unistack-org/micro
4
0
Fork 3
Code Issues 19 Pull Requests 1 Actions Packages Projects Releases 259 Wiki Activity

Auth debugging (#1423)

Browse Source 
* More auth debugging

* More auth debugging

* Increase auth debugging

Co-authored-by: Ben Toogood <ben@micro.mu>
This commit is contained in:
ben-toogood 2020-03-26 17:55:35 +00:00 committed by GitHub
parent c905df3be6
commit 4648fd0d09
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
auth/service/service.go
View File

@ -144,6 +144,8 @@ func (s *svc) Verify(acc *auth.Account, res *auth.Resource) error {
for _, q := range queries {
for _, rule := range s.listRules(q...) {
log.Infof("Checking rule: %v for resource: %v:%v:%v", rule.Id, res.Type, res.Name, res.Endpoint)
switch accessForRule(rule, acc, res) {
case rulePb.Access_UNKNOWN:
continue // rule did not specify access, check the next rule
@ -158,7 +160,7 @@ func (s *svc) Verify(acc *auth.Account, res *auth.Resource) error {
}
// no rules were found for the resource, default to denying access
log.Infof("%v denied access to %v:%v:%v by lack of rule", acc.ID, res.Type, res.Name, res.Endpoint)
log.Infof("%v denied access to %v:%v:%v by lack of rule (%v rules found)", acc.ID, res.Type, res.Name, res.Endpoint, len(s.rules))
return auth.ErrForbidden
}