Add more logging in prod (#144)

mallport · web-flow · commit 607c15be2195 · 2025-06-30T13:10:38.000+02:00
diff --git a/.nais/prod/nais.yaml b/.nais/prod/nais.yaml
@@ -215,6 +215,7 @@ data:
 
     logger:
       levels:
+        root: INFO
         io.micronaut.security: INFO
         no.ssb.dlp.pseudo.service: INFO
         io.micronaut.security.token.jwt.validator: DEBUG
diff --git a/src/main/java/no/ssb/dlp/pseudo/service/security/CustomRolesFinder.java b/src/main/java/no/ssb/dlp/pseudo/service/security/CustomRolesFinder.java
@@ -44,7 +44,7 @@ public List<String> resolveRoles(Map<String, Object> attributes) {
             email = Optional.ofNullable(Objects.toString(attributes.get(tokenConfiguration.getNameKey()), null));
         }
 
-        log.debug("User {} has a trusted issuer? {}", email, trustedIssuer);
+        log.info("User {} has a trusted issuer? {}", email, trustedIssuer);
 
         // We check for trustedIssuer when in environments where all authenticated requests are accepted
         // This is due to Google tokens being valid for authorization purposes,
@@ -67,14 +67,16 @@ public List<String> resolveRoles(Map<String, Object> attributes) {
         }
         if (rolesConfig.getUsersGroup().isPresent()) {
             final List<Membership> userMembers = cloudIdentityService.listMembers(rolesConfig.getUsersGroup().get());
+            List<String> userEmails = cloudIdentityService.listMembers(rolesConfig.getUsersGroup().get()).stream().map(v -> v.preferredMemberKey().id()).toList();
+            log.info("User group {} has members {}", rolesConfig.getUsersGroup().get(), userEmails);
             if (email.map(user_email -> userMembers.stream().anyMatch(value -> value.preferredMemberKey().id().equals(user_email))).orElse(false)) {
                 roles.add(PseudoServiceRole.USER);
             }
         }
         if (roles.isEmpty()) {
             log.info("Could not resolve any roles for user {}", email);
         }
-        log.debug("Resolved roles {} for user {}", roles, email);
+        log.info("Resolved roles {} for user {}", roles, email);
         return roles;
     }
 

Original file line number	Diff line number	Diff line change
`@@ -44,7 +44,7 @@ public List<String> resolveRoles(Map<String, Object> attributes) {`
`44`	`44`	`email = Optional.ofNullable(Objects.toString(attributes.get(tokenConfiguration.getNameKey()), null));`
`45`	`45`	`}`
`46`	`46`
`47`		`- log.debug("User {} has a trusted issuer? {}", email, trustedIssuer);`
	`47`	`+ log.info("User {} has a trusted issuer? {}", email, trustedIssuer);`
`48`	`48`
`49`	`49`	`// We check for trustedIssuer when in environments where all authenticated requests are accepted`
`50`	`50`	`// This is due to Google tokens being valid for authorization purposes,`
`@@ -67,14 +67,16 @@ public List<String> resolveRoles(Map<String, Object> attributes) {`
`67`	`67`	`}`
`68`	`68`	`if (rolesConfig.getUsersGroup().isPresent()) {`
`69`	`69`	`final List<Membership> userMembers = cloudIdentityService.listMembers(rolesConfig.getUsersGroup().get());`
	`70`	`+ List<String> userEmails = cloudIdentityService.listMembers(rolesConfig.getUsersGroup().get()).stream().map(v -> v.preferredMemberKey().id()).toList();`
	`71`	`+ log.info("User group {} has members {}", rolesConfig.getUsersGroup().get(), userEmails);`
`70`	`72`	`if (email.map(user_email -> userMembers.stream().anyMatch(value -> value.preferredMemberKey().id().equals(user_email))).orElse(false)) {`
`71`	`73`	`roles.add(PseudoServiceRole.USER);`
`72`	`74`	`}`
`73`	`75`	`}`
`74`	`76`	`if (roles.isEmpty()) {`
`75`	`77`	`log.info("Could not resolve any roles for user {}", email);`
`76`	`78`	`}`
`77`		`- log.debug("Resolved roles {} for user {}", roles, email);`
	`79`	`+ log.info("Resolved roles {} for user {}", roles, email);`
`78`	`80`	`return roles;`
`79`	`81`	`}`
`80`	`82`