Improve logs for APE checking #1574

New issue

Open

opened 2024-12-20 09:57:11 +00:00 by dkirillov · 1 comment

dkirillov commented 2024-12-20 09:57:11 +00:00

Member

Copy link

Is your feature request related to a problem? Please describe.

Sometime storage node returns Access Denied after APE checking and we not always can understand what goes wrong.
We can know what policies presence in system with frostfs-adm morph ape list-rule-chains but we don't know what request be checked in APE.

Describe the solution you'd like

Add debug logs here for example
and in any other similar places.
Something like in s3-gw

TrueCloudLab/frostfs-s3-gw – api/middleware/policy.go

Lines 201 to 203 in TrueCloudLab/frostfs-s3-gw@e0ce59f

	reqLogOrDefault(r.Context(), cfg.Log).Debug(logs.PolicyRequest, zap.String("action", op),
	zap.String("resource", res), zap.Any("request properties", requestProps),
	zap.Any("resource properties", resourceProps))

Describe alternatives you've considered

Hide such debug logs behind tags

Additional context

Having such additional logs could help understand the reason of #1572 faster

## Is your feature request related to a problem? Please describe. Sometime storage node returns `Access Denied` after APE checking and we not always can understand what goes wrong. We can know what policies presence in system with `frostfs-adm morph ape list-rule-chains` but we don't know what request be checked in APE. ## Describe the solution you'd like Add debug logs [here](https://git.frostfs.info/TrueCloudLab/frostfs-node/src/commit/df05057ed46632e7746fcaa26731987a9070b2e5/pkg/services/common/ape/checker.go#L98) for example and in any other similar places. Something like in s3-gw https://git.frostfs.info/TrueCloudLab/frostfs-s3-gw/src/commit/e0ce59fd32beb9274e48adf1c52d41292ceeafd5/api/middleware/policy.go#L201-L203 ## Describe alternatives you've considered Hide such debug logs behind tags ## Additional context Having such additional logs could help understand the reason of https://git.frostfs.info/TrueCloudLab/frostfs-node/issues/1572 faster

dkirillov added the

triage

label 2024-12-20 09:57:11 +00:00

fyrchik added the

frostfs-node

observability

labels 2024-12-25 09:53:22 +00:00

fyrchik commented 2024-12-25 09:55:40 +00:00

Owner

Copy link

I suggest extending ChainRouterError with target and use it in stringified representation.

I suggest extending `ChainRouterError` with target and use it in stringified representation.

aarifullin self-assigned this 2025-02-24 13:14:57 +00:00

aarifullin referenced this issue from a pull request that will close it, 2025-02-24 16:53:54 +00:00

Improve debug logging for APE check failures #1655

fyrchik referenced this issue 2025-02-27 11:56:20 +00:00

Improve debug logging for APE check failures #1655

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

support/v0.44

support/v0.42

support/v0.38

support/v0.37

support/v0.36

support/v0.34

support/v0.30

support/v0.27

v0.44.9

v0.45.0-rc.1

v0.44.8

v0.44.7

v0.44.6

v0.44.5

v0.44.4

v0.42.18

v0.44.3

v0.44.2

v0.42.17

v0.44.1

v0.44.0

v0.44.0-rc.13

v0.44.0-rc.12

v0.44.0-rc.11

v0.42.16

v0.44.0-rc.10

v0.44.0-rc.9

v0.44.0-rc.8

v0.44.0-rc.7

v0.44.0-rc.6

v0.44.0-rc.5

v0.44.0-rc.4

v0.44.0-rc.3

v0.44.0-rc.2

v0.44.0-rc.1

v0.43.2

v0.43.1

v0.43.0

v0.42.15

v0.42.14

v0.42.13

v0.42.12

v0.42.11

v0.42.10

v0.42.9

v0.42.8

v0.42.7

v0.42.6

v0.42.5

v0.42.4

v0.42.3

v0.42.2

v0.42.1

v0.42.0

v0.42.0-rc.9

v0.42.0-rc.8

v0.42.0-rc.7

v0.38.9

v0.42.0-rc.6

v0.42.0-rc.5

v0.42.0-rc.4

v0.42.0-rc.3

v0.42.0-rc.2

v0.42.0-rc.1

v0.38.8

v0.41.0

v0.38.7

v0.40.0

v0.39.0

v0.38.6

v0.38.5

v0.38.4

v0.38.3

v0.38.2

v0.38.1

v0.38.0

v0.38.0-rc.2

v0.38.0-rc.1

v0.37.0

v0.37.0-rc.1

v0.36.0

v0.34.0

v0.22.1

v0.22.0

v0.21.1

v0.21.0

v0.20.0

v0.19.0

v0.18.0

v0.17.0

v0.16.0

v0.15.0

v0.14.3

v0.14.2

v0.14.1

v0.14.0

v0.14.0-rc.1

v0.13.2

v0.13.1

v0.13.0

v0.13.0-rc.1

v0.12.1

v0.12.0

v0.12.0-rc3

v0.12.0-rc2

v0.12.0-rc1

v0.11.0

v0.10.0

Labels

Clear labels   

P0

Highest

  

P1

High

  

P2

Medium

  

P3

Low

  

badger

Badger DB related issues

  

frostfs-adm

  

frostfs-cli

  

frostfs-ir

  

frostfs-lens

  

frostfs-node

  

good first issue

Good for newcomers

  

triage

  

Infrastructure

Infrastructure, Automation, CI/CD or DevOps related stuff

  

blocked

The issue or PR is blocked by something

  

bug

Something is not working

  

config

Configuration format update or breaking change

  

discussion

Talking about something in order to reach a decision or to exchange ideas

  

documentation

Documentation related

  

duplicate

This issue or pull request already exists

  

enhancement

New feature

  

go

Language features adoption

  

help wanted

Extra attention is needed

  

internal

  

invalid

Something is wrong

  

kludge

This is a kludge and we know it

  

observability

Related to metrics, tracing and logs

  

perfomance

Perfomance related

  

question

More information is needed

  

refactoring

Refactoring

  

wontfix

This won't be fixed

No labels

P0

P1

P2

P3

badger

frostfs-adm

frostfs-cli

frostfs-ir

frostfs-lens

frostfs-node

good first issue

triage

Infrastructure

blocked

bug

config

discussion

documentation

duplicate

enhancement

go

help wanted

internal

invalid

kludge

observability

perfomance

question

refactoring

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

aarifullin

2 participants

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: TrueCloudLab/frostfs-node#1574

No description provided.