feat: Add verbose logging to buddypass calls.

spbsoluble · spbsoluble · commit 7c40e7cdf62c · 2025-07-07T08:08:10.000-07:00
diff --git a/kubernetes-orchestrator-extension/Clients/KubeClient.cs b/kubernetes-orchestrator-extension/Clients/KubeClient.cs
@@ -1124,13 +1124,23 @@ private V1Secret CreateOrUpdatePKCS12Secret(string secretName, string namespaceN
     public V1Secret ReadBuddyPass(string secretName, string passwordSecretPath)
     {
         // Lookup password secret path on cluster to see if it exists
+        _logger.MethodEntry();
         _logger.LogDebug("Attempting to lookup password secret path on cluster...");
         var splitPasswordPath = passwordSecretPath.Split("/");
+        _logger.LogDebug("Split password secret path: {Join}", string.Join(", ", splitPasswordPath));
         // Assume secret pattern is namespace/secretName
-        var passwordSecretName = splitPasswordPath[splitPasswordPath.Length - 1];
+        var passwordSecretName = splitPasswordPath[^1];
+        _logger.LogDebug("Password secret name: {PasswordSecretName}", passwordSecretName);
         var passwordSecretNamespace = splitPasswordPath[0];
-        _logger.LogDebug($"Attempting to lookup secret {passwordSecretName} in namespace {passwordSecretNamespace}");
+        _logger.LogDebug("Attempting to lookup secret {PasswordSecretName} in namespace {PasswordSecretNamespace}", passwordSecretName, passwordSecretNamespace);
+        
         var passwordSecretResponse = Client.CoreV1.ReadNamespacedSecret(secretName, passwordSecretNamespace);
+        if (passwordSecretResponse == null)
+        {
+            _logger.LogError("Unable to find secret {PasswordSecretName} in namespace {PasswordSecretNamespace}", passwordSecretName, passwordSecretNamespace);
+            throw new InvalidK8SSecretException($"Unable to find secret {passwordSecretName} in namespace {passwordSecretNamespace}");
+        }
+        _logger.MethodExit();
         return passwordSecretResponse;
     }
 
diff --git a/kubernetes-orchestrator-extension/Jobs/Inventory.cs b/kubernetes-orchestrator-extension/Jobs/Inventory.cs
@@ -319,11 +319,17 @@ private Dictionary<string, List<string>> HandleJKSSecret(JobConfiguration config
         Logger.LogDebug("Iterating through keys in K8S secret " + KubeSecretName + " in namespace " + KubeNamespace);
         foreach (var (keyName, keyBytes) in k8sData.Inventory)
         {
-            Logger.LogDebug("Fetching store password for K8S secret " + KubeSecretName + " in namespace " +
-                            KubeNamespace + " and key " + keyName);
+            Logger.LogTrace("Key name: {KeyName}", keyName);
+            if (keyBytes == null || keyBytes.Length == 0)
+            {
+                Logger.LogWarning("Key '{KeyName}' in secret {Secret} is empty or null, skipping", keyName, KubeSecretName);
+                continue;
+            }
+            Logger.LogDebug("Attempting to get password for key '{Key}' in k8s namesapce {Namespace} in secret '{Secret}'", keyName,KubeNamespace, KubeSecretName);
             var keyPassword = getK8SStorePassword(k8sData.Secret);
             var passwordHash = GetSHA256Hash(keyPassword);
-            // Logger.LogTrace("Password hash for '{Secret}/{Key}': {Hash}", KubeSecretName, keyName, passwordHash);
+            Logger.LogTrace("Password hash for '{Secret}/{Key}': {Hash}", KubeSecretName, keyName, passwordHash); //TODO: Remove this line, it is for debugging purposes only
+            Logger.LogTrace("Password for '{Secret}/{Key}': {Hash}", KubeSecretName, keyName, keyPassword); //TODO: Remove this line, it is for debugging purposes only
             var keyAlias = keyName;
             Logger.LogTrace("Key alias: {Alias}", keyAlias);
             Logger.LogDebug("Attempting to deserialize JKS store '{Secret}/{Key}'", KubeSecretName, keyName);
@@ -953,7 +959,19 @@ private Dictionary<string, List<string>> HandlePkcs12Secret(JobConfiguration con
         // iterate through the keys in the secret and add them to the pkcs12 store
         foreach (var (keyName, keyBytes) in k8sData.Inventory)
         {
+            Logger.LogTrace("Key name: {KeyName}", keyName);
+            if (keyBytes == null || keyBytes.Length == 0)
+            {
+                Logger.LogWarning("Key '{KeyName}' in secret {Secret} is empty or null, skipping", keyName, KubeSecretName);
+                continue;
+            }
+            Logger.LogDebug("Attempting to get password for key '{Key}' in k8s namespace {Namespace} in secret '{Secret}'", keyName,KubeNamespace, KubeSecretName);
             var keyPassword = getK8SStorePassword(k8sData.Secret);
+            Logger.LogTrace("Password for '{Secret}/{Key}': {Hash}", KubeSecretName, keyName, keyPassword); //TODO: Remove this line, it is for debugging purposes only
+            var keyAlias = keyName;
+            Logger.LogTrace("Key alias: {Alias}", keyAlias);
+            Logger.LogDebug("Attempting to deserialize PKCS12 store '{Secret}/{Key}'", KubeSecretName, keyName);
+            
             var pStoreDs = pkcs12Store.DeserializeRemoteCertificateStore(keyBytes, keyName, keyPassword);
             // create a list of certificate chains in PEM format
             foreach (var certAlias in pStoreDs.Aliases)
diff --git a/kubernetes-orchestrator-extension/Keyfactor.Orchestrators.K8S.csproj b/kubernetes-orchestrator-extension/Keyfactor.Orchestrators.K8S.csproj
@@ -29,6 +29,10 @@
         <PackageReference Include="KubernetesClient" Version="14.0.2"/>
         <!--    <PackageReference Include="KubernetesClient.Classic" Version="10.0.31" />-->
         <PackageReference Include="System.Security.Cryptography.Pkcs" Version="8.0.0"/>
+        <!--        <PackageReference Include="BouncyCastle.Cryptography" Version="2.4.0" />-->
+        <ProjectReference Include="../../bc-csharp/crypto/src/BouncyCastle.Crypto.csproj" />
+
+
     </ItemGroup>
 
 </Project>
diff --git a/kubernetes-orchestrator-extension/StoreTypes/K8SJKS/Store.cs b/kubernetes-orchestrator-extension/StoreTypes/K8SJKS/Store.cs
@@ -48,7 +48,7 @@ public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContents, strin
             try
             {
                 _logger.LogTrace("Attempting to load JKS store w/ password");
-                // _logger.LogTrace("Attempting to load JKS store w/ password ${Pass}", storePassword); //TODO: Remove this line, it is for debugging purposes only
+                _logger.LogTrace("Attempting to load JKS store w/ password ${Pass}", storePassword); //TODO: Remove this line, it is for debugging purposes only
                 using (var ms = new MemoryStream(storeContents))
                 {
                     jksStore.Load(ms, string.IsNullOrEmpty(storePassword) ? Array.Empty<char>() : storePassword.ToCharArray());

Original file line number	Diff line number	Diff line change
`@@ -48,7 +48,7 @@ public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContents, strin`
`48`	`48`	`try`
`49`	`49`	`{`
`50`	`50`	`_logger.LogTrace("Attempting to load JKS store w/ password");`
`51`		`- // _logger.LogTrace("Attempting to load JKS store w/ password ${Pass}", storePassword); //TODO: Remove this line, it is for debugging purposes only`
	`51`	`+ _logger.LogTrace("Attempting to load JKS store w/ password ${Pass}", storePassword); //TODO: Remove this line, it is for debugging purposes only`
`52`	`52`	`using (var ms = new MemoryStream(storeContents))`
`53`	`53`	`{`
`54`	`54`	`jksStore.Load(ms, string.IsNullOrEmpty(storePassword) ? Array.Empty<char>() : storePassword.ToCharArray());`