Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve logging #67

Open
harti2006 opened this issue Jun 22, 2016 · 1 comment
Open

Improve logging #67

harti2006 opened this issue Jun 22, 2016 · 1 comment

Comments

@harti2006
Copy link

...especially for the authorization logic, which is really complex:

(defn require-write-authorization
  "If user is employee, check that is in correct team.
   If user is service, check that it has application_write.all scope OR has application.write and is correct team"
  [request team]
  (require-uid request)
  (let [has-auth? (auth/get-auth request team)
        realm (from-token request "realm")
        is-robot? (= "/services" realm)
        is-human? (= "/employees" realm)
        has-scope? (set (from-token request "scope"))]
    (if is-human?
      (when-not has-auth?
        (api/throw-error 403 "Unauthorized")))
    (if is-robot?
      (if-not (has-scope? "application.write_all")
        (when-not (and
                    (has-scope? "application.write")
                    has-auth?)
          (api/throw-error 403 "Unauthorized"))
        (require-special-uid request)))))
@maxim-tschumak
Copy link
Contributor

maxim-tschumak commented Apr 23, 2019
edited
Loading

In case of an error, the application also logs the database password:

 {"log":"ERROR [main] o.z.s.k.core - Could not start system because of [\"clojure.lang.ExceptionInfo: Error in component :api in system com.stuartsierra.component.SystemMap calling #'com.stuartsierra.component/start {:reason :com.stuartsierra.component/component-function-threw-exception, :function #'com.stuartsierra.component/start, :system-key :api, :component #org.zalando.stups.kio.api.API{:configuration {:kio-url \\\"http://localhost:8080\\\", :admin-users \\\"...o\\\", :magnificent-policy \\\"..\\\", :team-service-url \\\"...\\\", :port 8080, :username-prefix \\\"stups_\\\", :magnificent-url \\\"...\\\"}, :httpd nil, :metrics #org.zalando.stups.friboo.system.metrics.Metrics{:configuration {}, :metrics-registry #object[com.codahale.metrics.MetricRegistry 0xe822394 \\\"com.codahale.metrics.MetricRegistry@e822394\\\"]}, :audit-log #org.zalando.stups.friboo.system.audit_log.AuditLog{:configuration {}}, :db #org.zalando.stups.kio.sql.DB{:configuration {:init-sql \\\"SET search_path TO zk_data, public\\\", :subprotocol \\\"postgresql\\\", :subname \\\"//kio-db.stups.zalan.do:5432/kio?ssl=true\\\", :user \\\"kio_service\\\", :password \\\"${HERE_WAS_THE_PASSWORD}\\\", :classname \\\"org.postgresql.Driver\\\"}, :datasource #object[com.jolbox.bonecp.BoneCPDataSource 0x3ef97efc \\\"JDBC URL = jdbc:postgresql://...?ssl=true, Username = kio_service, partitions = 3, max (per partition) = 7, min (per partition) = 2, idle max age = 10 min, idle test period = 2 min, strategy = DEFAULT\\\"]}, :http-audit-logger #org.zalando.stups.friboo.system.audit_logger.http.HTTP{:configuration {:api-url \\\"...\\\", :token-name \\\"...\\\"}, :tokens #org.zalando.stups.friboo.system.oauth2.OAuth2TokenRefresher{:configuration {:access-token-url \\\"...\\\", :credentials-dir \\\"/meta/credentials\\\", :tokeninfo-uri \\\"...\\\"}, :tokens {\\\"http-audit-logger\\\" [\\\"uid\\\"]}, :token-storage #object[org.zalando.stups.tokens.fs.FilesystemSecretRefresher 0x67add4c9 \\\"org.zalando.stups.tokens.fs.FilesystemSecretRefresher@67add4c9\\\"], :static-tokens nil}, :log-fn #object[clojure.core$partial$fn__4759 0x147a8d7c \\\"clojure.core$partial$fn__4759@147a8d7c\\\"]}, :app-metrics #org.zalando.stups.kio.metrics.DeprecationMetrics{:metrics #org.zalando.stups.friboo.system.metrics.Metrics{:configuration {}, :metrics-registry #object[com.codahale.metrics.MetricRegistry 0xe822394 \\\"com.codahale.metrics.MetricRegistry@e822394\\\"]}, :deprecation-versions-get #object[com.codahale.metrics.Meter 0x373e09c7 \\\"com.codahale.metrics.Meter@373e09c7\\\"], :deprecation-version-get #object[com.codahale.metrics.Meter 0x3f04847e \\\"com.codahale.metrics.Meter@3f04847e\\\"], :deprecation-version-put #object[com.codahale.metrics.Meter 0x2a7b4b19 \\\"com.codahale.metrics.Meter@2a7b4b19\\\"], :deprecation-application-approvals-get #object[com.codahale.metrics.Meter 0x26415b5e \\\"com.codahale.metrics.Meter@26415b5e\\\"], :deprecation-version-approvals-get #object[com.codahale.metrics.Meter 0x61761e60 \\\"com.codahale.metrics.Meter@61761e60\\\"], :deprecation-version-approvals-put #object[com.codahale.metrics.Meter 0x7aca4144 \\\"com.codahale.metrics.Meter@7aca4144\\\"]}}, :system #<SystemMap>}\"].

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@maxim-tschumak @harti2006