From 794bd1cdb34aad76f6a0b21049bcbe491a5be0fb Mon Sep 17 00:00:00 2001 From: Roman Gershman Date: Mon, 18 Nov 2024 23:14:14 +0200 Subject: [PATCH] chore: tune logs and improve restrict denied error (#4145) 1. Now error stats show "restrict_denied" instead of "Cannot execute restricted command ..." error. 2. Increased verbosity level when loading a key with expired timestamp. 3. pulled helio with better logs coverage of tls_socket.cc code. Signed-off-by: Roman Gershman --- helio | 2 +- src/facade/error.h | 1 + src/facade/facade.cc | 1 + src/server/main_service.cc | 4 ++-- src/server/rdb_load.cc | 2 +- 5 files changed, 6 insertions(+), 4 deletions(-) diff --git a/helio b/helio index 438c86139..e6f69f118 160000 --- a/helio +++ b/helio @@ -1 +1 @@ -Subproject commit 438c86139eac2e6400f2aae1d46cff03b31c166f +Subproject commit e6f69f118a1af4d677d0ef8a2da3f0b50fcc7cef diff --git a/src/facade/error.h b/src/facade/error.h index 5b0c4ea6e..c480adbb6 100644 --- a/src/facade/error.h +++ b/src/facade/error.h @@ -42,5 +42,6 @@ extern const char kScriptErrType[]; extern const char kConfigErrType[]; extern const char kSearchErrType[]; extern const char kWrongTypeErrType[]; +extern const char kRestrictDenied[]; } // namespace facade diff --git a/src/facade/facade.cc b/src/facade/facade.cc index 1d3501d56..763cfd3bd 100644 --- a/src/facade/facade.cc +++ b/src/facade/facade.cc @@ -103,6 +103,7 @@ const char kScriptErrType[] = "script_error"; const char kConfigErrType[] = "config_error"; const char kSearchErrType[] = "search_error"; const char kWrongTypeErrType[] = "wrong_type"; +const char kRestrictDenied[] = "restrict_denied"; const char* RespExpr::TypeName(Type t) { switch (t) { diff --git a/src/server/main_service.cc b/src/server/main_service.cc index 7d872d01c..da1dcde7c 100644 --- a/src/server/main_service.cc +++ b/src/server/main_service.cc @@ -1028,9 +1028,9 @@ std::optional Service::VerifyCommandState(const CommandId* cid, CmdA // If there is no connection owner, it means the command it being called // from another command or used internally, therefore is always permitted. if (dfly_cntx.conn() != nullptr && !dfly_cntx.conn()->IsPrivileged() && cid->IsRestricted()) { - VLOG(1) << "Non-admin attempt to execute " << cid->name() << " " + VLOG(1) << "Non-admin attempt to execute " << cid->name() << " " << tail_args << " " << ConnectionLogContext(dfly_cntx.conn()); - return ErrorReply{"Cannot execute restricted command (admin only)"}; + return ErrorReply{"Cannot execute restricted command (admin only)", kRestrictDenied}; } if (auto err = cid->Validate(tail_args); err) diff --git a/src/server/rdb_load.cc b/src/server/rdb_load.cc index a0098dfa0..0b889fc4f 100644 --- a/src/server/rdb_load.cc +++ b/src/server/rdb_load.cc @@ -2733,7 +2733,7 @@ void RdbLoader::LoadItemsBuffer(DbIndex db_ind, const ItemsBuf& ib) { } if (item->expire_ms > 0 && db_cntx.time_now_ms >= item->expire_ms) { - VLOG(1) << "Expire key on load: " << item->key; + VLOG(2) << "Expire key on load: " << item->key; continue; }