diff --git a/internal/jimm/cloud.go b/internal/jimm/cloud.go index 1c4bb17d8..35c1237c6 100644 --- a/internal/jimm/cloud.go +++ b/internal/jimm/cloud.go @@ -9,6 +9,7 @@ import ( jujuparams "github.com/juju/juju/rpc/params" "github.com/juju/names/v4" + "github.com/juju/zaputil" "github.com/juju/zaputil/zapctx" "go.uber.org/zap" @@ -558,7 +559,13 @@ func (j *JIMM) GrantCloudAccess(ctx context.Context, user *openfga.User, ct name targetRelation, err := ToCloudRelation(access) if err != nil { - return errors.E(op, errors.CodeBadRequest, "failed to recognize given access", err) + zapctx.Debug( + ctx, + "failed to recognize given access", + zaputil.Error(err), + zap.String("access", string(access)), + ) + return errors.E(op, errors.CodeBadRequest, fmt.Sprintf("failed to recognize given access: %q", access), err) } err = j.doCloudAdmin(ctx, user, ct, func(_ *dbmodel.Cloud, _ API) error { @@ -594,6 +601,14 @@ func (j *JIMM) GrantCloudAccess(ctx context.Context, user *openfga.User, ct name }) if err != nil { + zapctx.Error( + ctx, + "failed to grant cloud access", + zaputil.Error(err), + zap.String("targetUser", string(ut.Id())), + zap.String("cloud", string(ct.Id())), + zap.String("access", string(access)), + ) return errors.E(op, err) } return nil @@ -609,7 +624,13 @@ func (j *JIMM) RevokeCloudAccess(ctx context.Context, user *openfga.User, ct nam targetRelation, err := ToCloudRelation(access) if err != nil { - return errors.E(op, errors.CodeBadRequest, "failed to recognize given access", err) + zapctx.Debug( + ctx, + "failed to recognize given access", + zaputil.Error(err), + zap.String("access", string(access)), + ) + return errors.E(op, errors.CodeBadRequest, fmt.Sprintf("failed to recognize given access: %q", access), err) } err = j.doCloudAdmin(ctx, user, ct, func(_ *dbmodel.Cloud, _ API) error { @@ -655,6 +676,14 @@ func (j *JIMM) RevokeCloudAccess(ctx context.Context, user *openfga.User, ct nam }) if err != nil { + zapctx.Error( + ctx, + "failed to revoke cloud access", + zaputil.Error(err), + zap.String("targetUser", string(ut.Id())), + zap.String("cloud", string(ct.Id())), + zap.String("access", string(access)), + ) return errors.E(op, err) } return nil diff --git a/internal/jimm/model.go b/internal/jimm/model.go index 07b566dcc..0a868ac8f 100644 --- a/internal/jimm/model.go +++ b/internal/jimm/model.go @@ -863,7 +863,13 @@ func (j *JIMM) GrantModelAccess(ctx context.Context, user *openfga.User, mt name targetRelation, err := ToModelRelation(string(access)) if err != nil { - return errors.E(op, errors.CodeBadRequest, "failed to recognize given access", err) + zapctx.Debug( + ctx, + "failed to recognize given access", + zaputil.Error(err), + zap.String("access", string(access)), + ) + return errors.E(op, errors.CodeBadRequest, fmt.Sprintf("failed to recognize given access: %q", access), err) } err = j.doModelAdmin(ctx, user, mt, func(_ *dbmodel.Model, _ API) error { @@ -906,6 +912,14 @@ func (j *JIMM) GrantModelAccess(ctx context.Context, user *openfga.User, mt name }) if err != nil { + zapctx.Error( + ctx, + "failed to grant model access", + zaputil.Error(err), + zap.String("targetUser", string(ut.Id())), + zap.String("model", string(mt.Id())), + zap.String("access", string(access)), + ) return errors.E(op, err) } return nil @@ -921,7 +935,13 @@ func (j *JIMM) RevokeModelAccess(ctx context.Context, user *openfga.User, mt nam targetRelation, err := ToModelRelation(string(access)) if err != nil { - return errors.E(op, errors.CodeBadRequest, "failed to recognize given access", err) + zapctx.Debug( + ctx, + "failed to recognize given access", + zaputil.Error(err), + zap.String("access", string(access)), + ) + return errors.E(op, errors.CodeBadRequest, fmt.Sprintf("failed to recognize given access: %q", access), err) } requiredAccess := "admin" @@ -981,6 +1001,14 @@ func (j *JIMM) RevokeModelAccess(ctx context.Context, user *openfga.User, mt nam }) if err != nil { + zapctx.Error( + ctx, + "failed to revoke model access", + zaputil.Error(err), + zap.String("targetUser", string(ut.Id())), + zap.String("model", string(mt.Id())), + zap.String("access", string(access)), + ) return errors.E(op, err) } return nil