diff --git a/fiat-github/src/main/java/com/netflix/spinnaker/fiat/roles/github/GithubTeamsUserRolesProvider.java b/fiat-github/src/main/java/com/netflix/spinnaker/fiat/roles/github/GithubTeamsUserRolesProvider.java index 9da0d15b1..729c9b246 100644 --- a/fiat-github/src/main/java/com/netflix/spinnaker/fiat/roles/github/GithubTeamsUserRolesProvider.java +++ b/fiat-github/src/main/java/com/netflix/spinnaker/fiat/roles/github/GithubTeamsUserRolesProvider.java @@ -53,6 +53,7 @@ public class GithubTeamsUserRolesProvider implements UserRolesProvider, Initiali @Override public List loadRoles(String userName) { + log.debug("loadRoles for user " + userName); if (StringUtils.isEmpty(userName)|| StringUtils.isEmpty(gitHubProperties.getOrganization())) { return new ArrayList<>(); } @@ -68,6 +69,16 @@ public List loadRoles(String userName) { .isMemberOfOrganization(gitHubProperties.getOrganization(), userName); isMemberOfOrg = (response.getStatus() == 204); + if(log.isDebugEnabled()) { + StringBuilder sb = new StringBuilder(userName).append(" is "); + if (!isMemberOfOrg) { + sb.append("not "); + } + sb.append("a member of ") + .append(gitHubProperties.getOrganization()) + .append(" organization."); + log.debug(sb.toString()); + } } catch (RetrofitError e) { if (e.getKind() == RetrofitError.Kind.NETWORK) { log.error(String.format("Could not find the server %s", master.getBaseUrl()), e); @@ -115,10 +126,16 @@ public List loadRoles(String userName) { } } + log.debug("Found " + teams.size() + " teams in org."); teams.forEach(t -> { + StringBuilder sb = new StringBuilder(userName).append(" is member of team ").append(t.getName()); if (isMemberOfTeam(t, userName)) { + sb.append(": true"); result.add(toRole(t.getSlug())); + } else { + sb.append(": false"); } + log.debug(sb.toString()); }); return result; diff --git a/fiat-google-groups/src/main/java/com/netflix/spinnaker/fiat/roles/google/GoogleDirectoryUserRolesProvider.java b/fiat-google-groups/src/main/java/com/netflix/spinnaker/fiat/roles/google/GoogleDirectoryUserRolesProvider.java index 71384187e..11527d33e 100644 --- a/fiat-google-groups/src/main/java/com/netflix/spinnaker/fiat/roles/google/GoogleDirectoryUserRolesProvider.java +++ b/fiat-google-groups/src/main/java/com/netflix/spinnaker/fiat/roles/google/GoogleDirectoryUserRolesProvider.java @@ -84,7 +84,7 @@ private class GroupBatchCallback extends JsonBatchCallback { @Override public void onFailure(GoogleJsonError e, HttpHeaders responseHeaders) throws IOException { - log.error("Failed to fetch groups: " + e.getMessage()); + log.warn("Failed to fetch groups for user " + email + ": " + e.getMessage()); } @Override diff --git a/fiat-roles/src/main/java/com/netflix/spinnaker/fiat/permissions/DefaultPermissionsResolver.java b/fiat-roles/src/main/java/com/netflix/spinnaker/fiat/permissions/DefaultPermissionsResolver.java index b0025adb0..f757ee87f 100644 --- a/fiat-roles/src/main/java/com/netflix/spinnaker/fiat/permissions/DefaultPermissionsResolver.java +++ b/fiat-roles/src/main/java/com/netflix/spinnaker/fiat/permissions/DefaultPermissionsResolver.java @@ -16,6 +16,7 @@ package com.netflix.spinnaker.fiat.permissions; +import com.fasterxml.jackson.databind.ObjectMapper; import com.google.common.collect.ArrayListMultimap; import com.google.common.collect.Multimap; import com.netflix.spinnaker.fiat.config.UnrestrictedResourceConfig; @@ -73,7 +74,9 @@ public UserPermission resolve(@NonNull String userId) { public UserPermission resolveAndMerge(@NonNull ExternalUser user) { List roles; try { + log.debug("Loading roles for user " + user); roles = userRolesProvider.loadRoles(user.getId()); + log.debug("Got roles " + roles + " for user " + user); } catch (ProviderException pe) { throw new PermissionResolutionException("Failed to resolve user permission for user " + user.getId(), pe); } @@ -155,6 +158,11 @@ private Map> getAndMergeUserRoles(@NonNull Collection