From: Dan Fuhry <dan@fuhry.com>
Date: Fri, 13 Sep 2024 01:35:03 +0000 (-0400)
Subject: mtls/provider_file: better logging for load failures
X-Git-Url: https://go.fuhry.dev/?a=commitdiff_plain;h=7371652e8b8dcd09b707fcd0c6a0779fbef20d2a;p=runtime.git

mtls/provider_file: better logging for load failures
---

diff --git a/mtls/provider_file.go b/mtls/provider_file.go
index a787f42..1f01e49 100644
--- a/mtls/provider_file.go
+++ b/mtls/provider_file.go
@@ -70,6 +70,8 @@ func LoadServiceIdentityFromFilesystem(serviceIdentity string) (*FileBackedCerti
 func newFileBackedCertificateFromBaseDir(mtlsRootPath string, serviceIdentity string) (*FileBackedCertificate, error) {
 	certDirectory := path.Join(mtlsRootPath, serviceIdentity)
 
+	logger.V(2).Debugf("trying to load identity %q from root path %q", serviceIdentity, certDirectory)
+
 	leafPath := path.Join(certDirectory, "cert.pem")
 	chainPath := path.Join(certDirectory, "chain.pem")
 	keyPath := path.Join(certDirectory, "privkey.pem")
@@ -77,6 +79,7 @@ func newFileBackedCertificateFromBaseDir(mtlsRootPath string, serviceIdentity st
 
 	for _, file := range []string{leafPath, chainPath, keyPath, rootPath} {
 		if err := fsutil.FileExistsAndIsReadable(file); err != nil {
+			logger.V(2).Errorf("cannot load identity %q from %s: error reading file %q: %v", serviceIdentity, certDirectory, file, err)
 			return nil, err
 		}
 	}
@@ -119,6 +122,8 @@ func LoadUserIdentityFromFilesystem() (*FileBackedCertificate, error) {
 func LoadSSLCertificateFromFilesystem(certName string) (*FileBackedCertificate, error) {
 	certDirectory := path.Join(sslCertsBaseDir, certName)
 
+	logger.V(2).Debugf("trying to load ssl cert %q from root path %q", certName, certDirectory)
+
 	leafPath := path.Join(certDirectory, "cert.pem")
 	chainPath := path.Join(certDirectory, "chain.pem")
 	keyPath := path.Join(certDirectory, "privkey.pem")
@@ -127,6 +132,7 @@ func LoadSSLCertificateFromFilesystem(certName string) (*FileBackedCertificate,
 
 	for _, file := range []string{leafPath, chainPath, keyPath, rootPath} {
 		if err := fsutil.FileExistsAndIsReadable(file); err != nil {
+			logger.V(2).Errorf("cannot load ssl cert %q from %s: error reading file %q: %v", certName, certDirectory, file, err)
 			return nil, err
 		}
 	}