diff --git a/streaming_status/app.py b/streaming_status/app.py index 4623b5f..c7d97dc 100644 --- a/streaming_status/app.py +++ b/streaming_status/app.py @@ -53,7 +53,7 @@ def get_request_provider(app: APIGatewayHttpResolver) -> str | None: if auth.has_permission(Permission.providers_read): provider = requested_provider - else: + elif auth.is_provider(): groups = auth.group_memberships() if not groups: raise AppError.invalid_argument("missing groups") @@ -61,7 +61,11 @@ def get_request_provider(app: APIGatewayHttpResolver) -> str | None: provider = requested_provider or groups[0] if provider not in groups: raise AppError.invalid_argument(f"provider not in groups: {provider}") + else: + provider = None + # cached so will be logged once + logger.info("request for provider %s", provider) return provider @@ -82,30 +86,20 @@ def get_request_organization(app: APIGatewayHttpResolver) -> str | None: if organization not in groups: raise AppError.invalid_argument(f"organization not in groups: {organization}") + # cached so will be logged once + logger.info("request for organization %s", organization) return organization -def _offline_pass_provider(route): - @functools.wraps(route) - def wrapper(*args, **kwargs): - requested_provider = app.current_event.get_query_string_value("provider") - return route(*args, **kwargs, provider=requested_provider) - - return wrapper - - def pass_provider(route): """Decorator for passing the selected provider to a route based on the current event. The decorated route must accept a keyword argument named `provider`. """ - # if config.is_offline: - # return _offline_pass_provider(route) @functools.wraps(route) def wrapper(*args, **kwargs): provider = get_request_provider(app) - logger.info("request for provider %s", provider) logger.append_keys(provider=provider) return route(*args, **kwargs, provider=provider) @@ -327,6 +321,11 @@ def me(): "permissions": auth.get_permissions(), "name": auth.name(), "group": repo._canonicalize_group_name(group), + **( + {"provider": get_request_provider(app), "organization": get_request_organization(app)} + if config.is_offline + else {} + ), } diff --git a/streaming_status/auth.py b/streaming_status/auth.py index 4d018dd..1ea0627 100644 --- a/streaming_status/auth.py +++ b/streaming_status/auth.py @@ -105,6 +105,10 @@ def _roles(self) -> list[str]: def is_admin(self) -> bool: return Role.admin in self._roles() + def is_provider(self) -> bool: + roles = self._roles() + return Role.installer in roles or Role.external_installer in roles + def has_permission(self, *permissions: Permission) -> bool: current_permissions = self.get_permissions() return all(current_permissions[permission] for permission in permissions) diff --git a/streaming_status/data_sources/device_ledger.py b/streaming_status/data_sources/device_ledger.py index 1c716c3..ed7e57c 100644 --- a/streaming_status/data_sources/device_ledger.py +++ b/streaming_status/data_sources/device_ledger.py @@ -8,6 +8,7 @@ from ..config import config from ..errors import AppError from ..model import DeviceCustomLabel +from ..utils import logger dynamodb = boto3.resource("dynamodb", region_name=config.device_ledger_table_region) @@ -266,6 +267,7 @@ def _scan_table( if page_size: parameters["Limit"] = page_size + logger.debug("running scan on table %s with params %s", config.device_ledger_table_name, parameters) result = dynamodb.Table(config.device_ledger_table_name).scan(**parameters) result_size += collector(result) # type: ignore diff --git a/streaming_status/data_sources/fleet_index.py b/streaming_status/data_sources/fleet_index.py index 03d0650..7085a7a 100644 --- a/streaming_status/data_sources/fleet_index.py +++ b/streaming_status/data_sources/fleet_index.py @@ -48,7 +48,7 @@ def list_devices( if page_size is not None: request_params["maxResults"] = page_size - logger.info("search index query: %s", query) + logger.debug("search index query: %s", query) fleet_result = iot_client.search_index(queryString=query, **request_params) return fleet_result.get("nextToken"), fleet_result.get("things") or []