From 21437135ab3a8c9aa2fea99c48ab42eb45630941 Mon Sep 17 00:00:00 2001
From: Dmitry Tantsur <dtantsur@protonmail.com>
Date: Fri, 17 Mar 2023 13:19:57 +0100
Subject: Add error logging on lookup failures in the API

Lookup returns generic 404 errors for security reasons. Logging is
the only way of debugging any issues during it.

Change-Id: I860ed6b90468a403f0f6cdec9c3d84bc872fda06
---
 ironic/api/controllers/v1/ramdisk.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/ironic/api/controllers/v1/ramdisk.py b/ironic/api/controllers/v1/ramdisk.py
index 5feef5e02..b98eb7dc2 100644
--- a/ironic/api/controllers/v1/ramdisk.py
+++ b/ironic/api/controllers/v1/ramdisk.py
@@ -131,13 +131,17 @@ class LookupController(rest.RestController):
             else:
                 node = objects.Node.get_by_port_addresses(
                     api.request.context, valid_addresses)
-        except exception.NotFound:
+        except exception.NotFound as e:
             # NOTE(dtantsur): we are reraising the same exception to make sure
             # we don't disclose the difference between nodes that are not found
             # at all and nodes in a wrong state by different error messages.
+            LOG.error('No node has been found during lookup: %s', e)
             raise exception.NotFound()
 
         if CONF.api.restrict_lookup and not self.lookup_allowed(node):
+            LOG.error('Lookup is not allowed for node %(node)s in the '
+                      'provision state %(state)s',
+                      {'node': node.uuid, 'state': node.provision_state})
             raise exception.NotFound()
 
         if api_utils.allow_agent_token():
-- 
cgit v1.2.1