'm OK with these having these two seemingly unrelated changes (debug roundtripper + pass context down to Venafi clients) since it aims to the same thing: logging HTTP requests for the Venafi client and the Kubernetes client.

outgoing http request succeeded method="GET" uri="https://127.0.0.1:46053/vedsdk/Identity/Self" status="200 OK" duration="453.761µs"

Excellent! We will have a much easier way to debug customer issues with -v=6. Your PR will allow us to close #220, too. @hawksight will be super happy to hear about your change.

I have looked at the changes and they look OK to me. I have not tried the feature locally since you showed everything I needed in the PR description.

[maelvls]

Maybe one note: client-go seems to be forcing -v=6 on us. I don't particularly like -v=6 as it is super hidden, but it's such a helpful feature. Sometimes, I'd prefer that we had something like --log-http-requests, but -v=6 will do, especially since you have added some notes in the flag's help:

-v      0=Info, 1=Debug, 2=Trace. Use 6-9 for increasingly verbose HTTP request logging. (default: 0)