Merge pull request #27 from raito-io/logging-update

Lowering unsupported messages to info level
raito-io · Dec 6, 2024 · 74484fb · 74484fb
2 parents ee16021 + b2a91bf
commit 74484fb
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 20 deletions.
diff --git a/aws/data_access/data_access_to_target_policy.go b/aws/data_access/data_access_to_target_policy.go
@@ -19,8 +19,6 @@ import (
 func (a *AccessToTargetSyncer) handlePolicy(ctx context.Context, policy *sync_to_target.AccessProvider, newName string) []string {
 	permissionSetsToProvision := set.NewSet[string]()
 
-	utils.Logger.Info(fmt.Sprintf("Generated policy name %q for grant %q", newName, policy.Name))
-
 	nameToDelete := ""
 	if policy.Delete {
 		nameToDelete = newName

diff --git a/aws/data_access/name_generator_test.go b/aws/data_access/name_generator_test.go
@@ -120,3 +120,12 @@ func TestNameGenerator_GenerateName(t *testing.T) {
 		})
 	}
 }
+
+func TestNameGenerator_GenerateActualName(t *testing.T) {
+	nameGenerator, err := NewNameGenerator("1234")
+	require.NoError(t, err)
+
+	name, err := nameGenerator.GenerateName(&sync_to_target.AccessProvider{Name: "someAp", NamingHint: "policy/CustomAccess"}, model.Policy)
+	require.NoError(t, err)
+	require.Equal(t, "policy_CustomAccess", name)
+}
diff --git a/aws/iam/aws_iam_policy_resolution.go b/aws/iam/aws_iam_policy_resolution.go
@@ -30,7 +30,7 @@ func CreateWhoAndWhatFromAccessPointPolicy(policy *awspolicy.Policy, bucketName
 	roles := set.NewSet[string]()
 
 	if len(policy.Statements) > 1 {
-		utils.Logger.Warn(fmt.Sprintf("UNSUPPORTED: Policy document for access point %q contains more than 1 statement.", name))
+		utils.Logger.Info(fmt.Sprintf("UNSUPPORTED: Policy document for access point %q contains more than 1 statement.", name))
 		return whoItem, []sync_from_target.WhatItem{}, true
 	}
 
@@ -71,7 +71,7 @@ func CreateWhoAndWhatFromAccessPointPolicy(policy *awspolicy.Policy, bucketName
 
 						resourceActions, incompleteResource = mapResourceActions(actions, data_source.Folder, cfg)
 					} else {
-						utils.Logger.Warn(fmt.Sprintf("UNSUPPORTED: Policy document for access point %q contains unknown resource reference %q. Unexpected access point path", name, resource))
+						utils.Logger.Info(fmt.Sprintf("UNSUPPORTED: Policy document for access point %q contains unknown resource reference %q. Unexpected access point path", name, resource))
 						localIncomplete = true
 
 						continue
@@ -96,17 +96,17 @@ func CreateWhoAndWhatFromAccessPointPolicy(policy *awspolicy.Policy, bucketName
 					permissionSet.Add(resourceActions...)
 
 					if !localIncomplete && incompleteResource {
-						utils.Logger.Warn(fmt.Sprintf("UNSUPPORTED: Policy document for access point %q contains unknown actions (%v).", name, actions))
+						utils.Logger.Info(fmt.Sprintf("UNSUPPORTED: Policy document for access point %q contains unknown actions (%v).", name, actions))
 						localIncomplete = true
 					}
 				} else {
-					utils.Logger.Warn(fmt.Sprintf("UNSUPPORTED: Policy document for access point %q contains unknown resource reference %q. Expected the path to start with %q", name, resource, prefix))
+					utils.Logger.Info(fmt.Sprintf("UNSUPPORTED: Policy document for access point %q contains unknown resource reference %q. Expected the path to start with %q", name, resource, prefix))
 					localIncomplete = true
 
 					continue
 				}
 			} else {
-				utils.Logger.Warn(fmt.Sprintf("UNSUPPORTED: Policy document for access point %q contains unknown resource reference %q.", name, resource))
+				utils.Logger.Info(fmt.Sprintf("UNSUPPORTED: Policy document for access point %q contains unknown resource reference %q.", name, resource))
 				localIncomplete = true
 
 				continue
@@ -146,7 +146,7 @@ func CreateWhoFromTrustPolicyDocument(policy *awspolicy.Policy, role string, acc
 
 				break
 			} else {
-				utils.Logger.Warn(fmt.Sprintf("UNSUPPORTED: Trust Policy action %q for role %q not recognized.", action, role))
+				utils.Logger.Info(fmt.Sprintf("UNSUPPORTED: Trust Policy action %q for role %q not recognized.", action, role))
 				localIncomplete = true
 			}
 		}
@@ -167,15 +167,15 @@ func handlePrincipal(p map[string][]string, awsAccount, errorPrefix string, user
 		if principalType == "AWS" {
 			for _, principal := range principals {
 				if strings.Contains(principal, "*") {
-					utils.Logger.Warn(fmt.Sprintf("UNSUPPORTED: %s contains wildcards in principal", errorPrefix))
+					utils.Logger.Info(fmt.Sprintf("UNSUPPORTED: %s contains wildcards in principal", errorPrefix))
 					localIncomplete = true
 
 					continue
 				}
 
 				resource, err := utils.ParseAndValidateArn(principal, &awsAccount, ptr.String("iam"))
 				if err != nil {
-					utils.Logger.Warn(fmt.Sprintf("UNSUPPORTED: %s contains invalid arn: %s", errorPrefix, err.Error()))
+					utils.Logger.Info(fmt.Sprintf("UNSUPPORTED: %s contains invalid arn: %s", errorPrefix, err.Error()))
 					localIncomplete = true
 
 					continue
@@ -187,7 +187,7 @@ func handlePrincipal(p map[string][]string, awsAccount, errorPrefix string, user
 					lastPart := parts[len(parts)-1]
 
 					if parts[1] == "*" {
-						utils.Logger.Warn(fmt.Sprintf("UNSUPPORTED: %s contains wildcard IAM resource %q.", errorPrefix, resource))
+						utils.Logger.Info(fmt.Sprintf("UNSUPPORTED: %s contains wildcard IAM resource %q.", errorPrefix, resource))
 						localIncomplete = true
 					} else if strings.EqualFold(parts[0], "user") {
 						users.Add(lastPart)
@@ -200,16 +200,16 @@ func handlePrincipal(p map[string][]string, awsAccount, errorPrefix string, user
 
 						roles.Add(constants.RoleTypePrefix + lastPart)
 					} else {
-						utils.Logger.Warn(fmt.Sprintf("UNSUPPORTED: %s contains unknown IAM resource %q.", errorPrefix, resource))
+						utils.Logger.Info(fmt.Sprintf("UNSUPPORTED: %s contains unknown IAM resource %q.", errorPrefix, resource))
 						localIncomplete = true
 					}
 				} else {
-					utils.Logger.Warn(fmt.Sprintf("UNSUPPORTED: %s contains unknown IAM resource %q.", errorPrefix, resource))
+					utils.Logger.Info(fmt.Sprintf("UNSUPPORTED: %s contains unknown IAM resource %q.", errorPrefix, resource))
 					localIncomplete = true
 				}
 			}
 		} else {
-			utils.Logger.Warn(fmt.Sprintf("UNSUPPORTED: %s contains unrecognized principal type %q.", errorPrefix, principalType))
+			utils.Logger.Info(fmt.Sprintf("UNSUPPORTED: %s contains unrecognized principal type %q.", errorPrefix, principalType))
 			localIncomplete = true
 
 			continue
@@ -229,21 +229,21 @@ func handleStatements(policy *awspolicy.Policy, name string, handler func(statem
 		effect := statement.Effect
 
 		if !strings.EqualFold(effect, "allow") {
-			utils.Logger.Warn(fmt.Sprintf("UNSUPPORTED: Policy document for %q has unknown effect statement %q.", name, effect))
+			utils.Logger.Info(fmt.Sprintf("UNSUPPORTED: Policy document for %q has unknown effect statement %q.", name, effect))
 			incomplete = true
 
 			continue
 		}
 
 		if len(statement.NotResource) > 0 || len(statement.NotPrincipal) > 0 || len(statement.NotAction) > 0 {
-			utils.Logger.Warn(fmt.Sprintf("UNSUPPORTED: Policy document for %q contains not-statements.", name))
+			utils.Logger.Info(fmt.Sprintf("UNSUPPORTED: Policy document for %q contains not-statements.", name))
 			incomplete = true
 
 			continue
 		}
 
 		if len(statement.Condition) > 0 {
-			utils.Logger.Warn(fmt.Sprintf("UNSUPPORTED: Policy document for %q contains conditions.", name))
+			utils.Logger.Info(fmt.Sprintf("UNSUPPORTED: Policy document for %q contains conditions.", name))
 			incomplete = true
 
 			continue
@@ -287,7 +287,7 @@ func CreateWhatFromPolicyDocument(policy *awspolicy.Policy, policyName string, a
 					fullName = account
 					resourceActions, incompleteResource = mapResourceActions(actions, data_source.Datasource, cfg)
 				} else if fullName == "accesspoint" || strings.HasPrefix(fullName, "accesspoint/") {
-					utils.Logger.Warn(fmt.Sprintf("UNSUPPORTED: Policy document for %q contains accesspoint resource reference %q which we'll ignore.", policyName, resource))
+					utils.Logger.Info(fmt.Sprintf("UNSUPPORTED: Policy document for %q contains accesspoint resource reference %q which we'll ignore.", policyName, resource))
 					localIncomplete = true
 
 					continue
@@ -321,7 +321,7 @@ func CreateWhatFromPolicyDocument(policy *awspolicy.Policy, policyName string, a
 				fullName = account
 				resourceActions, incompleteResource = mapResourceActions(actions, data_source.Datasource, cfg)
 			} else {
-				utils.Logger.Warn(fmt.Sprintf("UNSUPPORTED: Policy document for %q contains unknown resource reference %q.", policyName, resource))
+				utils.Logger.Info(fmt.Sprintf("UNSUPPORTED: Policy document for %q contains unknown resource reference %q.", policyName, resource))
 				localIncomplete = true
 
 				continue
@@ -336,7 +336,7 @@ func CreateWhatFromPolicyDocument(policy *awspolicy.Policy, policyName string, a
 			permissionSet.Add(resourceActions...)
 
 			if !localIncomplete && incompleteResource {
-				utils.Logger.Warn(fmt.Sprintf("UNSUPPORTED: Policy document for %q contains unknown actions (%v).", policyName, actions))
+				utils.Logger.Info(fmt.Sprintf("UNSUPPORTED: Policy document for %q contains unknown actions (%v).", policyName, actions))
 				localIncomplete = true
 			}
 		}