From 69318c7d941beeb83781fb9d446435d987dfccd8 Mon Sep 17 00:00:00 2001 From: Richard Wall Date: Thu, 28 Nov 2024 14:03:42 +0000 Subject: [PATCH 1/3] Allow cancellation of the data upload request when using Venafi Cloud with private key authentication Signed-off-by: Richard Wall --- pkg/client/client_venafi_cloud.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/client/client_venafi_cloud.go b/pkg/client/client_venafi_cloud.go index 459099d6..55a2ea53 100644 --- a/pkg/client/client_venafi_cloud.go +++ b/pkg/client/client_venafi_cloud.go @@ -265,7 +265,7 @@ func (c *VenafiCloudClient) Post(ctx context.Context, path string, body io.Reade return nil, err } - req, err := http.NewRequest(http.MethodPost, fullURL(c.baseURL, path), body) + req, err := http.NewRequestWithContext(ctx, http.MethodPost, fullURL(c.baseURL, path), body) if err != nil { return nil, err } From 6f687223f3658fc3e28a50c66fd2ae3c40f5211f Mon Sep 17 00:00:00 2001 From: Richard Wall Date: Fri, 29 Nov 2024 09:51:31 +0000 Subject: [PATCH 2/3] Set User-Agent header containing the agent version in all HTTP requests This will make it easier to diagnose problems by allowing platform teams to parse HTTP server logs or intermediate HTTP proxy logs and know which version of the agent has made the request. Signed-off-by: Richard Wall --- pkg/client/client_api_token.go | 2 ++ pkg/client/client_oauth.go | 3 +++ pkg/client/client_venafi_cloud.go | 3 +++ 3 files changed, 8 insertions(+) diff --git a/pkg/client/client_api_token.go b/pkg/client/client_api_token.go index 33588d34..f5737a65 100644 --- a/pkg/client/client_api_token.go +++ b/pkg/client/client_api_token.go @@ -11,6 +11,7 @@ import ( "time" "github.com/jetstack/preflight/api" + "github.com/jetstack/preflight/pkg/version" "k8s.io/client-go/transport" ) @@ -90,6 +91,7 @@ func (c *APITokenClient) Post(ctx context.Context, path string, body io.Reader) req.Header.Set("Content-Type", "application/json") req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", c.apiToken)) + req.Header.Set("User-Agent", fmt.Sprintf("venafi-kubernetes-agent/%s", version.PreflightVersion)) return c.client.Do(req) } diff --git a/pkg/client/client_oauth.go b/pkg/client/client_oauth.go index c410d0c5..cb88456a 100644 --- a/pkg/client/client_oauth.go +++ b/pkg/client/client_oauth.go @@ -17,6 +17,7 @@ import ( "k8s.io/client-go/transport" "github.com/jetstack/preflight/api" + "github.com/jetstack/preflight/pkg/version" ) type ( @@ -151,6 +152,7 @@ func (c *OAuthClient) Post(ctx context.Context, path string, body io.Reader) (*h } req.Header.Set("Content-Type", "application/json") + req.Header.Set("User-Agent", fmt.Sprintf("venafi-kubernetes-agent/%s", version.PreflightVersion)) if len(token.bearer) > 0 { req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token.bearer)) @@ -188,6 +190,7 @@ func (c *OAuthClient) renewAccessToken(ctx context.Context) error { return errors.WithStack(err) } req.Header.Add("content-type", "application/x-www-form-urlencoded") + req.Header.Set("User-Agent", fmt.Sprintf("venafi-kubernetes-agent/%s", version.PreflightVersion)) res, err := http.DefaultClient.Do(req) if err != nil { diff --git a/pkg/client/client_venafi_cloud.go b/pkg/client/client_venafi_cloud.go index 55a2ea53..298f2af6 100644 --- a/pkg/client/client_venafi_cloud.go +++ b/pkg/client/client_venafi_cloud.go @@ -30,6 +30,7 @@ import ( "k8s.io/client-go/transport" "github.com/jetstack/preflight/api" + "github.com/jetstack/preflight/pkg/version" ) type ( @@ -272,6 +273,7 @@ func (c *VenafiCloudClient) Post(ctx context.Context, path string, body io.Reade req.Header.Set("Accept", "application/json") req.Header.Set("Content-Type", "application/json") + req.Header.Set("User-Agent", fmt.Sprintf("venafi-kubernetes-agent/%s", version.PreflightVersion)) if len(token.accessToken) > 0 { req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token.accessToken)) @@ -314,6 +316,7 @@ func (c *VenafiCloudClient) updateAccessToken(ctx context.Context) error { request.Header.Add("Content-Type", "application/x-www-form-urlencoded") request.Header.Add("Content-Length", strconv.Itoa(len(encoded))) + request.Header.Set("User-Agent", fmt.Sprintf("venafi-kubernetes-agent/%s", version.PreflightVersion)) now := time.Now() accessToken := accessTokenInformation{} From 406fa7af4f0830f743dc418d9846c385bd01507a Mon Sep 17 00:00:00 2001 From: Richard Wall Date: Fri, 29 Nov 2024 15:42:56 +0000 Subject: [PATCH 3/3] Fix the config tests Signed-off-by: Richard Wall --- pkg/agent/config_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/agent/config_test.go b/pkg/agent/config_test.go index b2e23ab9..414c1590 100644 --- a/pkg/agent/config_test.go +++ b/pkg/agent/config_test.go @@ -178,7 +178,7 @@ func Test_ValidateAndCombineConfig(t *testing.T) { // The log line printed by pflag is not captured by the log recorder. assert.Equal(t, testutil.Undent(` - INFO Using the Jetstack Secure OAuth auth mode since --credentials-file was specified without --venafi-cloud. + INFO Authentication mode mode="Jetstack Secure OAuth" reason="--credentials-file was specified without --venafi-cloud" INFO Using period from config period="1h0m0s" `), b.String()) })