From 5871c1e2d0baa937cf321b1a0ca13fc43f0aec74 Mon Sep 17 00:00:00 2001 From: sindhuba <122321535+sindhuba@users.noreply.github.com> Date: Wed, 10 Jul 2024 10:16:05 -0700 Subject: [PATCH] Add more logs for RBAC (#1906) * Fix API endpoint for CassandraProxy query API * activate Mongo Proxy and Cassandra Proxy in Prod * Add CP Prod endpoint * Run npm format and tests * Revert code * fix bug that blocked local mongo proxy and cassandra proxy development * Add prod endpoint * fix pr check tests * Remove prod * Remove prod endpoint * Remove dev endpoint * Support data plane RBAC * Support data plane RBAC * Add additional changes for Portal RBAC functionality * Remove unnecessary code * Remove unnecessary code * Add code to fix VCoreMongo/PG bug * Address feedback * Add more logs for RBAC feature * Add more logs for RBAC features --------- Co-authored-by: Asier Isayas --- src/Common/CosmosClient.ts | 6 +++ src/hooks/useKnockoutExplorer.ts | 74 +++++++++++++++++++++++++++++++- 2 files changed, 79 insertions(+), 1 deletion(-) diff --git a/src/Common/CosmosClient.ts b/src/Common/CosmosClient.ts index b194bb7af..7e8a7f04c 100644 --- a/src/Common/CosmosClient.ts +++ b/src/Common/CosmosClient.ts @@ -11,6 +11,7 @@ import { logConsoleError } from "../Utils/NotificationConsoleUtils"; import * as PriorityBasedExecutionUtils from "../Utils/PriorityBasedExecutionUtils"; import { EmulatorMasterKey, HttpHeaders } from "./Constants"; import { getErrorMessage } from "./ErrorHandlingUtils"; +import * as Logger from "../Common/Logger"; const _global = typeof self === "undefined" ? window : self; @@ -21,6 +22,10 @@ export const tokenProvider = async (requestInfo: Cosmos.RequestInfo) => { userContext.features.enableAadDataPlane && userContext.databaseAccount.properties.disableLocalAuth; const dataPlaneRBACOptionEnabled = userContext.dataPlaneRbacEnabled && userContext.apiType === "SQL"; if (aadDataPlaneFeatureEnabled || (!userContext.features.enableAadDataPlane && dataPlaneRBACOptionEnabled)) { + Logger.logInfo( + `AAD Data Plane Feature flag set to ${userContext.features.enableAadDataPlane} for account with disable local auth ${userContext.databaseAccount.properties.disableLocalAuth} `, + "Explorer/tokenProvider", + ); if (!userContext.aadToken) { logConsoleError( `AAD token does not exist. Please use "Login for Entra ID" prior to performing Entra ID RBAC operations`, @@ -80,6 +85,7 @@ export const tokenProvider = async (requestInfo: Cosmos.RequestInfo) => { } if (userContext.masterKey) { + Logger.logInfo(`Master Key exists`, "Explorer/tokenProvider"); // TODO This SDK method mutates the headers object. Find a better one or fix the SDK. await Cosmos.setAuthorizationTokenHeaderUsingMasterKey( verb, diff --git a/src/hooks/useKnockoutExplorer.ts b/src/hooks/useKnockoutExplorer.ts index 38fb612c4..22cc0b51d 100644 --- a/src/hooks/useKnockoutExplorer.ts +++ b/src/hooks/useKnockoutExplorer.ts @@ -43,6 +43,7 @@ import { isInvalidParentFrameOrigin, shouldProcessMessage } from "../Utils/Messa import { listKeys } from "../Utils/arm/generatedClients/cosmos/databaseAccounts"; import { applyExplorerBindings } from "../applyExplorerBindings"; import { useDataPlaneRbac } from "Explorer/Panes/SettingsPane/SettingsPane"; +import * as Logger from "../Common/Logger"; // This hook will create a new instance of Explorer.ts and bind it to the DOM // This hook has a LOT of magic, but ideally we can delete it once we have removed KO and switched entirely to React @@ -275,26 +276,55 @@ async function configureHostedWithAAD(config: AAD): Promise { updateUserContext({ databaseAccount: config.databaseAccount, }); - + Logger.logInfo( + `Configuring Data Explorer for ${userContext.apiType} account ${account.name}`, + "Explorer/configureHostedWithAAD", + ); if (!userContext.features.enableAadDataPlane) { + Logger.logInfo(`AAD Feature flag is not enabled for account ${account.name}`, "Explorer/configureHostedWithAAD"); if (userContext.apiType === "SQL") { if (LocalStorageUtility.hasItem(StorageKey.DataPlaneRbacEnabled)) { const isDataPlaneRbacSetting = LocalStorageUtility.getEntryString(StorageKey.DataPlaneRbacEnabled); + Logger.logInfo( + `Local storage RBAC setting for ${userContext.apiType} account ${account.name} is ${isDataPlaneRbacSetting}`, + "Explorer/configureHostedWithAAD", + ); let dataPlaneRbacEnabled; if (isDataPlaneRbacSetting === Constants.RBACOptions.setAutomaticRBACOption) { dataPlaneRbacEnabled = account.properties.disableLocalAuth; + Logger.logInfo( + `Data Plane RBAC value for ${userContext.apiType} account ${account.name} with disable local auth set to ${account.properties.disableLocalAuth} is ${dataPlaneRbacEnabled}`, + "Explorer/configureHostedWithAAD", + ); } else { dataPlaneRbacEnabled = isDataPlaneRbacSetting === Constants.RBACOptions.setTrueRBACOption; + Logger.logInfo( + `Data Plane RBAC value for ${userContext.apiType} account ${account.name} with disable local auth set to ${account.properties.disableLocalAuth} is ${dataPlaneRbacEnabled}`, + "Explorer/configureHostedWithAAD", + ); } if (!dataPlaneRbacEnabled) { + Logger.logInfo( + `Calling fetch keys for ${userContext.apiType} account ${account.name} with RBAC setting ${dataPlaneRbacEnabled}`, + "Explorer/configureHostedWithAAD", + ); await fetchAndUpdateKeys(subscriptionId, resourceGroup, account.name); } updateUserContext({ dataPlaneRbacEnabled }); } else { const dataPlaneRbacEnabled = account.properties.disableLocalAuth; + Logger.logInfo( + `Local storage setting does not exist : Data Plane RBAC value for ${userContext.apiType} account ${account.name} with disable local auth set to ${account.properties.disableLocalAuth} is ${dataPlaneRbacEnabled}`, + "Explorer/configureHostedWithAAD", + ); + if (!dataPlaneRbacEnabled) { + Logger.logInfo( + `Fetching keys for ${userContext.apiType} account ${account.name} with RBAC setting ${dataPlaneRbacEnabled}`, + "Explorer/configureHostedWithAAD", + ); await fetchAndUpdateKeys(subscriptionId, resourceGroup, account.name); } @@ -302,10 +332,22 @@ async function configureHostedWithAAD(config: AAD): Promise { useDataPlaneRbac.setState({ dataPlaneRbacEnabled: dataPlaneRbacEnabled }); } } else { + Logger.logInfo( + `Fetching keys for ${userContext.apiType} account ${account.name}`, + "Explorer/configureHostedWithAAD", + ); await fetchAndUpdateKeys(subscriptionId, resourceGroup, account.name); } } else { + Logger.logInfo( + `AAD Feature flag is enabled for account ${account.name} with disable local auth set to ${account.properties.disableLocalAuth} `, + "Explorer/configureHostedWithAAD", + ); if (!account.properties.disableLocalAuth) { + Logger.logInfo( + `Fetching keys for ${userContext.apiType} account ${account.name} with AAD data plane feature enabled`, + "Explorer/configureHostedWithAAD", + ); await fetchAndUpdateKeys(subscriptionId, resourceGroup, account.name); } } @@ -425,13 +467,23 @@ function configureEmulator(): Explorer { async function fetchAndUpdateKeys(subscriptionId: string, resourceGroup: string, account: string) { try { + Logger.logInfo(`Fetching keys for ${userContext.apiType} account ${account}`, "Explorer/fetchAndUpdateKeys"); const keys = await listKeys(subscriptionId, resourceGroup, account); + Logger.logInfo(`Keys fetched for ${userContext.apiType} account ${account}`, "Explorer/fetchAndUpdateKeys"); updateUserContext({ masterKey: keys.primaryMasterKey, }); + Logger.logInfo( + `User context updated with Master key for ${userContext.apiType} account ${account}`, + "Explorer/fetchAndUpdateKeys", + ); } catch (error) { console.error("Error during fetching keys or updating user context:", error); + Logger.logError( + `Error during fetching keys or updating user context: ${error} for ${userContext.apiType} account ${account}`, + "Explorer/fetchAndUpdateKeys", + ); throw error; } } @@ -498,6 +550,10 @@ async function configurePortal(): Promise { if (userContext.apiType === "SQL") { if (LocalStorageUtility.hasItem(StorageKey.DataPlaneRbacEnabled)) { const isDataPlaneRbacSetting = LocalStorageUtility.getEntryString(StorageKey.DataPlaneRbacEnabled); + Logger.logInfo( + `Local storage RBAC setting for ${userContext.apiType} account ${account.name} is ${isDataPlaneRbacSetting}`, + "Explorer/configurePortal", + ); if (isDataPlaneRbacSetting === Constants.RBACOptions.setAutomaticRBACOption) { dataPlaneRbacEnabled = account.properties.disableLocalAuth; @@ -505,16 +561,32 @@ async function configurePortal(): Promise { dataPlaneRbacEnabled = isDataPlaneRbacSetting === Constants.RBACOptions.setTrueRBACOption; } } else { + Logger.logInfo( + `Local storage does not exist for ${userContext.apiType} account ${account.name} with disable local auth set to ${account.properties.disableLocalAuth} is ${dataPlaneRbacEnabled}`, + "Explorer/configurePortal", + ); dataPlaneRbacEnabled = account.properties.disableLocalAuth; } + Logger.logInfo( + `Data Plane RBAC value for ${userContext.apiType} account ${account.name} with disable local auth set to ${account.properties.disableLocalAuth} is ${dataPlaneRbacEnabled}`, + "Explorer/configurePortal", + ); if (!dataPlaneRbacEnabled) { + Logger.logInfo( + `Calling fetch keys for ${userContext.apiType} account ${account.name}`, + "Explorer/configurePortal", + ); await fetchAndUpdateKeys(subscriptionId, resourceGroup, account.name); } updateUserContext({ dataPlaneRbacEnabled }); useDataPlaneRbac.setState({ dataPlaneRbacEnabled: dataPlaneRbacEnabled }); } else if (userContext.apiType !== "Postgres" && userContext.apiType !== "VCoreMongo") { + Logger.logInfo( + `Calling fetch keys for ${userContext.apiType} account ${account.name}`, + "Explorer/configurePortal", + ); await fetchAndUpdateKeys(subscriptionId, resourceGroup, account.name); }