[log] Add debug logging to DIFC policy helper functions#6501
Draft
github-actions[bot] wants to merge 1 commit into
Draft
[log] Add debug logging to DIFC policy helper functions#6501github-actions[bot] wants to merge 1 commit into
github-actions[bot] wants to merge 1 commit into
Conversation
Add logDifcLog calls to three helper functions that previously had no debug logging: - isSingularReadTool: log the tool name and classification result - buildDIFCSingleItemFilteredError: log description, policy label, and reason before constructing the error - difcPolicyLabel: log secrecy/integrity violation counts and total These helpers drive DIFC policy decisions and benefit from debug output when troubleshooting access-control behaviour. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds
logDifcLogdebug logging calls to three helper functions ininternal/server/difc_log.gothat previously had no debug logging:isSingularReadTool: logs the tool name and whether it's classified as a singular-read tool (vs. collection tool)buildDIFCSingleItemFilteredError: logs the item description, policy label, and reason before constructing the filtered-resource errordifcPolicyLabel: logs violation counts (secrecy, integrity, total) when determining the human-readable policy labelThese helpers are called during DIFC filtering decisions and the new debug log lines make it easier to trace policy outcomes when
DEBUG=server:difc_logis set.Changes
internal/server/difc_log.govar logDifcLog = logger.New("server:difc_log")loggerlogDifcLog.Printfcalls (3–7 target range)Validation
go build ./...✅go test ./internal/server/✅