opendev/gerrit
Code Issues Proposed changes

Add debug logs for known groups that show up in trace

Browse Source 
Debugging permission issues normally requires to know in which groups
the calling user is a member. Make this information available in traces.

Example log entry:
[2018-08-30 15:26:49,989] [HTTP-87] TRACE com.google.gerrit.server.IdentifiedUser : Known groups of admin: [157e8dff6c25b2b1955df92fecdb961a52fa6160, global%3ARegistered-Users, 5ef73722ea07c54f62e4b02ea414d262c0a2e046, ca1fd42646e71d8081add52fbb0171a8504c97cd, global%3AAnonymous-Users]

Change-Id: Ibca0cb15d4e63540c7b6e4663ec1decb7d393d25
Signed-off-by: Edwin Kempin <ekempin@google.com>
This commit is contained in:
Edwin Kempin
2018-08-30 15:21:20 +02:00
parent fd6f6cb1e7
commit 7957b36c09
1 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
java/com/google/gerrit/server/IdentifiedUser.java
View File

@@ -15,10 +15,12 @@
package com.google.gerrit.server;
import static com.google.common.base.MoreObjects.firstNonNull;
import static com.google.common.flogger.LazyArgs.lazy;
import com.google.common.base.Strings;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Sets;
import com.google.common.flogger.FluentLogger;
import com.google.gerrit.common.Nullable;
import com.google.gerrit.reviewdb.client.Account;
import com.google.gerrit.server.account.AccountCache;
@@ -54,6 +56,8 @@ import org.eclipse.jgit.util.SystemReader;
/** An authenticated user. */
public class IdentifiedUser extends CurrentUser {
private static final FluentLogger logger = FluentLogger.forEnclosingClass();
/** Create an IdentifiedUser, ignoring any per-request state. */
@Singleton
public static class GenericFactory {
@@ -375,8 +379,13 @@ public class IdentifiedUser extends CurrentUser {
if (effectiveGroups == null) {
if (authConfig.isIdentityTrustable(state().getExternalIds())) {
effectiveGroups = groupBackend.membershipsOf(this);
logger.atFinest().log(
"Known groups of %s: %s", getLoggableName(), lazy(effectiveGroups::getKnownGroups));
} else {
effectiveGroups = registeredGroups;
logger.atFinest().log(
"%s has a non-trusted identity, falling back to %s as known groups",
getLoggableName(), lazy(registeredGroups::getKnownGroups));
}
}
return effectiveGroups;