diff --git a/api/middleware/policy.go b/api/middleware/policy.go index bb647833..db0ff7f5 100644 --- a/api/middleware/policy.go +++ b/api/middleware/policy.go @@ -54,7 +54,7 @@ func PolicyCheck(cfg PolicyConfig) Func { func policyCheck(r *http.Request, cfg PolicyConfig) error { reqType, bktName, objName := getBucketObject(r, cfg.Domains) - req, err := getPolicyRequest(r, cfg.FrostfsID, reqType, bktName, objName) + req, err := getPolicyRequest(r, cfg.FrostfsID, reqType, bktName, objName, cfg.Log) if err != nil { return err } @@ -103,7 +103,7 @@ func isAPEBehavior(ctx context.Context, req *testutil.Request, cfg PolicyConfig, return bktInfo.APEEnabled, nil } -func getPolicyRequest(r *http.Request, frostfsid FrostFSIDInformer, reqType ReqType, bktName string, objName string) (*testutil.Request, error) { +func getPolicyRequest(r *http.Request, frostfsid FrostFSIDInformer, reqType ReqType, bktName string, objName string, log *zap.Logger) (*testutil.Request, error) { var ( owner string groups []string @@ -133,6 +133,9 @@ func getPolicyRequest(r *http.Request, frostfsid FrostFSIDInformer, reqType ReqT res = fmt.Sprintf(s3.ResourceFormatS3Bucket, bktName) } + reqLogOrDefault(r.Context(), log).Debug("policy request", zap.String("action", op), + zap.String("resource", res), zap.String("owner", owner)) + return testutil.NewRequest(op, testutil.NewResource(res, nil), map[string]string{ s3.PropertyKeyOwner: owner,