From 65f4d76f155fdf374a7e9cf04e2b56ac3d7959b5 Mon Sep 17 00:00:00 2001 From: Michael Lumish Date: Fri, 21 Feb 2025 09:42:17 -0800 Subject: [PATCH] Add SAN matcher trace logging --- packages/grpc-js-xds/src/load-balancer-cds.ts | 1 + packages/grpc-js-xds/src/xds-credentials.ts | 13 +++++++++---- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/packages/grpc-js-xds/src/load-balancer-cds.ts b/packages/grpc-js-xds/src/load-balancer-cds.ts index 23e8e7d1..aba74820 100644 --- a/packages/grpc-js-xds/src/load-balancer-cds.ts +++ b/packages/grpc-js-xds/src/load-balancer-cds.ts @@ -433,6 +433,7 @@ export class CdsLoadBalancer implements LoadBalancer { if (this.latestSanMatcher === null || !this.latestSanMatcher.equals(sanMatcher)) { this.latestSanMatcher = sanMatcher; } + trace('Configured subject alternative name matcher: ' + sanMatcher); childOptions[SAN_MATCHER_KEY] = this.latestSanMatcher; } this.childBalancer.updateAddressList(childEndpointList, typedChildConfig, childOptions); diff --git a/packages/grpc-js-xds/src/xds-credentials.ts b/packages/grpc-js-xds/src/xds-credentials.ts index f7d66ce4..1749e217 100644 --- a/packages/grpc-js-xds/src/xds-credentials.ts +++ b/packages/grpc-js-xds/src/xds-credentials.ts @@ -20,7 +20,12 @@ import { CA_CERT_PROVIDER_KEY, IDENTITY_CERT_PROVIDER_KEY, SAN_MATCHER_KEY, SanM import GrpcUri = experimental.GrpcUri; import SecureConnector = experimental.SecureConnector; import createCertificateProviderChannelCredentials = experimental.createCertificateProviderChannelCredentials; -import trace = experimental.trace; + +const TRACER_NAME = 'xds_channel_credentials'; + +function trace(text: string) { + experimental.trace(logVerbosity.DEBUG, TRACER_NAME, text); +} export class XdsChannelCredentials extends ChannelCredentials { constructor(private fallbackCredentials: ChannelCredentials) { @@ -34,7 +39,7 @@ export class XdsChannelCredentials extends ChannelCredentials { } _createSecureConnector(channelTarget: GrpcUri, options: ChannelOptions, callCredentials?: CallCredentials): SecureConnector { if (options[CA_CERT_PROVIDER_KEY]) { - trace(logVerbosity.DEBUG, 'xds_channel_credentials', 'Using secure credentials'); + trace('Using secure credentials'); const verifyOptions: VerifyOptions = {}; if (options[SAN_MATCHER_KEY]) { const matcher = options[SAN_MATCHER_KEY] as SanMatcher; @@ -42,7 +47,7 @@ export class XdsChannelCredentials extends ChannelCredentials { if (cert.subjectaltname && matcher.apply(cert.subjectaltname)) { return undefined; } else { - trace(logVerbosity.DEBUG, 'xds_channel_credentials', 'No matching subject alternative name found in certificate'); + trace('Subject alternative name not matched: ' + cert.subjectaltname); return new Error('No matching subject alternative name found in certificate'); } } @@ -50,7 +55,7 @@ export class XdsChannelCredentials extends ChannelCredentials { const certProviderCreds = createCertificateProviderChannelCredentials(options[CA_CERT_PROVIDER_KEY], options[IDENTITY_CERT_PROVIDER_KEY] ?? null, verifyOptions); return certProviderCreds._createSecureConnector(channelTarget, options, callCredentials); } else { - trace(logVerbosity.DEBUG, 'xds_channel_credentials', 'Using fallback credentials'); + trace('Using fallback credentials'); return this.fallbackCredentials._createSecureConnector(channelTarget, options, callCredentials); } }