From 3b4913b9c93b2a8561d6ad4af3729a1ab2ef97d4 Mon Sep 17 00:00:00 2001
From: Steve Wagner <ciroque@live.com>
Date: Tue, 24 Oct 2023 11:30:56 -0700
Subject: [PATCH] - Putting the cherry on top - Putting a bow on it - Final
 corrections and enhancements - Let the configuration settings determine log
 level

---
 cmd/nginx-loadbalancer-kubernetes/main.go |  1 -
 deployments/deployment/configmap.yaml     | 11 ++++----
 deployments/deployment/deployment.yaml    |  3 +--
 docs/tls/SS-TLS.md                        |  2 +-
 internal/authentication/factory.go        | 14 +++++-----
 internal/configuration/settings.go        | 31 +++++++++++++++++++++++
 6 files changed, 46 insertions(+), 16 deletions(-)

diff --git a/cmd/nginx-loadbalancer-kubernetes/main.go b/cmd/nginx-loadbalancer-kubernetes/main.go
index 6e6a8bc..6936557 100644
--- a/cmd/nginx-loadbalancer-kubernetes/main.go
+++ b/cmd/nginx-loadbalancer-kubernetes/main.go
@@ -19,7 +19,6 @@ import (
 )
 
 func main() {
-	logrus.SetLevel(logrus.DebugLevel)
 	err := run()
 	if err != nil {
 		logrus.Fatal(err)
diff --git a/deployments/deployment/configmap.yaml b/deployments/deployment/configmap.yaml
index 91522a6..fd30dbe 100644
--- a/deployments/deployment/configmap.yaml
+++ b/deployments/deployment/configmap.yaml
@@ -1,10 +1,11 @@
 apiVersion: v1
 kind: ConfigMap
 data:
-  nginx-hosts: "https://192.168.96.207/api"
-  tls-mode: "ss-mtls"
-  ca-certificate: "nlk-tls-ca-secret"
-  client-certificate: "nlk-tls-client-secret"
+  nginx-hosts: "https://10.0.0.1:9000/api"
+  tls-mode: "no-tls"
+  ca-certificate: ""
+  client-certificate: ""
+  log-level: "warn"
 metadata:
   name: nlk-config
-  namespace: nlk
\ No newline at end of file
+  namespace: nlk
diff --git a/deployments/deployment/deployment.yaml b/deployments/deployment/deployment.yaml
index 11fa61f..4c871c2 100644
--- a/deployments/deployment/deployment.yaml
+++ b/deployments/deployment/deployment.yaml
@@ -17,8 +17,7 @@ spec:
     spec:
       containers:
         - name: nginx-loadbalancer-kubernetes
-          image: ciroque/nginx-loadbalancer-kubernetes:dev-11
-#          image: ghcr.io/nginxinc/nginx-loadbalancer-kubernetes:125
+          image: ghcr.io/nginxinc/nginx-loadbalancer-kubernetes:latest
           imagePullPolicy: Always
           ports:
             - name: http
diff --git a/docs/tls/SS-TLS.md b/docs/tls/SS-TLS.md
index 8f37d90..3c30b11 100644
--- a/docs/tls/SS-TLS.md
+++ b/docs/tls/SS-TLS.md
@@ -53,7 +53,7 @@ metadata:
 data:
   nginx-hosts: "http://10.1.1.4:9000/api,http://10.1.1.5:9000/api"
   tls-mode: "ss-tls"
-  caCertificate: "nlk-tls-ca-secret"
+  ca-certificate: "nlk-tls-ca-secret"
 ```
 
 ## Deployment
diff --git a/internal/authentication/factory.go b/internal/authentication/factory.go
index 21b3458..5d94343 100644
--- a/internal/authentication/factory.go
+++ b/internal/authentication/factory.go
@@ -18,7 +18,7 @@ import (
 )
 
 func NewTlsConfig(settings *configuration.Settings) (*tls.Config, error) {
-	logrus.Debugf("Creating TLS config for mode: '%s'", settings.TlsMode)
+	logrus.Debugf("authentication::NewTlsConfig Creating TLS config for mode: '%s'", settings.TlsMode)
 	switch settings.TlsMode {
 	case "ss-tls": // needs ca cert
 		return buildSelfSignedTlsConfig(settings.Certificates)
@@ -38,7 +38,7 @@ func NewTlsConfig(settings *configuration.Settings) (*tls.Config, error) {
 }
 
 func buildSelfSignedTlsConfig(certificates *certification.Certificates) (*tls.Config, error) {
-	logrus.Debug("Building self-signed TLS config")
+	logrus.Debugf("authentication::buildSelfSignedTlsConfig Building self-signed TLS config, CA Secret Key(%v)", certificates.CaCertificateSecretKey)
 	certPool, err := buildCaCertificatePool(certificates.GetCACertificate())
 	if err != nil {
 		return nil, err
@@ -51,7 +51,7 @@ func buildSelfSignedTlsConfig(certificates *certification.Certificates) (*tls.Co
 }
 
 func buildSelfSignedMtlsConfig(certificates *certification.Certificates) (*tls.Config, error) {
-	logrus.Debug("buildSelfSignedMtlsConfig Building self-signed mTLS config")
+	logrus.Debugf("authentication::buildSelfSignedMtlsConfig Building self-signed mTLS config, CA Secret Key(%v), Client Certificate Key(%v)", certificates.CaCertificateSecretKey, certificates.ClientCertificateSecretKey)
 	certPool, err := buildCaCertificatePool(certificates.GetCACertificate())
 	if err != nil {
 		return nil, err
@@ -72,14 +72,14 @@ func buildSelfSignedMtlsConfig(certificates *certification.Certificates) (*tls.C
 }
 
 func buildBasicTlsConfig(skipVerify bool) *tls.Config {
-	logrus.Debug("Building basic TLS config")
+	logrus.Debugf("authentication::buildBasicTlsConfig skipVerify(%v)", skipVerify)
 	return &tls.Config{
 		InsecureSkipVerify: skipVerify,
 	}
 }
 
 func buildCaTlsConfig(certificates *certification.Certificates) (*tls.Config, error) {
-	logrus.Debug("Building CA TLS config")
+	logrus.Debugf("authentication::buildCaTlsConfig, Client Certificate Key(%v)", certificates.ClientCertificateSecretKey)
 	certificate, err := buildCertificates(certificates.GetClientCertificate())
 	if err != nil {
 		return nil, err
@@ -92,12 +92,12 @@ func buildCaTlsConfig(certificates *certification.Certificates) (*tls.Config, er
 }
 
 func buildCertificates(privateKeyPEM []byte, certificatePEM []byte) (tls.Certificate, error) {
-	logrus.Debug("Building certificates")
+	logrus.Debugf("authentication::buildCertificates, Private Key(%v), Certificate(%v)", privateKeyPEM, certificatePEM)
 	return tls.X509KeyPair(certificatePEM, privateKeyPEM)
 }
 
 func buildCaCertificatePool(caCert []byte) (*x509.CertPool, error) {
-	logrus.Debugf("Building CA certificate pool")
+	logrus.Debugf("authentication::buildCaCertificatePool, CA Certificate(%v)", caCert)
 	block, _ := pem.Decode(caCert)
 	if block == nil {
 		return nil, fmt.Errorf("failed to decode PEM block containing CA certificate")
diff --git a/internal/configuration/settings.go b/internal/configuration/settings.go
index 8c8874a..d9f1d3b 100644
--- a/internal/configuration/settings.go
+++ b/internal/configuration/settings.go
@@ -312,6 +312,8 @@ func (s *Settings) handleUpdateEvent(_ interface{}, obj interface{}) {
 		logrus.Warnf("Settings::handleUpdateEvent: client-certificate key not found in ConfigMap")
 	}
 
+	setLogLevel(configMap.Data["log-level"])
+
 	logrus.Debugf("Settings::handleUpdateEvent: \n\tHosts: %v,\n\tSettings: %v ", s.NginxPlusHosts, configMap)
 }
 
@@ -327,3 +329,32 @@ func isOurConfig(obj interface{}) (*corev1.ConfigMap, bool) {
 	configMap, ok := obj.(*corev1.ConfigMap)
 	return configMap, ok && configMap.Name == ConfigMapName && configMap.Namespace == ConfigMapsNamespace
 }
+
+func setLogLevel(logLevel string) {
+	logrus.Debugf("Settings::setLogLevel: %s", logLevel)
+	switch logLevel {
+	case "panic":
+		logrus.SetLevel(logrus.PanicLevel)
+
+	case "fatal":
+		logrus.SetLevel(logrus.FatalLevel)
+
+	case "error":
+		logrus.SetLevel(logrus.ErrorLevel)
+
+	case "warn":
+		logrus.SetLevel(logrus.WarnLevel)
+
+	case "info":
+		logrus.SetLevel(logrus.InfoLevel)
+
+	case "debug":
+		logrus.SetLevel(logrus.DebugLevel)
+
+	case "trace":
+		logrus.SetLevel(logrus.TraceLevel)
+
+	default:
+		logrus.SetLevel(logrus.WarnLevel)
+	}
+}