On Wed, Apr 19, 2017 at 05:38:50PM -0400, Lance Richardson wrote: > ----- Original Message ----- > > From: "Lance Richardson" <[email protected]> > > > > +struct ovsdb_error *ovsdb_perm_error(const char *details, ...) > > +{ > > + struct ovsdb_error *error; > > + va_list args; > > + > > + va_start(args, details); > > + error = ovsdb_error_valist("permission error", details, args); > > + va_end(args); > > + > > + return error; > > +} > > + > > + > > I had been assuming that these errors would be logged by the client, but > this doesn't seem to be the case (other than in ovsdb-client, anyway). > > At the moment, there are no logs produced when a transaction by ovn-controller > is denied due to RBAC checks. I'm wondering if this is something that should > be done by the idl/jsonrpc infrastructure or informational logs in > ovsdb-server. > Ideally (I think) the client should be logging these, but it's not clear > whether > there's any way currently for e.g. the ovn-controller idl loop to report > transaction errors. > > Any suggestions for how to handle reporting RBAC failures or pointers to > existing examples where transaction failures are reported would be > appreciated.
The ovsdb-idl client should probably log JSON-RPC errors in response to transactions. Until now, they've been pretty rare. But, I would have it log errors that it thinks it understands only at DBG level, if at all. I think that other errors, that it doesn't think it understands, are already passed to ovsdb_idl_txn_set_error_json(), so probably that would be a good point at which to log them. _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
