[SERVER-46909] Log AWS STS error when AWS authentication fails Created: 17/Mar/20 Updated: 29/Oct/23 Resolved: 30/Mar/20 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Diagnostics |
| Affects Version/s: | 4.3.4 |
| Fix Version/s: | 4.4.0-rc1, 4.7.0 |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | Oleg Pudeyev (Inactive) | Assignee: | Sara Golemon |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||
| Backwards Compatibility: | Minor Change | ||||||||||||
| Backport Requested: |
v4.4
|
||||||||||||
| Sprint: | Security 2020-04-06 | ||||||||||||
| Participants: | |||||||||||||
| Description |
|
When I attempt to authenticate against MongoDB server 4.3.4 using AWS mechanism, if the request made by the server to STS fails I see entries like the following one in the server log:
If I make a request to the STS and it fails, the response contains information that helps troubleshoot the problem. For example the following are two of the responses I have received by talking to STS directly:
These are still rather cryptic but are much more helpful than only having the HTTP status code. Actual behavior: It appears that when a request to STS fails, the server does not log the response body or the extracted failure reason anywhere. Expected behavior: As a driver engineer implementing AWS authentication, I expect the server to log the full response body or the complete extracted failure reason in the logs so that I can effectively diagnose why authentication is not working. I imagine this logging will also be helpful to anyone who changes the STS endpoint that the server is using, in the event that a driver, for example, misdetects the region of the endpoint and subsequently creates the wrong signature. |
| Comments |
| Comment by Githook User [ 31/Mar/20 ] |
|
Author: {'name': 'Sara Golemon', 'email': 'sara.golemon@mongodb.com', 'username': 'sgolemon'}Message: (cherry picked from commit 21e92c8ce3ed881ae0c6eb9677a1c2e4bb0f5ec6) |
| Comment by Githook User [ 30/Mar/20 ] |
|
Author: {'name': 'Sara Golemon', 'email': 'sara.golemon@mongodb.com', 'username': 'sgolemon'}Message: |