Commit 1936b585 authored by Pierre Smeyers's avatar Pierre Smeyers
Browse files

Merge branch 'feat-add-logging' into 'main' 

feat: Add logging

See merge request to-be-continuous/tools/gcp-auth-provider!79
parents 56b5c8b1 fcb415fe

README.md

+4 −0
Original line number Diff line number Diff line
@@ -106,3 +106,7 @@ deploy-job: 
    # deploy (pseudo code)

    - my-deploy-tool deploy --other --args

```



[!tip] Troubleshooting

> The service can be debugged by [setting the `CI_DEBUG_SERVICES` variable](https://docs.gitlab.com/ci/services/#capturing-service-container-logs) when running your CI/CD pipeline.

> This will print the service container logs in the job output console.

gcp_auth_provider/gcp_client.py

+6 −0
Original line number Diff line number Diff line 
import logging

import os

from urllib.parse import urlparse
@@ -10,6 +11,8 @@ cert_kw = { 
    "ca_certs": certifi.where(),

}



logger = logging.getLogger("uvicorn.error")



var_names = ["https_proxy", "HTTPS_PROXY", "http_proxy", "HTTP_PROXY"]

proxy_var = next(filter(bool, map(os.environ.get, var_names)), None)
@@ -42,6 +45,7 @@ def get_iam_credentials(service_account, federated_token): 
        json={"scope": ["https://www.googleapis.com/auth/cloud-platform"]},

    )

    if resp.status != 200:

        logger.fatal(f"500: Failed to get iam credential token for service_account={service_account} msg: {resp.json()}")

        raise HTTPException(

            status_code=500,

            detail=f"Failed to get iam credential token for service_account={service_account} msg: {resp.json()}",
@@ -51,6 +55,7 @@ def get_iam_credentials(service_account, federated_token): 


def get_sts_token(audience):

    if not JWT_TOKEN:

        logger.fatal("401: Missing $CI_JOB_JWT_V2 or $GCP_JWT token")

        raise HTTPException(

            status_code=401, detail="Missing $CI_JOB_JWT_V2 or $GCP_JWT token"

        )
@@ -69,6 +74,7 @@ def get_sts_token(audience): 
        },

    )

    if resp.status != 200:

        logger.fatal(f"500: Failed to get sts token for audience={audience} msg: {resp.json()}")

        raise HTTPException(

            status_code=500,

            detail=f"Failed to get sts token for audience={audience} msg: {resp.json()}",

gcp_auth_provider/main.py

+3 −0
Original line number Diff line number Diff line 
import logging

import os

import re
@@ -11,6 +12,7 @@ from gcp_auth_provider.gcp_client import get_iam_credentials, get_sts_token 


# app = FastAPI()



logger = logging.getLogger("uvicorn.error")



def guess_env_type() -> str:

    env_type = os.getenv("ENV_TYPE")
@@ -79,6 +81,7 @@ def token(request: Request): 
            service_account = get_oidc_account(var_prefix)



        if not workload_identity_provider:

            logger.error(f"400: Token couldn't retrieve implicit OIDC provider for env='{env_type}', workloadIdentityProvider={workload_identity_provider}")

            raise HTTPException(

                status_code=400,

                detail=f"Token couldn't retrieve implicit OIDC provider for env='{env_type}', workloadIdentityProvider={workload_identity_provider}",