fix: Log cert refresh

Author: Ananth Bhaskararaman

bifrost.go

@@ -2,7 +2,6 @@
 package bifrost
 
 import (
-	"context"
 	"log/slog"
 	"sync/atomic"
 )
@@ -26,13 +25,5 @@ func SetLogger(l *slog.Logger) {
 }
 
 func init() {
-	SetLogger(slog.New(discardHandler{}))
+	SetLogger(slog.New(slog.DiscardHandler))
 }
-
-// discardHandler is an [slog.Handler] which is always disabled and therefore logs nothing.
-type discardHandler struct{}
-
-func (discardHandler) Enabled(context.Context, slog.Level) bool  { return false }
-func (discardHandler) Handle(context.Context, slog.Record) error { return nil }
-func (d discardHandler) WithAttrs([]slog.Attr) slog.Handler      { return d }
-func (d discardHandler) WithGroup(string) slog.Handler           { return d }

client.go

@@ -24,16 +24,19 @@ func HTTPClient(
 		url:     caUrl,
 		privkey: privkey,
 	}
-	if _, err := cr.GetClientCertificate(nil); err != nil {
+	if _, err := cr.getClientCertificate(nil); err != nil {
 		return nil, err
 	}
+
 	tlsConfig := &tls.Config{
-		GetClientCertificate: cr.GetClientCertificate,
+		GetClientCertificate: cr.getClientCertificate,
 		RootCAs:              roots,
 		KeyLogWriter:         ssllog,
 	}
+
 	tlsTransport := http.DefaultTransport.(*http.Transport).Clone()
 	tlsTransport.TLSClientConfig = tlsConfig
+
 	return &http.Client{
 		Transport: tlsTransport,
 	}, nil
@@ -45,17 +48,16 @@ type certRefresher struct {
 	cert    atomic.Pointer[Certificate]
 }
 
-func (cr *certRefresher) GetClientCertificate(
+func (cr *certRefresher) getClientCertificate(
 	info *tls.CertificateRequestInfo,
 ) (*tls.Certificate, error) {
 	ctx := context.Background()
 	if info != nil {
 		ctx = info.Context()
 	}
 
-	// If the certificate is nil or is going to expire soon, request a new one.
-	if cert := cr.cert.Load(); cert == nil ||
-		cert.NotAfter.Before(time.Now().Add(-time.Minute*10)) {
+	// If we don't have a certificate or it's about to expire, request a new one.
+	if cert := cr.cert.Load(); cert == nil || time.Until(cert.NotAfter) < 10*time.Minute {
 		Logger().DebugContext(ctx, "refreshing client certificate")
 
 		cert, err := RequestCertificate(ctx, cr.url, cr.privkey)
@@ -69,7 +71,8 @@ func (cr *certRefresher) GetClientCertificate(
 				break
 			}
 		}
-		Logger().InfoContext(ctx, "got new client certificate")
+		Logger().InfoContext(ctx, "got new client certificate",
+			"namespace", cert.Namespace, "uuid", cert.ID)
 	}
 
 	tlsCert := X509ToTLSCertificate(cr.cert.Load().Certificate, cr.privkey.PrivateKey)

go.mod

@@ -1,8 +1,6 @@
 module github.com/RealImage/bifrost
 
-go 1.23
-
-toolchain go1.23.0
+go 1.24
 
 require (
 	github.com/VictoriaMetrics/metrics v1.35.1