From 4648fd0d097c47c8a4dd5949a6e22968f6d600b3 Mon Sep 17 00:00:00 2001
From: ben-toogood <bentoogood@gmail.com>
Date: Thu, 26 Mar 2020 17:55:35 +0000
Subject: [PATCH] Auth debugging (#1423)

* More auth debugging

* More auth debugging

* Increase auth debugging

Co-authored-by: Ben Toogood <ben@micro.mu>
---
 auth/service/service.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/auth/service/service.go b/auth/service/service.go
index af121998..8cbf7d47 100644
--- a/auth/service/service.go
+++ b/auth/service/service.go
@@ -144,6 +144,8 @@ func (s *svc) Verify(acc *auth.Account, res *auth.Resource) error {
 
 	for _, q := range queries {
 		for _, rule := range s.listRules(q...) {
+			log.Infof("Checking rule: %v for resource: %v:%v:%v", rule.Id, res.Type, res.Name, res.Endpoint)
+
 			switch accessForRule(rule, acc, res) {
 			case rulePb.Access_UNKNOWN:
 				continue // rule did not specify access, check the next rule
@@ -158,7 +160,7 @@ func (s *svc) Verify(acc *auth.Account, res *auth.Resource) error {
 	}
 
 	// no rules were found for the resource, default to denying access
-	log.Infof("%v denied access to %v:%v:%v by lack of rule", acc.ID, res.Type, res.Name, res.Endpoint)
+	log.Infof("%v denied access to %v:%v:%v by lack of rule (%v rules found)", acc.ID, res.Type, res.Name, res.Endpoint, len(s.rules))
 	return auth.ErrForbidden
 }