From 08c9ade7e3807eff1afe56dfe806db3e5aebf113 Mon Sep 17 00:00:00 2001 From: Gunjan Vyas Date: Wed, 24 Jun 2026 13:19:30 +0530 Subject: [PATCH 1/2] rpc: Log plugin RPC operations and connections for audit trail Signed-off-by: Gunjan Vyas --- libmachine/drivers/plugin/register_driver.go | 28 ++++++++++++++- libmachine/drivers/rpc/server_driver.go | 36 ++++++++++++++++++++ 2 files changed, 63 insertions(+), 1 deletion(-) diff --git a/libmachine/drivers/plugin/register_driver.go b/libmachine/drivers/plugin/register_driver.go index 34da3972a2..6637438ef5 100644 --- a/libmachine/drivers/plugin/register_driver.go +++ b/libmachine/drivers/plugin/register_driver.go @@ -19,6 +19,32 @@ var ( heartbeatTimeout = 10 * time.Second ) +type loggingListener struct { + net.Listener +} + +func (l *loggingListener) Accept() (net.Conn, error) { + conn, err := l.Listener.Accept() + if err != nil { + return nil, err + } + log.WithField("remote", conn.RemoteAddr().String()).Info("RPC connection accepted") + return &loggingConn{Conn: conn, start: time.Now()}, nil +} + +type loggingConn struct { + net.Conn + start time.Time +} + +func (c *loggingConn) Close() error { + log.WithFields(log.Fields{ + "remote": c.RemoteAddr().String(), + "duration": time.Since(c.start), + }).Info("RPC connection closed") + return c.Conn.Close() +} + func RegisterDriver(d drivers.Driver) { if os.Getenv(localbinary.PluginEnvKey) != localbinary.PluginEnvVal { fmt.Fprintf(os.Stderr, `This is a hypervisor plugin binary for CodeReady Containers. @@ -51,7 +77,7 @@ Please use this plugin through the main 'crc' binary. fmt.Println(listener.Addr()) go func() { - _ = http.Serve(listener, nil) + _ = http.Serve(&loggingListener{Listener: listener}, nil) }() for { diff --git a/libmachine/drivers/rpc/server_driver.go b/libmachine/drivers/rpc/server_driver.go index 19ef19d7e5..177c0f492f 100644 --- a/libmachine/drivers/rpc/server_driver.go +++ b/libmachine/drivers/rpc/server_driver.go @@ -8,6 +8,7 @@ import ( "github.com/crc-org/machine/libmachine/drivers" "github.com/crc-org/machine/libmachine/state" "github.com/crc-org/machine/libmachine/version" + log "github.com/sirupsen/logrus" ) type Stacker interface { @@ -38,12 +39,30 @@ func NewRPCServerDriver(d drivers.Driver) *RPCServerDriver { } } +func (r *RPCServerDriver) logRPC(op string, level log.Level, extra log.Fields) { + fields := log.Fields{"operation": op} + if r.ActualDriver != nil { + func() { + defer func() { recover() }() + if name := r.ActualDriver.GetMachineName(); name != "" { + fields["machine"] = name + } + }() + } + for k, v := range extra { + fields[k] = v + } + log.WithFields(fields).Log(level, "RPC server invocation") +} + func (r *RPCServerDriver) Close(_, _ *struct{}) error { + r.logRPC("Close", log.InfoLevel, nil) r.CloseCh <- true return nil } func (r *RPCServerDriver) GetVersion(_ *struct{}, reply *int) error { + r.logRPC("GetVersion", log.DebugLevel, nil) *reply = version.APIVersion return nil } @@ -55,15 +74,18 @@ func (r *RPCServerDriver) GetConfigRaw(_ *struct{}, reply *[]byte) error { } *reply = driverData + r.logRPC("GetConfigRaw", log.DebugLevel, log.Fields{"config_bytes": len(driverData)}) return nil } func (r *RPCServerDriver) UpdateConfigRaw(data []byte, _ *struct{}) error { + r.logRPC("UpdateConfigRaw", log.WarnLevel, log.Fields{"config_bytes": len(data)}) return r.ActualDriver.UpdateConfigRaw(data) } func (r *RPCServerDriver) SetConfigRaw(data []byte, _ *struct{}) error { + r.logRPC("SetConfigRaw", log.WarnLevel, log.Fields{"config_bytes": len(data)}) return json.Unmarshal(data, &r.ActualDriver) } @@ -74,6 +96,7 @@ func trapPanic(err *error) { } func (r *RPCServerDriver) Create(_, _ *struct{}) (err error) { + r.logRPC("Create", log.WarnLevel, nil) // In an ideal world, plugins wouldn't ever panic. However, panics // have been known to happen and cause issues. Therefore, we recover // and do not crash the RPC server completely in the case of a panic @@ -86,50 +109,60 @@ func (r *RPCServerDriver) Create(_, _ *struct{}) (err error) { } func (r *RPCServerDriver) DriverName(_ *struct{}, reply *string) error { + r.logRPC("DriverName", log.DebugLevel, nil) *reply = r.ActualDriver.DriverName() return nil } func (r *RPCServerDriver) GetIP(_ *struct{}, reply *string) error { + r.logRPC("GetIP", log.DebugLevel, nil) ip, err := r.ActualDriver.GetIP() *reply = ip return err } func (r *RPCServerDriver) GetMachineName(_ *struct{}, reply *string) error { + r.logRPC("GetMachineName", log.DebugLevel, nil) *reply = r.ActualDriver.GetMachineName() return nil } func (r *RPCServerDriver) GetBundleName(_ *struct{}, reply *string) error { + r.logRPC("GetBundleName", log.DebugLevel, nil) path, err := r.ActualDriver.GetBundleName() *reply = path return err } func (r *RPCServerDriver) GetState(_ *struct{}, reply *state.State) error { + r.logRPC("GetState", log.DebugLevel, nil) s, err := r.ActualDriver.GetState() *reply = s return err } func (r *RPCServerDriver) Kill(_ *struct{}, _ *struct{}) error { + r.logRPC("Kill", log.WarnLevel, nil) return r.ActualDriver.Kill() } func (r *RPCServerDriver) PreCreateCheck(_ *struct{}, _ *struct{}) error { + r.logRPC("PreCreateCheck", log.InfoLevel, nil) return r.ActualDriver.PreCreateCheck() } func (r *RPCServerDriver) Remove(_ *struct{}, _ *struct{}) error { + r.logRPC("Remove", log.WarnLevel, nil) return r.ActualDriver.Remove() } func (r *RPCServerDriver) Start(_ *struct{}, _ *struct{}) error { + r.logRPC("Start", log.InfoLevel, nil) return r.ActualDriver.Start() } func (r *RPCServerDriver) Stop(_ *struct{}, _ *struct{}) error { + r.logRPC("Stop", log.InfoLevel, nil) return r.ActualDriver.Stop() } @@ -141,5 +174,8 @@ func (r *RPCServerDriver) Heartbeat(_ *struct{}, _ *struct{}) error { func (r *RPCServerDriver) GetSharedDirs(_ *struct{}, reply *[]drivers.SharedDir) error { sharedDirs, err := r.ActualDriver.GetSharedDirs() *reply = sharedDirs + if err == nil { + r.logRPC("GetSharedDirs", log.DebugLevel, log.Fields{"shared_dirs": len(sharedDirs)}) + } return err } From f4384e8945f2686cc1edf6f207d57618a66f73fd Mon Sep 17 00:00:00 2001 From: Gunjan Vyas Date: Mon, 29 Jun 2026 16:20:03 +0530 Subject: [PATCH 2/2] lint: Fix linter warnings and deprecations Signed-off-by: Gunjan Vyas --- .golangci.yml | 1 - drivers/fakedriver/fakedriver.go | 2 +- libmachine/drivers/base.go | 2 +- libmachine/drivers/plugin/register_driver.go | 1 + libmachine/drivers/rpc/server_driver.go | 2 +- 5 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.golangci.yml b/.golangci.yml index 8f661583c6..c8bb2444f8 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -8,6 +8,5 @@ linters: - gofmt - gosec - gocritic - - deadcode - misspell - revive diff --git a/drivers/fakedriver/fakedriver.go b/drivers/fakedriver/fakedriver.go index 7926da875e..e04d628443 100644 --- a/drivers/fakedriver/fakedriver.go +++ b/drivers/fakedriver/fakedriver.go @@ -19,7 +19,7 @@ func (d *Driver) DriverName() string { return "Driver" } -func (d *Driver) UpdateConfigRaw(rawData []byte) error { +func (d *Driver) UpdateConfigRaw(_ []byte) error { return nil } diff --git a/libmachine/drivers/base.go b/libmachine/drivers/base.go index 4300c88948..7c64cdb74d 100644 --- a/libmachine/drivers/base.go +++ b/libmachine/drivers/base.go @@ -75,7 +75,7 @@ func (d *BaseDriver) GetBundleName() (string, error) { return d.BundleName, nil } -func (d *BaseDriver) UpdateConfigRaw(rawData []byte) error { +func (d *BaseDriver) UpdateConfigRaw(_ []byte) error { return ErrNotImplemented } diff --git a/libmachine/drivers/plugin/register_driver.go b/libmachine/drivers/plugin/register_driver.go index 6637438ef5..68fa68b7e1 100644 --- a/libmachine/drivers/plugin/register_driver.go +++ b/libmachine/drivers/plugin/register_driver.go @@ -77,6 +77,7 @@ Please use this plugin through the main 'crc' binary. fmt.Println(listener.Addr()) go func() { + //nolint:gosec // localhost-only rpc server _ = http.Serve(&loggingListener{Listener: listener}, nil) }() diff --git a/libmachine/drivers/rpc/server_driver.go b/libmachine/drivers/rpc/server_driver.go index 177c0f492f..dfb40eda88 100644 --- a/libmachine/drivers/rpc/server_driver.go +++ b/libmachine/drivers/rpc/server_driver.go @@ -43,7 +43,7 @@ func (r *RPCServerDriver) logRPC(op string, level log.Level, extra log.Fields) { fields := log.Fields{"operation": op} if r.ActualDriver != nil { func() { - defer func() { recover() }() + defer func() { _ = recover() }() if name := r.ActualDriver.GetMachineName(); name != "" { fields["machine"] = name }