diff --git a/server/events/command_runner.go b/server/events/command_runner.go index a56ecf67c2..bf8d6e1d32 100644 --- a/server/events/command_runner.go +++ b/server/events/command_runner.go @@ -263,6 +263,7 @@ func (c *DefaultCommandRunner) checkUserPermissions(repo models.Repo, user model } ok := c.TeamAllowlistChecker.IsCommandAllowedForAnyTeam(ctx, user.Teams, cmdName) if !ok { + ctx.Log.Info("User '%s' in team '%s' does not have permissions to execute the '%s' command", user.Username, user.Teams, cmdName) return false, nil } return true, nil diff --git a/server/events/external_team_allowlist_checker.go b/server/events/external_team_allowlist_checker.go index 9f3fe419ef..491d3a6bc3 100644 --- a/server/events/external_team_allowlist_checker.go +++ b/server/events/external_team_allowlist_checker.go @@ -23,20 +23,32 @@ func (checker *ExternalTeamAllowlistChecker) IsCommandAllowedForTeam(ctx models. cmd := checker.buildCommandString(ctx, []string{team}, command) out, err := checker.ExternalTeamAllowlistRunner.Run(ctx, "sh", "-c", cmd) if err != nil { + ctx.Log.Err("Command '%s' error '%s'", cmd, err) return false } - return checker.checkOutputResults(out) + outputResults := checker.checkOutputResults(out) + if !outputResults { + ctx.Log.Info("command '%s' returns '%s'", cmd, out) + } + + return outputResults } func (checker *ExternalTeamAllowlistChecker) IsCommandAllowedForAnyTeam(ctx models.TeamAllowlistCheckerContext, teams []string, command string) bool { cmd := checker.buildCommandString(ctx, teams, command) out, err := checker.ExternalTeamAllowlistRunner.Run(ctx, "sh", "-c", cmd) if err != nil { + ctx.Log.Err("Command '%s' error '%s'", cmd, err) return false } - return checker.checkOutputResults(out) + outputResults := checker.checkOutputResults(out) + if !outputResults { + ctx.Log.Info("command '%s' returns '%s'", cmd, out) + } + + return outputResults } func (checker *ExternalTeamAllowlistChecker) buildCommandString(ctx models.TeamAllowlistCheckerContext, teams []string, command string) string {