From 6425f16ac7779b728f74720fcea4be1e1693fc87 Mon Sep 17 00:00:00 2001 From: Kian Parvin Date: Thu, 7 Sep 2023 11:45:43 +0200 Subject: [PATCH] Better logging - Add more logging to our macaroon discharger - Reduce logging on our model proxy --- internal/rpc/proxy.go | 3 +-- service.go | 7 +++++++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/internal/rpc/proxy.go b/internal/rpc/proxy.go index fc9933596..295257440 100644 --- a/internal/rpc/proxy.go +++ b/internal/rpc/proxy.go @@ -186,7 +186,7 @@ func (p *clientProxy) start(ctx context.Context) error { zapctx.Debug(ctx, "Reading on client connection") msg := new(message) if err := p.src.readJson(&msg); err != nil { - zapctx.Error(ctx, "clientProxy error reading from src", zap.Error(err)) + // Error reading on the socket implies it is closed, simply return. return err } zapctx.Debug(ctx, "Read message from client", zap.Any("message", msg)) @@ -286,7 +286,6 @@ func (p *controllerProxy) start(ctx context.Context) error { zapctx.Debug(ctx, "Reading on controller connection") msg := new(message) if err := p.src.readJson(msg); err != nil { - zapctx.Error(ctx, "controllerProxy error reading from src", zap.Error(err)) // Error reading on the socket implies it is closed, simply return. return err } diff --git a/service.go b/service.go index 1d2abe339..c716f1b23 100644 --- a/service.go +++ b/service.go @@ -598,6 +598,7 @@ func (s *Service) thirdPartyCaveatCheckerFunction(ofgaClient *openfga.OFGAClient return func(ctx context.Context, req *http.Request, cavInfo *bakery.ThirdPartyCaveatInfo, _ *httpbakery.DischargeToken) ([]checkers.Caveat, error) { caveatTokens := strings.Split(string(cavInfo.Condition), " ") if len(caveatTokens) != 3 { + zapctx.Error(ctx, "caveat token length incorrect", zap.Int("length", len(caveatTokens))) return nil, checkers.ErrCaveatNotRecognized } relationString := caveatTokens[0] @@ -605,21 +606,25 @@ func (s *Service) thirdPartyCaveatCheckerFunction(ofgaClient *openfga.OFGAClient objectTagString := caveatTokens[2] if !strings.HasPrefix(relationString, "is-") { + zapctx.Error(ctx, "caveat token relation string missing prefix") return nil, checkers.ErrCaveatNotRecognized } relationString = strings.TrimPrefix(relationString, "is-") relation, err := ofganames.ParseRelation(relationString) if err != nil { + zapctx.Error(ctx, "caveat token relation invalid", zap.Error(err)) return nil, checkers.ErrCaveatNotRecognized } userTag, err := names.ParseUserTag(userTagString) if err != nil { + zapctx.Error(ctx, "failed to parse caveat user tag", zap.Error(err)) return nil, checkers.ErrCaveatNotRecognized } objectTag, err := jimmnames.ParseTag(objectTagString) if err != nil { + zapctx.Error(ctx, "failed to parse caveat object tag", zap.Error(err)) return nil, checkers.ErrCaveatNotRecognized } @@ -632,6 +637,7 @@ func (s *Service) thirdPartyCaveatCheckerFunction(ofgaClient *openfga.OFGAClient allowed, err := openfga.CheckRelation(ctx, user, objectTag, relation) if err != nil { + zapctx.Error(ctx, "failed to check request caveat relation", zap.Error(err)) return nil, errors.E(err) } @@ -640,6 +646,7 @@ func (s *Service) thirdPartyCaveatCheckerFunction(ofgaClient *openfga.OFGAClient checkers.TimeBeforeCaveat(time.Now().Add(defaultDischargeExpiry)), }, nil } + zapctx.Debug(ctx, "macaroon dishcharge denied", zap.String("user", user.Username), zap.String("object", objectTag.Id())) return nil, httpbakery.ErrPermissionDenied } }