[git] improved logging in GitHub token verification (#4479)

JanKoehnlein · web-flow · commit 84cf4a16fd84 · 2021-06-11T13:22:56.000+02:00
see #4478
diff --git a/components/gitpod-cli/cmd/git-token-validator.go b/components/gitpod-cli/cmd/git-token-validator.go
@@ -88,12 +88,19 @@ var gitTokenValidator = &cobra.Command{
 				User:   gitTokenValidatorOpts.User,
 			},
 		}
+		log.WithField("host", gitTokenValidatorOpts.Host).
+			WithField("repoURL", gitTokenValidatorOpts.RepoURL).
+			WithField("command", gitTokenValidatorOpts.GitCommand).
+			WithField("user", gitTokenValidatorOpts.User).
+			WithField("tokenScopes", gitTokenValidatorOpts.TokenScopes).
+			Info("guessing required token scopes")
 		guessedTokenScopes, err := client.GuessGitTokenScopes(ctx, params)
 		if err != nil {
 			log.WithError(err).Fatal("error guessing token scopes on server")
 		}
 		if guessedTokenScopes.Message != "" {
 			message := fmt.Sprintf("%s Please grant the necessary permissions.", guessedTokenScopes.Message)
+			log.WithField("guessedTokenScopes", guessedTokenScopes.Scopes).Info("insufficient permissions")
 			result, err := supervisor.NewNotificationServiceClient(supervisorConn).Notify(ctx,
 				&supervisor.NotifyRequest{
 					Level:   supervisor.NotifyRequest_INFO,
diff --git a/components/server/src/github/github-token-validator.ts b/components/server/src/github/github-token-validator.ts
@@ -7,6 +7,7 @@
 import { inject, injectable } from "inversify";
 import { CheckWriteAccessResult, IGitTokenValidator, IGitTokenValidatorParams } from "../workspace/git-token-validator";
 import { GitHubApiError, GitHubGraphQlEndpoint, GitHubRestApi, GitHubResult } from "./api";
+import { log } from '@gitpod/gitpod-protocol/lib/util/logging';
 
 @injectable()
 export class GitHubTokenValidator implements IGitTokenValidator {
@@ -28,6 +29,7 @@ export class GitHubTokenValidator implements IGitTokenValidator {
 			if (GitHubApiError.is(error) && error.response?.status === 404) {
 				return { found: false };
 			}
+			log.error('Error getting repo information from GitHub', error, { repoFullName, parsedRepoName })
 			return { found: false, error };
 		}
 
@@ -61,6 +63,7 @@ export class GitHubTokenValidator implements IGitTokenValidator {
 				if (errors && errors[0] && (errors[0] as any)["type"] === "FORBIDDEN") {
 					writeAccessToRepo = false;
 				} else {
+					log.error('Error getting organization information from GitHub', error, { org: parsedRepoName.owner })
 					throw error;
 				}
 			}

Original file line number	Diff line number	Diff line change
`@@ -7,6 +7,7 @@`
`7`	`7`	`import { inject, injectable } from "inversify";`
`8`	`8`	`import { CheckWriteAccessResult, IGitTokenValidator, IGitTokenValidatorParams } from "../workspace/git-token-validator";`
`9`	`9`	`import { GitHubApiError, GitHubGraphQlEndpoint, GitHubRestApi, GitHubResult } from "./api";`
	`10`	`+import { log } from '@gitpod/gitpod-protocol/lib/util/logging';`
`10`	`11`
`11`	`12`	`@injectable()`
`12`	`13`	`export class GitHubTokenValidator implements IGitTokenValidator {`
`@@ -28,6 +29,7 @@ export class GitHubTokenValidator implements IGitTokenValidator {`
`28`	`29`	`if (GitHubApiError.is(error) && error.response?.status === 404) {`
`29`	`30`	`return { found: false };`
`30`	`31`	`}`
	`32`	`+ log.error('Error getting repo information from GitHub', error, { repoFullName, parsedRepoName })`
`31`	`33`	`return { found: false, error };`
`32`	`34`	`}`
`33`	`35`
`@@ -61,6 +63,7 @@ export class GitHubTokenValidator implements IGitTokenValidator {`
`61`	`63`	`if (errors && errors[0] && (errors[0] as any)["type"] === "FORBIDDEN") {`
`62`	`64`	`writeAccessToRepo = false;`
`63`	`65`	`} else {`
	`66`	`+ log.error('Error getting organization information from GitHub', error, { org: parsedRepoName.owner })`
`64`	`67`	`throw error;`
`65`	`68`	`}`
`66`	`69`	`}`