Auth debugging (#1423)
* More auth debugging * More auth debugging * Increase auth debugging Co-authored-by: Ben Toogood <ben@micro.mu>
This commit is contained in:
parent
c905df3be6
commit
4648fd0d09
@ -144,6 +144,8 @@ func (s *svc) Verify(acc *auth.Account, res *auth.Resource) error {
|
||||
|
||||
for _, q := range queries {
|
||||
for _, rule := range s.listRules(q...) {
|
||||
log.Infof("Checking rule: %v for resource: %v:%v:%v", rule.Id, res.Type, res.Name, res.Endpoint)
|
||||
|
||||
switch accessForRule(rule, acc, res) {
|
||||
case rulePb.Access_UNKNOWN:
|
||||
continue // rule did not specify access, check the next rule
|
||||
@ -158,7 +160,7 @@ func (s *svc) Verify(acc *auth.Account, res *auth.Resource) error {
|
||||
}
|
||||
|
||||
// no rules were found for the resource, default to denying access
|
||||
log.Infof("%v denied access to %v:%v:%v by lack of rule", acc.ID, res.Type, res.Name, res.Endpoint)
|
||||
log.Infof("%v denied access to %v:%v:%v by lack of rule (%v rules found)", acc.ID, res.Type, res.Name, res.Endpoint, len(s.rules))
|
||||
return auth.ErrForbidden
|
||||
}
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user