admin: update log messages for admin backends

fitzthum · fitzthum · commit 093fa666a027 · 2026-02-11T14:05:14.000-08:00
The admin backend is only the first step in granting access to an admin
endpoint. The admin backend validates the admin token. Next the role
extracted from that token is checked.

As such, change the logging in the admin backends to talk about the
admin token validation passing/failing rather than access being granted
to an endpoint.

Signed-off-by: Tobin Feldman-Fitzthum &lt;tfeldmanfitz@nvidia.com&gt;
diff --git a/kbs/src/admin/allow_all.rs b/kbs/src/admin/allow_all.rs
@@ -13,7 +13,7 @@ pub struct InsecureAllowAllBackend {}
 
 impl AdminBackend for InsecureAllowAllBackend {
     fn validate_admin_token(&self, _request: &HttpRequest) -> Result<String> {
-        warn!("Allow All admin backend is set. Anyone can access admin APIs");
+        warn!("Allow All admin backend is set. All admin tokens are valid.");
         Ok("Anonymous".to_string())
     }
 }
diff --git a/kbs/src/admin/simple.rs b/kbs/src/admin/simple.rs
@@ -66,13 +66,16 @@ impl AdminBackend for SimpleAdminBackend {
                 .verify_token::<NoCustomClaims>(token, Some(VerificationOptions::default()));
             match res {
                 Ok(_claims) => {
-                    info!("Admin access granted for {}", persona.id);
+                    info!("Admin token validated (simple) for persona: {}", persona.id);
 
                     // Return the first matching persona
                     return Ok(persona.id.clone());
                 }
                 Err(e) => {
-                    info!("Access not granted for {} due to: \n{}", persona.id, e);
+                    info!(
+                        "Admin token not validated for {} due to: \n{}",
+                        persona.id, e
+                    );
                 }
             }
         }

Original file line number	Diff line number	Diff line change
`@@ -13,7 +13,7 @@ pub struct InsecureAllowAllBackend {}`
`13`	`13`
`14`	`14`	`impl AdminBackend for InsecureAllowAllBackend {`
`15`	`15`	`fn validate_admin_token(&self, _request: &HttpRequest) -> Result<String> {`
`16`		`- warn!("Allow All admin backend is set. Anyone can access admin APIs");`
	`16`	`+ warn!("Allow All admin backend is set. All admin tokens are valid.");`
`17`	`17`	`Ok("Anonymous".to_string())`
`18`	`18`	`}`
`19`	`19`	`}`
Original file line number	Diff line number	Diff line change
`@@ -66,13 +66,16 @@ impl AdminBackend for SimpleAdminBackend {`
`66`	`66`	`.verify_token::<NoCustomClaims>(token, Some(VerificationOptions::default()));`
`67`	`67`	`match res {`
`68`	`68`	`Ok(_claims) => {`
`69`		`- info!("Admin access granted for {}", persona.id);`
	`69`	`+ info!("Admin token validated (simple) for persona: {}", persona.id);`
`70`	`70`
`71`	`71`	`// Return the first matching persona`
`72`	`72`	`return Ok(persona.id.clone());`
`73`	`73`	`}`
`74`	`74`	`Err(e) => {`
`75`		`- info!("Access not granted for {} due to: \n{}", persona.id, e);`
	`75`	`+ info!(`
	`76`	`+ "Admin token not validated for {} due to: \n{}",`
	`77`	`+ persona.id, e`
	`78`	`+ );`
`76`	`79`	`}`
`77`	`80`	`}`
`78`	`81`	`}`