From 40fbaea81a21c9ccf22eb1a71c491cea9077d082 Mon Sep 17 00:00:00 2001
From: Jacob Tomlinson <jacobtomlinson@users.noreply.github.com>
Date: Mon, 6 Jan 2025 11:52:57 +0000
Subject: [PATCH] Add debug logging to troubleshoot auth issues (#542)

Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
---
 kr8s/_api.py  | 3 +++
 kr8s/_auth.py | 6 ++++++
 2 files changed, 9 insertions(+)

diff --git a/kr8s/_api.py b/kr8s/_api.py
index 490910b..3ced1dd 100644
--- a/kr8s/_api.py
+++ b/kr8s/_api.py
@@ -171,6 +171,9 @@ async def call_api(
                 # If we get a 401 or 403 our credentials may have expired so we
                 # reauthenticate and try again a few times before giving up.
                 if e.response.status_code in (401, 403) and auth_attempts < 3:
+                    logger.debug(
+                        f"Unauthorized {e.response.status_code} error, reauthenticating attempt {auth_attempts}"
+                    )
                     auth_attempts += 1
                     await self.auth.reauthenticate()
                     await self._create_session()
diff --git a/kr8s/_auth.py b/kr8s/_auth.py
index 02ef94f..83bad20 100644
--- a/kr8s/_auth.py
+++ b/kr8s/_auth.py
@@ -3,6 +3,7 @@
 import base64
 import ipaddress
 import json
+import logging
 import os
 import pathlib
 import ssl
@@ -14,6 +15,8 @@
 from ._config import KubeConfigSet
 from ._types import PathType
 
+logger = logging.getLogger(__name__)
+
 
 class KubeAuth:
     """Load kubernetes auth from kubeconfig, service account, or url."""
@@ -69,6 +72,7 @@ async def reauthenticate(self) -> None:
         """Reauthenticate with the server."""
         async with self.__auth_lock:
             if self._url:
+                logger.debug("URL specified manually")
                 self.server = self._url
             else:
                 if self._kubeconfig_path_or_dict is not False:
@@ -110,6 +114,7 @@ def namespace(self, value: str):
 
     async def _load_kubeconfig(self) -> None:
         """Load kubernetes auth from kubeconfig."""
+        logger.debug("Loading kubeconfig")
         if isinstance(self._kubeconfig_path_or_dict, str) or isinstance(
             self._kubeconfig_path_or_dict, pathlib.Path
         ):
@@ -254,6 +259,7 @@ async def _load_kubeconfig(self) -> None:
 
     async def _load_service_account(self) -> None:
         """Load credentials from service account."""
+        logger.debug("Loading service account")
         self._serviceaccount = os.path.expanduser(self._serviceaccount)
         if not os.path.isdir(self._serviceaccount):
             return