diff options
author | HÃ¥kon Hallingstad <hakon@verizonmedia.com> | 2020-01-06 10:44:52 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-01-06 10:44:52 +0100 |
commit | 85b4bec296463e1ff0d2391cfe7ff3f2d24a266a (patch) | |
tree | f4cff59376da83de5702f85f2f76dd9287231dee | |
parent | 5b94e1bb79433051a141549aef2c46517c55ba23 (diff) | |
parent | 24e0601dae6dd3843c8373d1861e1c6699264217 (diff) |
Merge pull request #11638 from vespa-engine/bjorncs/configserver-authz-logging
Don't log warning when peer is not in host registry
2 files changed, 26 insertions, 5 deletions
diff --git a/configserver/src/main/java/com/yahoo/vespa/config/server/rpc/security/AuthorizationException.java b/configserver/src/main/java/com/yahoo/vespa/config/server/rpc/security/AuthorizationException.java index 20435d96068..8b46a5b40fa 100644 --- a/configserver/src/main/java/com/yahoo/vespa/config/server/rpc/security/AuthorizationException.java +++ b/configserver/src/main/java/com/yahoo/vespa/config/server/rpc/security/AuthorizationException.java @@ -6,12 +6,28 @@ package com.yahoo.vespa.config.server.rpc.security; */ class AuthorizationException extends RuntimeException { - AuthorizationException(String message) { + enum Type {WARN, SILENT} + + private final Type type; + + AuthorizationException(Type type, String message) { super(message); + this.type = type; } - AuthorizationException(String message, Throwable cause) { + AuthorizationException(String message) { + this(Type.WARN, message); + } + + AuthorizationException(Type type, String message, Throwable cause) { super(message, cause); + this.type = type; } + + AuthorizationException(String message, Throwable cause) { + this(Type.WARN, message, cause); + } + + Type type() { return type; } } diff --git a/configserver/src/main/java/com/yahoo/vespa/config/server/rpc/security/MultiTenantRpcAuthorizer.java b/configserver/src/main/java/com/yahoo/vespa/config/server/rpc/security/MultiTenantRpcAuthorizer.java index d20f9ed1abc..8d17a32d102 100644 --- a/configserver/src/main/java/com/yahoo/vespa/config/server/rpc/security/MultiTenantRpcAuthorizer.java +++ b/configserver/src/main/java/com/yahoo/vespa/config/server/rpc/security/MultiTenantRpcAuthorizer.java @@ -31,6 +31,8 @@ import java.util.concurrent.Executors; import java.util.function.BiConsumer; import java.util.logging.Logger; +import static com.yahoo.vespa.config.server.rpc.security.AuthorizationException.*; + /** * A {@link RpcAuthorizer} that perform access control for configserver RPC methods when TLS and multi-tenant mode are enabled. @@ -110,7 +112,7 @@ public class MultiTenantRpcAuthorizer implements RpcAuthorizer { if (isConfigKeyForSentinelConfig(configKey)) { return; // config processor will return empty sentinel config for unknown nodes } - throw new AuthorizationException(String.format("Host '%s' not found in host registry for [%s]", hostname, configKey)); + throw new AuthorizationException(Type.SILENT, String.format("Host '%s' not found in host registry for [%s]", hostname, configKey)); } RequestHandler tenantHandler = getTenantHandler(tenantName.get()); ApplicationId resolvedApplication = tenantHandler.resolveApplicationId(hostname); @@ -151,10 +153,13 @@ public class MultiTenantRpcAuthorizer implements RpcAuthorizer { } private void handleAuthorizationFailure(Request request, Throwable throwable) { + boolean isAuthorizationException = throwable instanceof AuthorizationException; String errorMessage = String.format("For request '%s' from '%s': %s", request.methodName(), request.target().toString(), throwable.getMessage()); - log.log(LogLevel.INFO, errorMessage); + if (!isAuthorizationException || ((AuthorizationException) throwable).type() != Type.SILENT) { + log.log(LogLevel.INFO, errorMessage); + } log.log(LogLevel.DEBUG, throwable, throwable::getMessage); - JrtErrorCode error = throwable instanceof AuthorizationException ? JrtErrorCode.UNAUTHORIZED : JrtErrorCode.AUTHORIZATION_FAILED; + JrtErrorCode error = isAuthorizationException ? JrtErrorCode.UNAUTHORIZED : JrtErrorCode.AUTHORIZATION_FAILED; request.setError(error.code, errorMessage); request.returnRequest(); throwUnchecked(throwable); // rethrow exception to ensure that subsequent completion stages are not executed (don't execute implementation of rpc method). |