]> go.fuhry.dev Git - runtime.git/commitdiff
projects / runtime.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9f7d19d)
mtls/provider_file: better logging for load failures
authorDan Fuhry <dan@fuhry.com>
Fri, 13 Sep 2024 01:35:03 +0000 (21:35 -0400)
committerDan Fuhry <dan@fuhry.com>
Fri, 13 Sep 2024 01:35:03 +0000 (21:35 -0400)
mtls/provider_file.go patch | blob | history

diff --git a/mtls/provider_file.go b/mtls/provider_file.go
index a787f42eb3673967e20eb0dceacadc6e102ea921..1f01e495cb46cced72b02ace963280060f9dbe90 100644 (file)
--- a/mtls/provider_file.go
+++ b/mtls/provider_file.go
@@ -70,6 +70,8 @@ func LoadServiceIdentityFromFilesystem(serviceIdentity string) (*FileBackedCerti
 func newFileBackedCertificateFromBaseDir(mtlsRootPath string, serviceIdentity string) (*FileBackedCertificate, error) {
        certDirectory := path.Join(mtlsRootPath, serviceIdentity)
 
+       logger.V(2).Debugf("trying to load identity %q from root path %q", serviceIdentity, certDirectory)
+
        leafPath := path.Join(certDirectory, "cert.pem")
        chainPath := path.Join(certDirectory, "chain.pem")
        keyPath := path.Join(certDirectory, "privkey.pem")
@@ -77,6 +79,7 @@ func newFileBackedCertificateFromBaseDir(mtlsRootPath string, serviceIdentity st
 
        for _, file := range []string{leafPath, chainPath, keyPath, rootPath} {
                if err := fsutil.FileExistsAndIsReadable(file); err != nil {
+                       logger.V(2).Errorf("cannot load identity %q from %s: error reading file %q: %v", serviceIdentity, certDirectory, file, err)
                        return nil, err
                }
        }
@@ -119,6 +122,8 @@ func LoadUserIdentityFromFilesystem() (*FileBackedCertificate, error) {
 func LoadSSLCertificateFromFilesystem(certName string) (*FileBackedCertificate, error) {
        certDirectory := path.Join(sslCertsBaseDir, certName)
 
+       logger.V(2).Debugf("trying to load ssl cert %q from root path %q", certName, certDirectory)
+
        leafPath := path.Join(certDirectory, "cert.pem")
        chainPath := path.Join(certDirectory, "chain.pem")
        keyPath := path.Join(certDirectory, "privkey.pem")
@@ -127,6 +132,7 @@ func LoadSSLCertificateFromFilesystem(certName string) (*FileBackedCertificate,
 
        for _, file := range []string{leafPath, chainPath, keyPath, rootPath} {
                if err := fsutil.FileExistsAndIsReadable(file); err != nil {
+                       logger.V(2).Errorf("cannot load ssl cert %q from %s: error reading file %q: %v", certName, certDirectory, file, err)
                        return nil, err
                }
        }