change cldsrv for more inputs

config.json

@@ -60,7 +60,7 @@
     },
     "clusters": 1,
     "log": {
-        "logLevel": "info",
+        "logLevel": "trace",
         "dumpLevel": "error"
     },
     "healthChecks": {

lib/api/api.js

@@ -146,6 +146,7 @@ const api = {
 
         const requestContexts = prepareRequestContexts(apiMethod, request,
             sourceBucket, sourceObject, sourceVersionId);
+        log.info('requestContexts', { requestContexts });
         // Extract all the _apiMethods and store them in an array
         const apiMethods = requestContexts ? requestContexts.map(context => context._apiMethod) : [];
         // Attach the names to the current request
@@ -165,6 +166,7 @@ const api = {
                 // TODO add support for returnTagCount in the bucket policy
                 // checks
                 isImplicitDeny[authResults[0].action] = authResults[0].isImplicit;
+                log.info('isImplicitDeny', { authResults });
                 // second item checks s3:GetObject(Version)Tagging action
                 if (!authResults[1].isAllowed) {
                     log.trace('get tagging authorization denial ' +
@@ -173,6 +175,7 @@ const api = {
                 }
             } else {
                 for (let i = 0; i < authResults.length; i++) {
+                    log.info('authResults', { authResults });
                     isImplicitDeny[authResults[i].action] = true;
                     if (!authResults[i].isAllowed && !authResults[i].isImplicit) {
                         // Any explicit deny rejects the current API call

lib/api/multiObjectDelete.js

@@ -571,7 +571,9 @@ function multiObjectDelete(authInfo, request, log, callback) {
             };
             return vault.checkPolicies(requestContextParams, authInfo.getArn(),
                 log, (err, authorizationResults) => {
+                    log.info('received authorization results', { authorizationResults });
                     // there were no policies so received a blanket AccessDenied
+                    log.info("checking error", { err });
                     if (err?.is.AccessDenied) {
                         objects.forEach(entry => {
                             errorResults.push({
@@ -588,6 +590,8 @@ function multiObjectDelete(authInfo, request, log, callback) {
                         });
                         return next(err);
                     }
+                    log.info('authorization results', { authorizationResults });
+                    log.info("checking condition", { condition: objects.length !== authorizationResults.length })
                     if (objects.length !== authorizationResults.length) {
                         log.error('vault did not return correct number of ' +
                         'authorization results', {
@@ -604,8 +608,10 @@ function multiObjectDelete(authInfo, request, log, callback) {
                         acc[apiMethod] = curr.isImplicit;
                         return acc;
                     }, {});
+                    log.info("actionImplicitDenies", { actionImplicitDenies });
                     for (let i = 0; i < authorizationResults.length; i++) {
                         const result = authorizationResults[i];
+                        log.info('checking authorization result', result);
                         // result is { isAllowed: true,
                         // arn: arn:aws:s3:::bucket/object,
                         // versionId: sampleversionId } unless not allowed