diff options
| author | Harald Musum <musum@verizonmedia.com> | 2019-09-20 09:48:48 +0200 |
|---|---|---|
| committer | Harald Musum <musum@verizonmedia.com> | 2019-09-20 09:48:48 +0200 |
| commit | a8fbc6e8aae3cf5204a9242aed648acfb9761700 (patch) | |
| tree | 21cb8e5ac860268ef838953517c3a20c0276b0ed /configserver | |
| parent | a2b4682d1beeae32d2aa7d884410d5b6c8398a8c (diff) | |
Add file references owned by application to exception message
Diffstat (limited to 'configserver')
2 files changed, 6 insertions, 4 deletions
diff --git a/configserver/src/main/java/com/yahoo/vespa/config/server/rpc/security/MultiTenantRpcAuthorizer.java b/configserver/src/main/java/com/yahoo/vespa/config/server/rpc/security/MultiTenantRpcAuthorizer.java index 15e52e48c3a..86fee1ab9bc 100644 --- a/configserver/src/main/java/com/yahoo/vespa/config/server/rpc/security/MultiTenantRpcAuthorizer.java +++ b/configserver/src/main/java/com/yahoo/vespa/config/server/rpc/security/MultiTenantRpcAuthorizer.java @@ -127,7 +127,7 @@ public class MultiTenantRpcAuthorizer implements RpcAuthorizer { } throw new AuthorizationException( String.format( - "Peer is not allowed to access config for owned by %s. Peer is owned by %s", + "Peer is not allowed to access config owned by %s. Peer is owned by %s", resolvedApplication.toShortString(), peerOwner.toShortString())); } default: @@ -149,7 +149,9 @@ public class MultiTenantRpcAuthorizer implements RpcAuthorizer { if (filesOwnedByApplication.contains(requestedFile)) { return; // allowed to access } - throw new AuthorizationException(String.format("Peer is not allowed to access file %s. Peer is owned by %s", requestedFile.value(), peerOwner.toShortString())); + throw new AuthorizationException( + String.format("Peer is not allowed to access file reference %s. Peer is owned by %s. File references owned by this application: %s", + requestedFile.value(), peerOwner.toShortString(), filesOwnedByApplication)); default: throw new AuthorizationException(String.format("'%s' nodes are not allowed to access files", peerIdentity.nodeType())); } diff --git a/configserver/src/test/java/com/yahoo/vespa/config/server/rpc/security/MultiTenantRpcAuthorizerTest.java b/configserver/src/test/java/com/yahoo/vespa/config/server/rpc/security/MultiTenantRpcAuthorizerTest.java index a1d4f28cb74..9f5a297103d 100644 --- a/configserver/src/test/java/com/yahoo/vespa/config/server/rpc/security/MultiTenantRpcAuthorizerTest.java +++ b/configserver/src/test/java/com/yahoo/vespa/config/server/rpc/security/MultiTenantRpcAuthorizerTest.java @@ -148,7 +148,7 @@ public class MultiTenantRpcAuthorizerTest { Request fileRequest = createFileRequest(new FileReference("other-file-reference")); - exceptionRule.expectMessage("Peer is not allowed to access file other-file-reference"); + exceptionRule.expectMessage("Peer is not allowed to access file reference other-file-reference. Peer is owned by mytenant.myapplication. File references owned by this application: [file 'myfilereference']"); exceptionRule.expectCause(instanceOf(AuthorizationException.class)); authorizer.authorizeFileRequest(fileRequest) @@ -168,7 +168,7 @@ public class MultiTenantRpcAuthorizerTest { Request configRequest = createConfigRequest(new ConfigKey<>("name", "configid", "namespace"), HOSTNAME); - exceptionRule.expectMessage("Peer is not allowed to access config for owned by mytenant.myapplication. Peer is owned by malice.malice-app"); + exceptionRule.expectMessage("Peer is not allowed to access config owned by mytenant.myapplication. Peer is owned by malice.malice-app"); exceptionRule.expectCause(instanceOf(AuthorizationException.class)); authorizer.authorizeConfigRequest(configRequest) |