Skip to content

Commit

Permalink
Clarify the deliver access denied message (#1224)
Browse files Browse the repository at this point in the history
There are two scenarios where a deliver client could receive a
'FORBIDDEN' result when requesting blocks.  Either the client was not
authorized to connect to the channel initially, or, the client's
access was revoked after a successful connection by some later
configuration block.  In both cases, we log an identical error message
that "Client authorization revoked" when in fact, for the first case,
the client may never have had access, so claiming it was revoked is
misleading.

Signed-off-by: Jason Yellick <jyellick@us.ibm.com>
  • Loading branch information
Jason Yellick authored May 8, 2020
1 parent 25e5c3e commit fcbc3f3
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion common/deliver/deliver.go
Original file line number Diff line number Diff line change
Expand Up @@ -249,7 +249,7 @@ func (h *Handler) deliverBlocks(ctx context.Context, srv *Server, envelope *cb.E
}

if err := accessControl.Evaluate(); err != nil {
logger.Warningf("[channel: %s] Client authorization revoked for deliver request from %s: %s", chdr.ChannelId, addr, err)
logger.Warningf("[channel: %s] Client %s is not authorized: %s", chdr.ChannelId, addr, err)
return cb.Status_FORBIDDEN, nil
}

Expand Down

0 comments on commit fcbc3f3

Please sign in to comment.