oathkeeper
oathkeeper copied to clipboard
ory
provide "debug" level feedback on template execution output
When using templating, malformed syntax can be difficult to debug. An executed template resulting in invalid json fails the json parser with cryptic results.
For example, when attempting to use the sprig integration to copy all claims from a jwt authenticator to an id_token mutator, I tried this:
mutators:
- handler: id_token
config:
claims:
'{"aud": ["https://example.com"], "ci_job_jwt": "{{ toRawJson .Extra }}"}'
...
which resulted in the following excerpt from the oathkeeper serve logs:
{
...
"error":{"message":"invalid character 'e' after object key:value pair",
"trace":"...",
...
}
}
I'd like debug level logging to output the result of the executed template, so that I may decipher where my syntax error is (in my example above, I don't need to encapsulate the {{ toRawJson .Extra }} template variable in quotes -- this would been relatively easy to see if I could view the resulting template output).
I believe one way to solve this is to:
- add a
loggerinstance to each mutator - call
logger.Debugf("Template results: %s", b.String())before attempting to pass the template results to the json parser. In my example, I'd add this line here: https://github.com/ory/oathkeeper/blob/master/pipeline/mutate/mutator_id_token.go#L169
I do think this is a common enough problem (debugging template output) that solving this in each mutator is redundant. But, I could use some direction on how to generalize this solution.
I do see the https://github.com/ory/oathkeeper/blob/master/pipeline/mutate/mutator_hydrator.go#L98 has a logger object. I wonder if this approach should be applied to all mutators.
whatever does get logged should pass through the leak_sensitive_values boolean logic...
Yeah, absolutely agree. Would definitely appreciate a PR. We could send this stuff to OpenTracing for even better debugability - but I think having it in the logs is more developer friendly in the beginning / dev phase.
Hello contributors!
I am marking this issue as stale as it has not received any engagement from the community or maintainers a year. That does not imply that the issue has no merit! If you feel strongly about this issue
- open a PR referencing and resolving the issue;
- leave a comment on it and discuss ideas how you could contribute towards resolving it;
- leave a comment and describe in detail why this issue is critical for your use case;
- open a new issue with updated details and a plan on resolving the issue.
Throughout its lifetime, Ory has received over 10.000 issues and PRs. To sustain that growth, we need to prioritize and focus on issues that are important to the community. A good indication of importance, and thus priority, is activity on a topic.
Unfortunately, burnout has become a topic of concern amongst open-source projects.
It can lead to severe personal and health issues as well as opening catastrophic attack vectors.
The motivation for this automation is to help prioritize issues in the backlog and not ignore, reject, or belittle anyone.
If this issue was marked as stale erroneous you can exempt it by adding the backlog label, assigning someone, or setting a milestone for it.
Thank you for your understanding and to anyone who participated in the conversation! And as written above, please do participate in the conversation if this topic is important to you!
Thank you 🙏✌️
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Hello contributors!
I am marking this issue as stale as it has not received any engagement from the community or maintainers for a year. That does not imply that the issue has no merit! If you feel strongly about this issue
- open a PR referencing and resolving the issue;
- leave a comment on it and discuss ideas on how you could contribute towards resolving it;
- leave a comment and describe in detail why this issue is critical for your use case;
- open a new issue with updated details and a plan for resolving the issue.
Throughout its lifetime, Ory has received over 10.000 issues and PRs. To sustain that growth, we need to prioritize and focus on issues that are important to the community. A good indication of importance, and thus priority, is activity on a topic.
Unfortunately, burnout has become a topic of concern amongst open-source projects.
It can lead to severe personal and health issues as well as opening catastrophic attack vectors.
The motivation for this automation is to help prioritize issues in the backlog and not ignore, reject, or belittle anyone.
If this issue was marked as stale erroneously you can exempt it by adding the backlog label, assigning someone, or setting a milestone for it.
Thank you for your understanding and to anyone who participated in the conversation! And as written above, please do participate in the conversation if this topic is important to you!
Thank you 🙏✌️