Auth debugging (#1423)
* More auth debugging * More auth debugging * Increase auth debugging Co-authored-by: Ben Toogood <ben@micro.mu>
This commit is contained in:
parent
c905df3be6
commit
4648fd0d09
@ -144,6 +144,8 @@ func (s *svc) Verify(acc *auth.Account, res *auth.Resource) error {
|
|||||||
|
|
||||||
for _, q := range queries {
|
for _, q := range queries {
|
||||||
for _, rule := range s.listRules(q...) {
|
for _, rule := range s.listRules(q...) {
|
||||||
|
log.Infof("Checking rule: %v for resource: %v:%v:%v", rule.Id, res.Type, res.Name, res.Endpoint)
|
||||||
|
|
||||||
switch accessForRule(rule, acc, res) {
|
switch accessForRule(rule, acc, res) {
|
||||||
case rulePb.Access_UNKNOWN:
|
case rulePb.Access_UNKNOWN:
|
||||||
continue // rule did not specify access, check the next rule
|
continue // rule did not specify access, check the next rule
|
||||||
@ -158,7 +160,7 @@ func (s *svc) Verify(acc *auth.Account, res *auth.Resource) error {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// no rules were found for the resource, default to denying access
|
// no rules were found for the resource, default to denying access
|
||||||
log.Infof("%v denied access to %v:%v:%v by lack of rule", acc.ID, res.Type, res.Name, res.Endpoint)
|
log.Infof("%v denied access to %v:%v:%v by lack of rule (%v rules found)", acc.ID, res.Type, res.Name, res.Endpoint, len(s.rules))
|
||||||
return auth.ErrForbidden
|
return auth.ErrForbidden
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user