Logging

2024-11-24 15:47:57 +01:00 · 2020-02-17 15:07:55 +01:00 · 2020-02-17 15:07:55 +01:00 · e135d7c8bd
commit e135d7c8bd
parent 6152639564
3 changed files with 20 additions and 5 deletions
--- a/src/access.rs
+++ b/src/access.rs
@ -1,6 +1,8 @@
 //! Access control logic
 //!

+use slog::Logger;
+
 use casbin::prelude::*;

 use super::config::Config;
@ -13,19 +15,26 @@ use crate::error::Result;

 #[derive(Clone)]
 pub struct Permissions {
+    log: Logger,
    pdb: Mutable<Enforcer>,
    auth: Authentication,
 }

 impl Permissions {
-    pub fn new(pdb: Mutable<Enforcer>, auth: Authentication) -> Self {
-        Self { pdb, auth }
+    pub fn new(log: Logger, pdb: Mutable<Enforcer>, auth: Authentication) -> Self {
+        Self { log, pdb, auth }
    }

    pub fn enforce(&self, object: &str, action: &str) -> bool {
        if let Some(actor) = self.auth.get_authzid() {
-            self.pdb.lock_ref().enforce(vec![&actor,object,action]).unwrap()
+            trace!(self.log, "Checking permission {} for {} on {}", action, actor, object);
+            let r = self.pdb.lock_ref().enforce(vec![&actor,object,action]).unwrap();
+            if !r {
+                info!(self.log, "Failed permission {} for {} on {}", action, actor, object);
+            }
+            return r;
        } else {
+            info!(self.log, "Attempted anonymous access: {} on {}", action, object);
            false
        }
    }
--- a/src/machine.rs
+++ b/src/machine.rs
@ -64,11 +64,13 @@ impl api::machines::Server for Machines {
                let mut b = results.get();
                let mngr = api::machines::manage::ToClient::new(manager).into_client::<Server>();
                b.set_manage(mngr);
+                trace!(self.log, "Granted manage on machine {}", uuid);
                Promise::ok(())
            } else {
                Promise::err(Error::failed("Permission denied".to_string()))
            }
        } else {
+            info!(self.log, "Attempted manage on invalid machine {}", uuid);
            Promise::err(Error::failed("No such machine".to_string()))
        }
    }
@ -84,8 +86,10 @@ impl api::machines::Server for Machines {

        let mdb = self.mdb.lock_ref();
        if let Some(m) = mdb.get(&uuid) {
+            trace!(self.log, "Granted use on machine {}", uuid);
            Promise::ok(())
        } else {
+            info!(self.log, "Attempted use on invalid machine {}", uuid);
            Promise::err(Error::failed("No such machine".to_string()))
        }
    }
--- a/src/main.rs
+++ b/src/main.rs
@ -55,6 +55,8 @@ fn main() {

    let addr = args[1].to_socket_addrs().unwrap().next().expect("could not parse address");

+    let permlog = log.new(o!());
+    let machlog = log.new(o!());

    let spawner = exec.spawner();
    let result: Result<(), Box<dyn std::error::Error>> = exec.run_until(async move {
@ -64,8 +66,8 @@ fn main() {
            let socket = socket?;
            // TODO: Prettify session handling
            let auth = auth::Authentication::new(authp.clone());
-            let perm = access::Permissions::new(enf.clone(), auth.clone());
-            let mach = machine::Machines::new(m.clone(), perm.clone());
+            let perm = access::Permissions::new(permlog.clone(), enf.clone(), auth.clone());
+            let mach = machine::Machines::new(machlog.clone(), m.clone(), perm.clone());

            let rpc_system = api::process_socket(auth, perm, mach, socket);
            spawner.spawn_local_obj(