use better middlewarez for ca server

Brian McCallister · Brian McCallister · commit 936f95ca549a · 2019-10-29T11:31:06.000-07:00
diff --git a/cmd/epithet-agent/epithet-agent.go b/cmd/epithet-agent/epithet-agent.go
@@ -73,7 +73,7 @@ func run(cc *cobra.Command, args []string) error {
 		if err != nil {
 			return fmt.Errorf("unable to start agent %s: %w", name, err)
 		}
-		log.Infof("started agent [%s] [authn=%s] [agent=%s]", name, a.ControlSocketPath(), a.AgentSocketPath())
+		log.Infof("started agent [%s] [control=%s] [agent=%s]", name, a.ControlSocketPath(), a.AgentSocketPath())
 		defer a.Close()
 	}
 
diff --git a/cmd/epithet-auth/epithet-auth.go b/cmd/epithet-auth/epithet-auth.go
@@ -8,6 +8,7 @@ import (
 	"strings"
 
 	rpc "github.com/brianm/epithet/internal/agent"
+	"github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 )
 
@@ -28,6 +29,7 @@ func main() {
 		fmt.Fprintln(os.Stderr, err)
 		os.Exit(1)
 	}
+	logrus.Debugf("Authenticate success")
 }
 
 func run(cc *cobra.Command, args []string) error {
@@ -46,7 +48,7 @@ func run(cc *cobra.Command, args []string) error {
 	if err != nil {
 		return err
 	}
-
+	logrus.Debugf("invoking Authenticate")
 	_, err = client.Authenticate(context.Background(), &rpc.AuthnRequest{
 		Token: token,
 	})
diff --git a/cmd/epithet-ca/epithet-ca.go b/cmd/epithet-ca/epithet-ca.go
@@ -5,10 +5,13 @@ import (
 	"io/ioutil"
 	"net/http"
 	"os"
+	"time"
 
 	"github.com/brianm/epithet/pkg/ca"
 	"github.com/brianm/epithet/pkg/caserver"
 	"github.com/brianm/epithet/pkg/sshcert"
+	"github.com/go-chi/chi"
+	"github.com/go-chi/chi/middleware"
 	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 )
@@ -70,10 +73,19 @@ func run(cc *cobra.Command, args []string) error {
 		return fmt.Errorf("unable to create CA: %w", err)
 	}
 
-	handler := caserver.New(c)
+	r := chi.NewRouter()
+
+	// A good base middleware stack
+	r.Use(middleware.RequestID)
+	r.Use(middleware.RealIP)
+	r.Use(middleware.Logger)
+	r.Use(middleware.Recoverer)
+	r.Use(middleware.Timeout(60 * time.Second))
+
+	r.Handle("/", caserver.New(c))
 
 	log.Infof("starting ca at %s", address)
-	err = http.ListenAndServe(address, handler)
+	err = http.ListenAndServe(address, r)
 	if err != nil {
 		return err
 	}
diff --git a/go.mod b/go.mod
@@ -11,6 +11,7 @@ require (
 	github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
 	github.com/docker/go-units v0.3.3 // indirect
+	github.com/go-chi/chi v4.0.2+incompatible
 	github.com/golang/protobuf v1.3.2
 	github.com/gotestyourself/gotestyourself v2.2.0+incompatible // indirect
 	github.com/kr/pretty v0.1.0 // indirect
diff --git a/go.sum b/go.sum
@@ -29,6 +29,8 @@ github.com/docker/go-units v0.3.3 h1:Xk8S3Xj5sLGlG5g67hJmYMmUgXv5N4PhkjJHHqrwnTk
 github.com/docker/go-units v0.3.3/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
 github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
+github.com/go-chi/chi v4.0.2+incompatible h1:maB6vn6FqCxrpz4FqWdh4+lwpyZIQS7YEAUcHlgXVRs=
+github.com/go-chi/chi v4.0.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
diff --git a/pkg/caserver/caserver.go b/pkg/caserver/caserver.go
@@ -11,7 +11,6 @@ import (
 	"github.com/brianm/epithet/pkg/ca"
 	"github.com/brianm/epithet/pkg/sshcert"
 	"github.com/sirupsen/logrus"
-	log "github.com/sirupsen/logrus"
 )
 
 type caServer struct {
@@ -82,7 +81,6 @@ type CreateCertResponse struct {
 const RequestBodySizeLimit = 8192
 
 func (s *caServer) createCert(w http.ResponseWriter, r *http.Request) {
-	log.Debug("new create cert request")
 	ccr := CreateCertRequest{}
 	lr := io.LimitReader(r.Body, RequestBodySizeLimit)
 
diff --git a/test/example_agent.yml b/test/example_agent.yml
@@ -10,4 +10,4 @@ testing:
 example-co:
     ca_url: https://ca.example.com/ssh/
     hooks:
-        need_auth: "/usr/local/bin/epithet-oidc {{control_sock}}"
+        need_auth: "epithet-oidc -f /usr/local/etc/epithet/groupon-oidc.yml -s {{control_sock}}"

Original file line number	Diff line number	Diff line change
`@@ -73,7 +73,7 @@ func run(cc *cobra.Command, args []string) error {`
`73`	`73`	`if err != nil {`
`74`	`74`	`return fmt.Errorf("unable to start agent %s: %w", name, err)`
`75`	`75`	`}`
`76`		`- log.Infof("started agent [%s] [authn=%s] [agent=%s]", name, a.ControlSocketPath(), a.AgentSocketPath())`
	`76`	`+ log.Infof("started agent [%s] [control=%s] [agent=%s]", name, a.ControlSocketPath(), a.AgentSocketPath())`
`77`	`77`	`defer a.Close()`
`78`	`78`	`}`
`79`	`79`
Original file line number	Diff line number	Diff line change
`@@ -8,6 +8,7 @@ import (`
`8`	`8`	`"strings"`
`9`	`9`
`10`	`10`	`rpc "github.com/brianm/epithet/internal/agent"`
	`11`	`+ "github.com/sirupsen/logrus"`
`11`	`12`	`"github.com/spf13/cobra"`
`12`	`13`	`)`
`13`	`14`
`@@ -28,6 +29,7 @@ func main() {`
`28`	`29`	`fmt.Fprintln(os.Stderr, err)`
`29`	`30`	`os.Exit(1)`
`30`	`31`	`}`
	`32`	`+ logrus.Debugf("Authenticate success")`
`31`	`33`	`}`
`32`	`34`
`33`	`35`	`func run(cc *cobra.Command, args []string) error {`
`@@ -46,7 +48,7 @@ func run(cc *cobra.Command, args []string) error {`
`46`	`48`	`if err != nil {`
`47`	`49`	`return err`
`48`	`50`	`}`
`49`		`-`
	`51`	`+ logrus.Debugf("invoking Authenticate")`
`50`	`52`	`_, err = client.Authenticate(context.Background(), &rpc.AuthnRequest{`
`51`	`53`	`Token: token,`
`52`	`54`	`})`