diff --git a/agent/agent_endpoint.go b/agent/agent_endpoint.go index 7d6a19470a..02682e592d 100644 --- a/agent/agent_endpoint.go +++ b/agent/agent_endpoint.go @@ -921,7 +921,7 @@ func (s *HTTPServer) AgentConnectAuthorize(resp http.ResponseWriter, req *http.R if !ok { return &connectAuthorizeResp{ Authorized: false, - Reason: fmt.Sprintf("Client ID must be a valid SPIFFE service URI"), + Reason: "Client ID must be a valid SPIFFE service URI", }, nil } @@ -951,7 +951,7 @@ func (s *HTTPServer) AgentConnectAuthorize(resp http.ResponseWriter, req *http.R if auth, ok := uriService.Authorize(ixn); ok { return &connectAuthorizeResp{ Authorized: auth, - Reason: fmt.Sprintf("Matched intention %s", ixn.ID), + Reason: fmt.Sprintf("Matched intention: %s", ixn.String()), }, nil } } diff --git a/agent/structs/intention.go b/agent/structs/intention.go index fb83f85dab..d801635c92 100644 --- a/agent/structs/intention.go +++ b/agent/structs/intention.go @@ -164,6 +164,15 @@ func (x *Intention) GetACLPrefix() (string, bool) { return x.DestinationName, x.DestinationName != "" } +// String returns a human-friendly string for this intention. +func (x *Intention) String() string { + return fmt.Sprintf("%s %s/%s => %s/%s (ID: %s", + strings.ToUpper(string(x.Action)), + x.SourceNS, x.SourceName, + x.DestinationNS, x.DestinationName, + x.ID) +} + // IntentionAction is the action that the intention represents. This // can be "allow" or "deny" to whitelist or blacklist intentions. type IntentionAction string