Add debug logs in decryption and ckgo producer/consumer creation (#2423)

Co-authored-by: Brian Strauch <[email protected]>
confluentinc · Nov 16, 2023 · 41bf3c3 · 41bf3c3
1 parent f73b9f4
commit 41bf3c3
Show file tree

Hide file tree

Showing 5 changed files with 11 additions and 6 deletions.
diff --git a/internal/kafka/confluent_kafka.go b/internal/kafka/confluent_kafka.go
@@ -127,7 +127,7 @@ func retrieveUnsecuredToken(e ckafka.OAuthBearerTokenRefresh, tokenValue string)
 func newProducer(kafka *config.KafkaClusterConfig, clientID, configPath string, configStrings []string) (*ckafka.Producer, error) {
 	configMap, err := getProducerConfigMap(kafka, clientID)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf(errors.FailedToGetConfigurationErrorMsg, err)
 	}
 
 	return newProducerWithOverwrittenConfigs(configMap, configPath, configStrings)
@@ -136,7 +136,7 @@ func newProducer(kafka *config.KafkaClusterConfig, clientID, configPath string,
 func newConsumer(group string, kafka *config.KafkaClusterConfig, clientID, configPath string, configStrings []string) (*ckafka.Consumer, error) {
 	configMap, err := getConsumerConfigMap(group, kafka, clientID)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf(errors.FailedToGetConfigurationErrorMsg, err)
 	}
 
 	return newConsumerWithOverwrittenConfigs(configMap, configPath, configStrings)
@@ -145,7 +145,7 @@ func newConsumer(group string, kafka *config.KafkaClusterConfig, clientID, confi
 func newOnPremProducer(cmd *cobra.Command, clientID, configPath string, configStrings []string) (*ckafka.Producer, error) {
 	configMap, err := getOnPremProducerConfigMap(cmd, clientID)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf(errors.FailedToGetConfigurationErrorMsg, err)
 	}
 
 	return newProducerWithOverwrittenConfigs(configMap, configPath, configStrings)
@@ -154,7 +154,7 @@ func newOnPremProducer(cmd *cobra.Command, clientID, configPath string, configSt
 func newOnPremConsumer(cmd *cobra.Command, clientID, configPath string, configStrings []string) (*ckafka.Consumer, error) {
 	configMap, err := getOnPremConsumerConfigMap(cmd, clientID)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf(errors.FailedToGetConfigurationErrorMsg, err)
 	}
 
 	return newConsumerWithOverwrittenConfigs(configMap, configPath, configStrings)

diff --git a/internal/kafka/confluent_kafka_configs.go b/internal/kafka/confluent_kafka_configs.go
@@ -357,15 +357,15 @@ func newProducerWithOverwrittenConfigs(configMap *ckafka.ConfigMap, configPath s
 	if err := OverwriteKafkaClientConfigs(configMap, configPath, configStrings); err != nil {
 		return nil, err
 	}
-
+	log.CliLogger.Debug("Creating Confluent Kafka producer with the configuration map.")
 	return ckafka.NewProducer(configMap)
 }
 
 func newConsumerWithOverwrittenConfigs(configMap *ckafka.ConfigMap, configPath string, configStrings []string) (*ckafka.Consumer, error) {
 	if err := OverwriteKafkaClientConfigs(configMap, configPath, configStrings); err != nil {
 		return nil, err
 	}
-
+	log.CliLogger.Debug("Creating Confluent Kafka consumer with the configuration map.")
 	return ckafka.NewConsumer(configMap)
 }
 

diff --git a/pkg/errors/error_message.go b/pkg/errors/error_message.go
@@ -38,6 +38,7 @@ const (
 	// kafka topic commands
 	FailedToCreateProducerErrorMsg    = "failed to create producer: %v"
 	FailedToCreateConsumerErrorMsg    = "failed to create consumer: %v"
+	FailedToGetConfigurationErrorMsg  = "failed to get configuration map: %w"
 	FailedToCreateAdminClientErrorMsg = "failed to create confluent-kafka-go admin client: %w"
 	FailedToProduceErrorMsg           = "failed to produce offset %d: %s\n"
 	UnknownValueFormatErrorMsg        = "unknown value schema format"

diff --git a/pkg/secret/encryption_other.go b/pkg/secret/encryption_other.go
@@ -16,6 +16,7 @@ import (
 	"golang.org/x/crypto/pbkdf2"
 
 	"github.com/confluentinc/cli/v3/pkg/errors"
+	"github.com/confluentinc/cli/v3/pkg/log"
 )
 
 const (
@@ -99,6 +100,7 @@ func Decrypt(username, encrypted string, salt, nonce []byte) (string, error) {
 	if len(nonce) != NonceLength {
 		return "", fmt.Errorf(errors.IncorrectNonceLengthErrorMsg)
 	}
+	log.CliLogger.Debugf("Decrypting secret: %s", cipherText)
 	decryptedPassword, err := aesgcm.Open(nil, nonce, cipherText, []byte(username))
 	if err != nil {
 		return "", fmt.Errorf("CLI does not have write permission for `/etc/machine-id`, or `~/.confluent/config.json` is corrupted: %w", err)

diff --git a/pkg/secret/encryption_windows.go b/pkg/secret/encryption_windows.go
@@ -4,6 +4,7 @@ package secret
 
 import (
 	"github.com/billgraziano/dpapi"
+	"github.com/confluentinc/cli/v3/pkg/log"
 )
 
 func generateRandomBytes(_ int) ([]byte, error) {
@@ -27,6 +28,7 @@ func Encrypt(_, password string, _, _ []byte) (string, error) {
 }
 
 func Decrypt(_, encrypted string, _, _ []byte) (string, error) {
+	log.CliLogger.Debugf("Decrypting secret: %s", encrypted)
 	decryptedPassword, err := dpapi.Decrypt(encrypted)
 	if err != nil {
 		return "", err