[log] Add debug logging to guard policy JSON unmarshaling#3733
Merged
Conversation
Add 5 targeted logGuardPolicy calls to previously unlogged functions: - GuardPolicy.UnmarshalJSON: log parsed key count and resolved policy type - AllowOnlyPolicy.UnmarshalJSON: log field count on entry and parsed fields on success - normalizeAndValidateScopeArray: log scope entry count before validation All logging uses the existing logGuardPolicy logger and pre-computed values only — no side effects in logger arguments. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Adds additional debug logging to the guard policy JSON unmarshaling and scope validation path to improve troubleshooting of malformed or unexpected DIFC guard policy configurations during config load.
Changes:
- Log decoded top-level key count and resolved policy type during
GuardPolicy.UnmarshalJSON. - Log decoded field count and parsed values during
AllowOnlyPolicy.UnmarshalJSON. - Log scope entry count at the start of
normalizeAndValidateScopeArray.
Show a summary per file
| File | Description |
|---|---|
internal/config/guard_policy.go |
Adds targeted debug logs around guard policy JSON decoding and scope validation to improve observability during config parsing. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 1/1 changed files
- Comments generated: 1
| return fmt.Errorf("allow-only must include min-integrity") | ||
| } | ||
|
|
||
| logGuardPolicy.Printf("UnmarshalJSON: allow-only policy parsed, repos=%T, minIntegrity=%s", p.Repos, p.MinIntegrity) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds 5 targeted
logGuardPolicydebug log calls tointernal/config/guard_policy.go— previously unlogged but important functions in the DIFC guard policy parsing pipeline.Changes
File:
internal/config/guard_policy.goThree functions now have debug logging:
GuardPolicy.UnmarshalJSONallow-onlyvswrite-sink) before returningAllowOnlyPolicy.UnmarshalJSONrepostype andminIntegrityvalue on successful parsenormalizeAndValidateScopeArrayQuality
logGuardPolicy = logger.New("config:guard_policy")logger — no new declaration addedpkg:filenameconvention (already established in the file)len(raw),p.MinIntegrity, etc.)Context
guard_policy.gois 800 lines with complex DIFC guard policy parsing/validation logic. TheUnmarshalJSONfunctions are called during gateway startup and whenever policy JSON is parsed. These are the first places where malformed configs would fail, making entry/exit logging particularly useful for diagnosing configuration issues.