From fe8c64a203c195593035bb3552b39ef510b80256 Mon Sep 17 00:00:00 2001 From: joe miller Date: Fri, 17 May 2019 16:10:33 -0700 Subject: [PATCH] switch to pantheon certinel fork (#19) * switch to pantheon certinel fork * fix race condition in concurrent map read/write * switch to using stat()-based pollwatcher with certinel --- go.mod | 23 ++++++------------- go.sum | 19 +++++++++++---- pkg/output/http_writer_config.go | 13 +++++------ .../notification_serivce_transformer.go | 15 +++++++----- 4 files changed, 37 insertions(+), 33 deletions(-) diff --git a/go.mod b/go.mod index 75c85a8..c4a914c 100644 --- a/go.mod +++ b/go.mod @@ -1,25 +1,16 @@ module github.com/pantheon-systems/pauditd require ( - github.com/cloudflare/certinel v0.1.1 - github.com/davecgh/go-spew v1.1.1 - github.com/fsnotify/fsnotify v1.4.7 - github.com/hashicorp/hcl v1.0.0 - github.com/magiconair/properties v1.8.0 - github.com/mitchellh/mapstructure v1.1.2 - github.com/pelletier/go-toml v1.2.0 + github.com/BurntSushi/toml v0.3.1 // indirect + github.com/mitchellh/mapstructure v1.1.2 // indirect + github.com/pantheon-systems/certinel v1.2.0 github.com/pkg/errors v0.8.1 // indirect - github.com/pmezard/go-difflib v1.0.0 github.com/satori/go.uuid v1.2.0 - github.com/spf13/afero v1.1.2 - github.com/spf13/cast v1.2.0 - github.com/spf13/jwalterweatherman v1.0.0 - github.com/spf13/pflag v1.0.3 + github.com/spf13/pflag v1.0.3 // indirect github.com/spf13/viper v1.2.1 github.com/streadway/handy v0.0.0-20160402200321-f450267a206e - github.com/stretchr/testify v1.2.2 - golang.org/x/sys v0.0.0-20181011152604-fa43e7bc11ba - golang.org/x/text v0.3.0 + github.com/stretchr/objx v0.2.0 // indirect + github.com/stretchr/testify v1.3.0 + golang.org/x/sys v0.0.0-20181011152604-fa43e7bc11ba // indirect gopkg.in/alexcesaro/statsd.v2 v2.0.0 - gopkg.in/yaml.v2 v2.2.1 ) diff --git a/go.sum b/go.sum index 652b676..a75bab3 100644 --- a/go.sum +++ b/go.sum @@ -1,7 +1,9 @@ -github.com/cloudflare/certinel v0.1.1 h1:78w5bkzMZy5G6K9vnfxAp1DqRnRDpGB/4TgIriyXPfg= -github.com/cloudflare/certinel v0.1.1/go.mod h1:YLV0qFllva1unVzcbrAU6Y670pwerPgjZ3MirmyViTg= +github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ= +github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/fsnotify/fsnotify v1.4.2/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= @@ -11,8 +13,11 @@ github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czP github.com/mitchellh/mapstructure v1.0.0/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/mapstructure v1.1.2 h1:fmNYVwqnSfB9mZU6OS2O6GsXM+wcskZDuKQzvN1EDeE= github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= +github.com/pantheon-systems/certinel v1.2.0 h1:EFKgs4yas+QjVsfwDSiRLKqjiiQjPm47pCSg+L48YuQ= +github.com/pantheon-systems/certinel v1.2.0/go.mod h1:HAXqqHlUtcD4gQvtZfAu8CeS9Jbq41yBZFnHjQRNcqI= github.com/pelletier/go-toml v1.2.0 h1:T5zMGML61Wp+FlcbWjRDT7yAxhJNAiPPLOFECq181zc= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= +github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= @@ -32,8 +37,13 @@ github.com/spf13/viper v1.2.1 h1:bIcUwXqLseLF3BDAZduuNfekWG87ibtFxi59Bq+oI9M= github.com/spf13/viper v1.2.1/go.mod h1:P4AexN0a+C9tGAnUFNwDMYYZv3pjFuvmeiMyKRaNVlI= github.com/streadway/handy v0.0.0-20160402200321-f450267a206e h1:kMuBo7Qw/VrZq9MrojwJZp8hyeywuc8J+KdnXIeRmMY= github.com/streadway/handy v0.0.0-20160402200321-f450267a206e/go.mod h1:qNTQ5P5JnDBl6z3cMAg/SywNDC5ABu5ApDIw6lUbRmI= -github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1w= -github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.2.0 h1:Hbg2NidpLE8veEBkEZTL3CvlkUIVzuU9jDplZO54c48= +github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= +github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q= +github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180906133057-8cf3aee42992/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181011152604-fa43e7bc11ba h1:nZJIJPGow0Kf9bU9QTc1U6OXbs/7Hu4e+cNv+hxH+Zc= golang.org/x/sys v0.0.0-20181011152604-fa43e7bc11ba/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -41,6 +51,7 @@ golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= gopkg.in/alexcesaro/statsd.v2 v2.0.0 h1:FXkZSCZIH17vLCO5sO2UucTHsH9pc+17F6pl3JVCwMc= gopkg.in/alexcesaro/statsd.v2 v2.0.0/go.mod h1:i0ubccKGzBVNBpdGV5MocxyA/XlLUJzA7SLonnE4drU= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= diff --git a/pkg/output/http_writer_config.go b/pkg/output/http_writer_config.go index 756cf11..a37fef5 100644 --- a/pkg/output/http_writer_config.go +++ b/pkg/output/http_writer_config.go @@ -7,9 +7,10 @@ import ( "fmt" "io/ioutil" "strconv" + "time" - "github.com/cloudflare/certinel" - "github.com/cloudflare/certinel/fswatcher" + "github.com/pantheon-systems/certinel" + "github.com/pantheon-systems/certinel/pollwatcher" "github.com/pantheon-systems/pauditd/pkg/slog" "github.com/spf13/viper" ) @@ -18,6 +19,7 @@ const ( defaultBufferSize = 100 defaultWorkerCount = 10 defaultBreakerFailureRatio = 0.05 + defaultCertRefreshInterval = 60 * time.Second ) type config struct { @@ -61,12 +63,9 @@ func (c config) String() string { } func (c config) createTLSConfig(cancel context.CancelFunc) (*tls.Config, error) { - watcher, err := fswatcher.New(c.clientCertPath, c.clientKeyPath) - if err != nil { - return nil, err - } + watcher := pollwatcher.New(c.clientCertPath, c.clientKeyPath, defaultCertRefreshInterval) - sentinel := certinel.New(watcher, func(err error) { + sentinel := certinel.New(watcher, slog.Info, func(err error) { slog.Error.Printf("Failed to rotate http writer certificates for TLS: %s", err) cancel() }) diff --git a/pkg/output/httptransformer/notification_serivce_transformer.go b/pkg/output/httptransformer/notification_serivce_transformer.go index 7ec7b15..49a17da 100644 --- a/pkg/output/httptransformer/notification_serivce_transformer.go +++ b/pkg/output/httptransformer/notification_serivce_transformer.go @@ -13,7 +13,7 @@ import ( "github.com/pantheon-systems/pauditd/pkg/metric" "github.com/pantheon-systems/pauditd/pkg/slog" - "github.com/satori/go.uuid" + uuid "github.com/satori/go.uuid" ) // NotificationServiceTransformer transforms the body of an HTTP Writer and handles the logic @@ -79,15 +79,18 @@ func (t NotificationServiceTransformer) Transform(traceID uuid.UUID, body []byte return nil, err } - attributes := make(map[string]string) + attributes := map[string]string{ + "hostname": t.hostname, + "trace_id": traceID.String(), + } + // if extraAttr contains value if len(t.extraAttr) > 0 { - attributes = t.extraAttr + for key, value := range t.extraAttr { + attributes[key] = value + } } - attributes["hostname"] = t.hostname - attributes["trace_id"] = traceID.String() - // we remove the last char of the body, the code that creates the // body is in the marsharller which adds a newline at the end of the // message. This works for all the other output methods but not this one