From 23fff6a7c6467dfd81ce61164d2a9c76166bc7d8 Mon Sep 17 00:00:00 2001
From: Jan Koehnlein <jan@gitpod.io>
Date: Fri, 11 Jun 2021 07:34:03 +0000
Subject: [PATCH] [git] improved logging in GitHub token verification

see #4478
---
 components/gitpod-cli/cmd/git-token-validator.go       | 7 +++++++
 components/server/src/github/github-token-validator.ts | 3 +++
 2 files changed, 10 insertions(+)

diff --git a/components/gitpod-cli/cmd/git-token-validator.go b/components/gitpod-cli/cmd/git-token-validator.go
index 12065a3e2b3f6c..9b6a5040454f68 100644
--- a/components/gitpod-cli/cmd/git-token-validator.go
+++ b/components/gitpod-cli/cmd/git-token-validator.go
@@ -88,12 +88,19 @@ var gitTokenValidator = &cobra.Command{
 				User:   gitTokenValidatorOpts.User,
 			},
 		}
+		log.WithField("host", gitTokenValidatorOpts.Host).
+			WithField("repoURL", gitTokenValidatorOpts.RepoURL).
+			WithField("command", gitTokenValidatorOpts.GitCommand).
+			WithField("user", gitTokenValidatorOpts.User).
+			WithField("tokenScopes", gitTokenValidatorOpts.TokenScopes).
+			Info("guessing required token scopes")
 		guessedTokenScopes, err := client.GuessGitTokenScopes(ctx, params)
 		if err != nil {
 			log.WithError(err).Fatal("error guessing token scopes on server")
 		}
 		if guessedTokenScopes.Message != "" {
 			message := fmt.Sprintf("%s Please grant the necessary permissions.", guessedTokenScopes.Message)
+			log.WithField("guessedTokenScopes", guessedTokenScopes.Scopes).Info("insufficient permissions")
 			result, err := supervisor.NewNotificationServiceClient(supervisorConn).Notify(ctx,
 				&supervisor.NotifyRequest{
 					Level:   supervisor.NotifyRequest_INFO,
diff --git a/components/server/src/github/github-token-validator.ts b/components/server/src/github/github-token-validator.ts
index 8b606f140d68fa..27290616cb27c0 100644
--- a/components/server/src/github/github-token-validator.ts
+++ b/components/server/src/github/github-token-validator.ts
@@ -7,6 +7,7 @@
 import { inject, injectable } from "inversify";
 import { CheckWriteAccessResult, IGitTokenValidator, IGitTokenValidatorParams } from "../workspace/git-token-validator";
 import { GitHubApiError, GitHubGraphQlEndpoint, GitHubRestApi, GitHubResult } from "./api";
+import { log } from '@gitpod/gitpod-protocol/lib/util/logging';
 
 @injectable()
 export class GitHubTokenValidator implements IGitTokenValidator {
@@ -28,6 +29,7 @@ export class GitHubTokenValidator implements IGitTokenValidator {
 			if (GitHubApiError.is(error) && error.response?.status === 404) {
 				return { found: false };
 			}
+			log.error('Error getting repo information from GitHub', error, { repoFullName, parsedRepoName })
 			return { found: false, error };
 		}
 
@@ -61,6 +63,7 @@ export class GitHubTokenValidator implements IGitTokenValidator {
 				if (errors && errors[0] && (errors[0] as any)["type"] === "FORBIDDEN") {
 					writeAccessToRepo = false;
 				} else {
+					log.error('Error getting organization information from GitHub', error, { org: parsedRepoName.owner })
 					throw error;
 				}
 			}