Google Git
Sign in
vanadium / release.go.x.ref / 705e3d0605fc4e76cfc3430fb5a06c4a0980e3eb^! / .
commit705e3d0605fc4e76cfc3430fb5a06c4a0980e3eb[log] [tgz]
authorAnkur <ataly@google.com>Fri Dec 19 11:34:42 2014 -0800
committerAnkur <ataly@google.com>Fri Dec 19 11:34:46 2014 -0800
treed3bee147b2798544b2c14126e09ae24331232268
parentcd63a8cbd34d7426cb3c2464b9f3e84a73c6770b [diff]
"veyron2/services/security": More informative authorizqation errors

Common authorization errors that we encounter today are
"policy disallows []"
"[] does not match ACL"

Both of these are very hard to debug as it is unclear whether
credentials failed to validate (i.e, have failed caveats) or
the client's credentials are not set properly. This CL tries
to make the error more informative by dumping both the blessings
that the client sent and the ones that were successfully validated
at the server's end.

Change-Id: Ibc2c8ae74758680bc097f947b59e108226baa42d

diff --git a/runtimes/google/ipc/default_authorizer.go b/runtimes/google/ipc/default_authorizer.go
index bbaa7c9..16812e7 100644
--- a/runtimes/google/ipc/default_authorizer.go
+++ b/runtimes/google/ipc/default_authorizer.go

@@ -13,22 +13,29 @@
 
 func (defaultAuthorizer) Authorize(ctx security.Context) error {
 	var (
-		local  = ctx.LocalBlessings().ForContext(ctx)
-		remote = ctx.RemoteBlessings().ForContext(ctx)
+		localForContext  = ctx.LocalBlessings().ForContext(ctx)
+		remote           = ctx.RemoteBlessings()
+		remoteForContext = remote.ForContext(ctx)
 	)
-	// Authorize if any element in local is a "delegate of" (i.e., has been
+	// Authorize if any element in localForContext is a "delegate of" (i.e., has been
 	// blessed by) any element in remote, OR vice-versa.
-	for _, l := range local {
-		if security.BlessingPattern(l).MatchedBy(remote...) {
+	for _, l := range localForContext {
+		if security.BlessingPattern(l).MatchedBy(remoteForContext...) {
 			// l is a delegate of an element in remote.
 			return nil
 		}
 	}
-	for _, r := range remote {
-		if security.BlessingPattern(r).MatchedBy(local...) {
-			// r is a delegate of an element in local.
+	for _, r := range remoteForContext {
+		if security.BlessingPattern(r).MatchedBy(localForContext...) {
+			// r is a delegate of an element in localForContext.
 			return nil
 		}
 	}
-	return fmt.Errorf("policy disallows %v", remote)
+
+	// TODO(ataly, ashankar, caprita): Below we implicitly invoke the String() on
+	// remote blessings in order to construct thre error messsage. This is somewhat
+	// breaking encapsulation as the String() method is hidden from the public API
+	// and is only meant for debugging purposes. Should we make the 'String' method
+	// public?
+	return fmt.Errorf("all valid blessings for this request: %v (out of %v) are disallowed by the policy", remoteForContext, remote)
 }