-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
More descriptive AWS error messages. #6609
Comments
This error is returned by the OPA downloader and is then included in the status message. It's possible that the errors returned by AWS in this instance could contain sensitive information. This information would get logged and also included in the status API if enabled. We probably want to keep the downloader service agnostic. What if we logged this at debug level? |
Yeah that would definitely be a "good enough" solution; the data would be available to us if we needed it. The ideal solution might be a config value, but I don't want to clutter it unless absolutely necessary. |
This change logs the error response body at debug level. Since the errors could contain senstive info we don't include them in the status message. So this approach helps to get more information about the error at debug log level which is mostly used in a non-prod setup. Fixes: open-policy-agent#6609 Signed-off-by: Ashutosh Narkar <anarkar4387@gmail.com>
PR: #6647 |
This change logs the error response body at debug level. Since the errors could contain senstive info we don't include them in the status message. So this approach helps to get more information about the error at debug log level which is mostly used in a non-prod setup. Fixes: open-policy-agent#6609 Signed-off-by: Ashutosh Narkar <anarkar4387@gmail.com>
This change logs the error response body at debug level. Since the errors could contain senstive info we don't include them in the status message. So this approach helps to get more information about the error at debug log level which is mostly used in a non-prod setup. Fixes: #6609 Signed-off-by: Ashutosh Narkar <anarkar4387@gmail.com>
This change logs the error response body at debug level. Since the errors could contain senstive info we don't include them in the status message. So this approach helps to get more information about the error at debug log level which is mostly used in a non-prod setup. Fixes: open-policy-agent#6609 Signed-off-by: Ashutosh Narkar <anarkar4387@gmail.com> Signed-off-by: Thomas Sidebottom <thomas.sidebottom@va.gov>
What is the underlying problem you're trying to solve?
Currently, AWS error messages only reveal the error message associated with the status code that AWS returns, which can be quite vague, for example, running
opa run -s -c opa-bad-config.yml
with the following configWill produce an error like
{"level":"error","msg":"Bundle load failed: server replied with Bad Request","name":"policies","plugin":"bundle","time":"2024-02-26T08:28:12-08:00"}
which basically says that AWS returned a 400.Describe the ideal solution
The error message has all of the information received from AWS.
Describe a "Good Enough" solution
The error message has more of the information received from AWS.
Additional Context
First discussed with @kroekle.
The text was updated successfully, but these errors were encountered: