diff options
author | Christian Heimes <cheimes@redhat.com> | 2015-11-06 13:04:58 +0100 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2015-11-11 11:37:15 -0500 |
commit | 38fa5ecd780a6b00b70a450c4716320865ef4227 (patch) | |
tree | 3b752a06d8b7b9f277c30383df9b99836d8bc53e /custodia/kubernetes/authz.py | |
parent | d3c907cb21416a23e8f736f156ea807f6d1d00c5 (diff) | |
download | custodia-kube.tar.gz custodia-kube.tar.xz custodia-kube.zip |
Increase logging output of Kubernetes pluginskube
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Diffstat (limited to 'custodia/kubernetes/authz.py')
-rw-r--r-- | custodia/kubernetes/authz.py | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/custodia/kubernetes/authz.py b/custodia/kubernetes/authz.py index 4342f6f..cb9c68d 100644 --- a/custodia/kubernetes/authz.py +++ b/custodia/kubernetes/authz.py @@ -36,7 +36,7 @@ class KubeAuthz(HTTPAuthorizer): trail = path[len(prefix) + 1:] (namespace, podname, secret) = trail.split('/', 2) - self.logger.debug("Checking if pod %s,%s has access to secret %s", + self.logger.debug("Checking if pod %s/%s has access to secret %s", namespace, podname, secret) try: @@ -52,6 +52,10 @@ class KubeAuthz(HTTPAuthorizer): request['client_id'], path) return False + self.logger.debug( + "Pod %s/%s runs on node %s with secret namespace %s.", + namespace, podname, node_id, secrets_namespace) + if node_id != request.get("remote_user"): self.logger.debug("Node authenticated as %s, but pod is believed " "to be running on %s", |