3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-08-06 10:21:05 +02:00
Code Issues Projects Releases Packages Wiki Activity

autocert: suppress OCSP stapling errors (#4373)

Browse source 
autocert: suppress OCSP stapling errors (#4371)

* autocert: suppress OCSP stapling errors

* check level, add test

Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>
This commit is contained in:
backport-actions-token[bot] 2023-07-19 19:59:25 +00:00 committed by GitHub
parent 6011c661b2
commit 9450e48977
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 82 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

53
internal/autocert/certmagic_logger.go Normal file
View file

@ -0,0 +1,53 @@
package autocert
import (
"strings"
"go.uber.org/zap"
"go.uber.org/zap/zapcore"
"github.com/pomerium/pomerium/internal/log"
)
type certMagicLoggerCore struct {
core zapcore.Core
fields []zapcore.Field
}
func (c certMagicLoggerCore) Enabled(lvl zapcore.Level) bool {
return c.core.Enabled(lvl)
}
func (c certMagicLoggerCore) With(fs []zapcore.Field) zapcore.Core {
return certMagicLoggerCore{core: c.core, fields: append(c.fields, fs...)}
}
func (c certMagicLoggerCore) Check(e zapcore.Entry, ce *zapcore.CheckedEntry) *zapcore.CheckedEntry {
if !c.Enabled(e.Level) {
return ce
}
return ce.AddCore(e, c)
}
func (c certMagicLoggerCore) Write(e zapcore.Entry, fs []zapcore.Field) error {
fs = append(c.fields, fs...)
for _, f := range fs {
if f.Type == zapcore.ErrorType && strings.Contains(f.Interface.(error).Error(), "no OCSP server specified in certificate") {
// ignore this error message (#4245)
return nil
}
}
return c.core.Write(e, fs)
}
func (c certMagicLoggerCore) Sync() error {
return c.core.Sync()
}
func getCertMagicLogger() *zap.Logger {
logger := log.ZapLogger().With(zap.String("service", "autocert"))
logger = logger.WithOptions(zap.WrapCore(func(c zapcore.Core) zapcore.Core {
return certMagicLoggerCore{core: c}
}))
return logger
}

28
internal/autocert/certmagic_logger_test.go Normal file
View file

@ -0,0 +1,28 @@
package autocert
import (
"bytes"
"errors"
"testing"
"github.com/stretchr/testify/assert"
"go.uber.org/zap"
"go.uber.org/zap/zapcore"
)
func TestCertMagicLogger(t *testing.T) {
t.Parallel()
encoder := zapcore.NewJSONEncoder(zap.NewProductionEncoderConfig())
var buf bytes.Buffer
core := zapcore.NewCore(encoder, zapcore.AddSync(&buf), zapcore.DebugLevel)
core = certMagicLoggerCore{core: core}
logger := zap.New(core)
logger.Info("TEST", zap.Error(errors.New("no OCSP server specified in certificate")))
assert.Empty(t, buf.Bytes())
logger.Info("TEST")
assert.NotEmpty(t, buf.Bytes())
}

3
internal/autocert/manager.go
View file

@ -18,7 +18,6 @@ import (
"github.com/caddyserver/certmagic" "github.com/caddyserver/certmagic"
"github.com/mholt/acmez/acme" "github.com/mholt/acmez/acme"
"github.com/rs/zerolog" "github.com/rs/zerolog"
"go.uber.org/zap"
"github.com/pomerium/pomerium/config" "github.com/pomerium/pomerium/config"
"github.com/pomerium/pomerium/internal/httputil" "github.com/pomerium/pomerium/internal/httputil"
@ -78,7 +77,7 @@ func newManager(ctx context.Context,
return nil, err return nil, err
} }
logger := log.ZapLogger().With(zap.String("service", "autocert")) logger := getCertMagicLogger()
acmeTemplate.Logger = logger acmeTemplate.Logger = logger
mgr := &Manager{ mgr := &Manager{