{"msg":"cockroach temporary directory: /var/tmp/omicron_tmp/.tmpoR7Hlz","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:08.954816736Z","hostname":"ip-10-150-1-168","pid":22523} {"msg":"cockroach: copying from seed tarball (/var/tmp/omicron_tmp/crdb-base-build/0ba558b6703680b8ede35fabd6978a943490bd8054f72957a6e548a757ea0cf2.tar) to storage directory (/var/tmp/omicron_tmp/.tmpoR7Hlz/data)","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:08.954875219Z","hostname":"ip-10-150-1-168","pid":22523} {"msg":"cockroach command line: cockroach start-single-node --insecure --http-addr=:0 --store=path=/var/tmp/omicron_tmp/.tmpoR7Hlz/data,ballast-size=0 --listen-addr [::1]:0 --listening-url-file /var/tmp/omicron_tmp/.tmpoR7Hlz/listen-url","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:08.972808663Z","hostname":"ip-10-150-1-168","pid":22523} {"msg":"cockroach environment: BUILDOMAT_JOB_ID=01HPMN2STWTAWNNTNSRX3P7732 BUILDOMAT_TASK_ID=4 CARGO=/home/build/.rustup/toolchains/1.74.1-x86_64-unknown-linux-gnu/bin/cargo CARGO_HOME=/home/build/.cargo CARGO_INCREMENTAL=0 CARGO_MANIFEST_DIR=/work/oxidecomputer/omicron/nexus/db-queries CARGO_PKG_AUTHORS= CARGO_PKG_DESCRIPTION= CARGO_PKG_HOMEPAGE= CARGO_PKG_LICENSE=MPL-2.0 CARGO_PKG_LICENSE_FILE= CARGO_PKG_NAME=nexus-db-queries CARGO_PKG_REPOSITORY= CARGO_PKG_RUST_VERSION= CARGO_PKG_VERSION=0.1.0 CARGO_PKG_VERSION_MAJOR=0 CARGO_PKG_VERSION_MINOR=1 CARGO_PKG_VERSION_PATCH=0 CARGO_PKG_VERSION_PRE= CI=true CRDB_SEED_TAR=/var/tmp/omicron_tmp/crdb-base-build/0ba558b6703680b8ede35fabd6978a943490bd8054f72957a6e548a757ea0cf2.tar GITHUB_BRANCH=order-next-item-subquery GITHUB_REF=refs/heads/order-next-item-subquery GITHUB_REPOSITORY=oxidecomputer/omicron GITHUB_SHA=604b19b55a25857d0a501c266b1b25941fa11b3e GOTRACEBACK=crash HOME=/home/build LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 LD_LIBRARY_PATH=/work/oxidecomputer/omicron/target/debug/build/blake3-feeaa7149c3596f1/out:/work/oxidecomputer/omicron/target/debug/build/bzip2-sys-a48f149f01e13be4/out/lib:/work/oxidecomputer/omicron/target/debug/build/ring-36a1c9477f8b2f8d/out:/work/oxidecomputer/omicron/target/debug/build/ring-ba6b6ec6a6f9aa54/out:/work/oxidecomputer/omicron/target/debug/build/tofino-d74860998be2bf98/out:/work/oxidecomputer/omicron/target/debug/deps:/work/oxidecomputer/omicron/target/debug:/home/build/.rustup/toolchains/1.74.1-x86_64-unknown-linux-gnu/lib LOGNAME=build NEXTEST=1 NEXTEST_EXECUTION_MODE=process-per-test NEXTEST_LD_LIBRARY_PATH=/work/oxidecomputer/omicron/target/debug/build/blake3-feeaa7149c3596f1/out:/work/oxidecomputer/omicron/target/debug/build/bzip2-sys-a48f149f01e13be4/out/lib:/work/oxidecomputer/omicron/target/debug/build/ring-36a1c9477f8b2f8d/out:/work/oxidecomputer/omicron/target/debug/build/ring-ba6b6ec6a6f9aa54/out:/work/oxidecomputer/omicron/target/debug/build/tofino-d74860998be2bf98/out:/work/oxidecomputer/omicron/target/debug/deps:/work/oxidecomputer/omicron/target/debug:/home/build/.rustup/toolchains/1.74.1-x86_64-unknown-linux-gnu/lib NEXTEST_RUN_ID=3d3fc513-6fdb-4fb5-9570-45efa6c0d5c6 OUT_DIR=/work/oxidecomputer/omicron/target/debug/build/nexus-db-queries-fe99d87e837cdda9/out PATH=/work/oxidecomputer/omicron/out/mgd/root/opt/oxide/mgd/bin:/work/oxidecomputer/omicron/out/dendrite-stub/bin:/work/oxidecomputer/omicron/out/clickhouse:/work/oxidecomputer/omicron/out/cockroachdb/bin:/home/build/.cargo/bin:/usr/bin:/bin:/usr/sbin:/sbin:/opt/ooce/bin:/opt/ooce/sbin PWD=/work/oxidecomputer/omicron RUSTC_BOOTSTRAP=1 RUSTDOCFLAGS=-D warnings RUSTFLAGS=-D warnings RUSTUP_HOME=/home/build/.rustup RUSTUP_TOOLCHAIN=1.74.1-x86_64-unknown-linux-gnu RUST_BACKTRACE=1 RUST_RECURSION_COUNT=1 SHLVL=1 SSL_CERT_DIR=/usr/lib/ssl/certs SSL_CERT_FILE=/usr/lib/ssl/certs/ca-certificates.crt TMPDIR=/var/tmp/omicron_tmp TZ=UTC USER=build __NEXTEST_ATTEMPT=1 __NEXTEST_ORIGINAL_CARGO_MANIFEST_DIR=/work/oxidecomputer/omicron/nexus/db-queries","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:08.972923089Z","hostname":"ip-10-150-1-168","pid":22523} {"msg":"cockroach pid: 22570","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:10.081634722Z","hostname":"ip-10-150-1-168","pid":22523} {"msg":"cockroach listen URL: postgresql://root@[::1]:36889/omicron?sslmode=disable","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:10.081708446Z","hostname":"ip-10-150-1-168","pid":22523} {"msg":"database connection pool","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:10.081756619Z","hostname":"ip-10-150-1-168","pid":22523,"component":"db::Pool","database_url":"postgresql://root@[::1]:36889/omicron?sslmode=disable"} {"msg":"Compatible database schema: 33.0.1","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:10.844361905Z","hostname":"ip-10-150-1-168","pid":22523} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:10.844691223Z","hostname":"ip-10-150-1-168","pid":22523,"class":"Action"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:10.844739725Z","hostname":"ip-10-150-1-168","pid":22523,"class":"AnyActor"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:10.844803539Z","hostname":"ip-10-150-1-168","pid":22523,"class":"AuthenticatedActor"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:10.844856102Z","hostname":"ip-10-150-1-168","pid":22523,"class":"BlueprintConfig"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:10.844906464Z","hostname":"ip-10-150-1-168","pid":22523,"class":"Database"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:10.844949677Z","hostname":"ip-10-150-1-168","pid":22523,"class":"DnsConfig"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:10.844995409Z","hostname":"ip-10-150-1-168","pid":22523,"class":"Fleet"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:10.845038501Z","hostname":"ip-10-150-1-168","pid":22523,"class":"Inventory"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:10.846120519Z","hostname":"ip-10-150-1-168","pid":22523,"class":"IpPoolList"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:10.846204914Z","hostname":"ip-10-150-1-168","pid":22523,"class":"ConsoleSessionList"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:10.846280308Z","hostname":"ip-10-150-1-168","pid":22523,"class":"DeviceAuthRequestList"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:10.846371023Z","hostname":"ip-10-150-1-168","pid":22523,"class":"SiloCertificateList"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:10.846418935Z","hostname":"ip-10-150-1-168","pid":22523,"class":"SiloIdentityProviderList"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:10.846470778Z","hostname":"ip-10-150-1-168","pid":22523,"class":"SiloUserList"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:10.84651158Z","hostname":"ip-10-150-1-168","pid":22523,"class":"Project"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:10.846565574Z","hostname":"ip-10-150-1-168","pid":22523,"class":"Disk"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:10.846605736Z","hostname":"ip-10-150-1-168","pid":22523,"class":"Snapshot"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:10.846641687Z","hostname":"ip-10-150-1-168","pid":22523,"class":"ProjectImage"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:10.84667746Z","hostname":"ip-10-150-1-168","pid":22523,"class":"Instance"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:10.846701341Z","hostname":"ip-10-150-1-168","pid":22523,"class":"IpPool"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:10.846738133Z","hostname":"ip-10-150-1-168","pid":22523,"class":"InstanceNetworkInterface"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:10.846781545Z","hostname":"ip-10-150-1-168","pid":22523,"class":"Vpc"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:10.846820467Z","hostname":"ip-10-150-1-168","pid":22523,"class":"VpcRouter"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:10.846853349Z","hostname":"ip-10-150-1-168","pid":22523,"class":"RouterRoute"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:10.846970555Z","hostname":"ip-10-150-1-168","pid":22523,"class":"VpcSubnet"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:10.848058114Z","hostname":"ip-10-150-1-168","pid":22523,"class":"FloatingIp"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:10.848125077Z","hostname":"ip-10-150-1-168","pid":22523,"class":"Image"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:10.848189791Z","hostname":"ip-10-150-1-168","pid":22523,"class":"SiloImage"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:10.848250034Z","hostname":"ip-10-150-1-168","pid":22523,"class":"AddressLot"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:10.848328258Z","hostname":"ip-10-150-1-168","pid":22523,"class":"Blueprint"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:10.84836848Z","hostname":"ip-10-150-1-168","pid":22523,"class":"LoopbackAddress"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:10.848416803Z","hostname":"ip-10-150-1-168","pid":22523,"class":"Certificate"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:10.848490367Z","hostname":"ip-10-150-1-168","pid":22523,"class":"ConsoleSession"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:10.848531059Z","hostname":"ip-10-150-1-168","pid":22523,"class":"DeviceAuthRequest"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:10.848570311Z","hostname":"ip-10-150-1-168","pid":22523,"class":"DeviceAccessToken"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:10.848617814Z","hostname":"ip-10-150-1-168","pid":22523,"class":"PhysicalDisk"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:10.848663376Z","hostname":"ip-10-150-1-168","pid":22523,"class":"Rack"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:10.848693858Z","hostname":"ip-10-150-1-168","pid":22523,"class":"RoleBuiltin"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:10.84872856Z","hostname":"ip-10-150-1-168","pid":22523,"class":"SshKey"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:10.848813614Z","hostname":"ip-10-150-1-168","pid":22523,"class":"Silo"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:10.848852516Z","hostname":"ip-10-150-1-168","pid":22523,"class":"SiloUser"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:10.848889818Z","hostname":"ip-10-150-1-168","pid":22523,"class":"SiloGroup"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:10.84891603Z","hostname":"ip-10-150-1-168","pid":22523,"class":"IdentityProvider"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:10.848937801Z","hostname":"ip-10-150-1-168","pid":22523,"class":"SamlIdentityProvider"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:10.848973783Z","hostname":"ip-10-150-1-168","pid":22523,"class":"Sled"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:10.849027716Z","hostname":"ip-10-150-1-168","pid":22523,"class":"TufRepo"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:10.849963836Z","hostname":"ip-10-150-1-168","pid":22523,"class":"TufArtifact"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:10.850018809Z","hostname":"ip-10-150-1-168","pid":22523,"class":"Zpool"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:10.850065902Z","hostname":"ip-10-150-1-168","pid":22523,"class":"Service"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:10.850090603Z","hostname":"ip-10-150-1-168","pid":22523,"class":"UserBuiltin"} {"msg":"full Oso configuration","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:10.850113144Z","hostname":"ip-10-150-1-168","pid":22523,"config":"#\n# Oso configuration for Omicron\n# This file is augmented by generated snippets.\n#\n\n#\n# ACTOR TYPES AND BASIC RULES\n#\n\n# `AnyActor` includes both authenticated and unauthenticated users.\nactor AnyActor {}\n\n# An `AuthenticatedActor` has an identity in the system. All of our operations\n# today require that an actor be authenticated.\nactor AuthenticatedActor {}\n\n# For any resource, `actor` can perform action `action` on it if they're\n# authenticated and their role(s) give them the corresponding permission on that\n# resource.\nallow(actor: AnyActor, action: Action, resource) if\n actor.authenticated and\n has_permission(actor.authn_actor.unwrap(), action.to_perm(), resource);\n\n# Define role relationships\nhas_role(actor: AuthenticatedActor, role: String, resource: Resource)\n\tif resource.has_role(actor, role);\n\n#\n# ROLES AND PERMISSIONS IN THE FLEET/SILO/PROJECT HIERARCHY\n#\n# We define the following permissions for most resources in the system:\n#\n# - \"create_child\": required to create child resources (of any type)\n#\n# - \"list_children\": required to list child resources (of all types) of a\n# resource\n#\n# - \"modify\": required to modify or delete a resource\n#\n# - \"read\": required to read a resource\n#\n# We define the following predefined roles for only a few high-level resources:\n# the Fleet (see below), Silo, Organization, and Project. The specific roles\n# are oriented around intended use-cases:\n#\n# - \"admin\": has all permissions on the resource\n#\n# - \"collaborator\": has \"read\", \"list_children\", and \"create_child\", plus\n# the \"admin\" role for child resources. The idea is that if you're an\n# Organization Collaborator, you have full control over the Projects within\n# the Organization, but you cannot modify or delete the Organization itself.\n#\n# - \"viewer\": has \"read\" and \"list_children\" on a resource\n#\n# Below the Project level, permissions are granted via roles at the Project\n# level. For example, for someone to be able to create, modify, or delete any\n# Instances, they must be granted project.collaborator, which means they can\n# create, modify, or delete _all_ resources in the Project.\n#\n# The complete set of predefined roles:\n#\n# - fleet.admin (superuser for the whole system)\n# - fleet.collaborator (can manage Silos)\n# - fleet.viewer (can read most non-siloed resources in the system)\n# - silo.admin (superuser for the silo)\n# - silo.collaborator (can create and own Organizations)\n# - silo.viewer (can read most resources within the Silo)\n# - organization.admin (complete control over an organization)\n# - organization.collaborator (can manage Projects)\n# - organization.viewer (can read most resources within the Organization)\n# - project.admin (complete control over a Project)\n# - project.collaborator (can manage all resources within the Project)\n# - project.viewer (can read most resources within the Project)\n#\n# Outside the Silo/Organization/Project hierarchy, we (currently) treat most\n# resources as nested under Fleet or else a synthetic resource (see below). We\n# do not yet support role assignments on anything other than Fleet, Silo,\n# Organization, or Project.\n#\n\n# \"Fleet\" is a global singleton representing the whole system. The name comes\n# from the idea described in RFD 24, but it's not quite right. This probably\n# should be more like \"Region\" or \"AvailabilityZone\". The precise boundaries\n# have not yet been figured out.\nresource Fleet {\n\tpermissions = [\n\t \"list_children\",\n\t \"modify\",\n\t \"read\",\n\t \"create_child\",\n\t];\n\n\troles = [\n\t # Roles that can be attached by users\n\t \"admin\",\n\t \"collaborator\",\n\t \"viewer\",\n\n\t # Internal-only roles\n\t \"external-authenticator\"\n\t];\n\n\t# Roles implied by other roles on this resource\n\t\"viewer\" if \"collaborator\";\n\t\"collaborator\" if \"admin\";\n\n\t# Permissions granted directly by roles on this resource\n\t\"list_children\" if \"viewer\";\n\t\"read\" if \"viewer\";\n\t\"create_child\" if \"collaborator\";\n\t\"modify\" if \"admin\";\n}\n\n# For fleets specifically, roles can be conferred by roles on the user's Silo.\nhas_role(actor: AuthenticatedActor, role: String, _: Fleet) if\n\tsilo_role in actor.confers_fleet_role(role) and\n\thas_role(actor, silo_role, actor.silo.unwrap());\n\nresource Silo {\n\tpermissions = [\n\t \"list_children\",\n\t \"modify\",\n\t \"read\",\n\t \"create_child\",\n\t];\n\troles = [ \"admin\", \"collaborator\", \"viewer\" ];\n\n\t# Roles implied by other roles on this resource\n\t\"viewer\" if \"collaborator\";\n\t\"collaborator\" if \"admin\";\n\n\t# Permissions granted directly by roles on this resource\n\t\"list_children\" if \"viewer\";\n\t\"read\" if \"viewer\";\n\n\t\"create_child\" if \"collaborator\";\n\t\"modify\" if \"admin\";\n\n\t# Permissions implied by roles on this resource's parent (Fleet). Fleet\n\t# privileges allow a user to see and potentially administer the Silo,\n\t# but they do not give anyone permission to look at anything inside the\n\t# Silo. To achieve this, we use permission rules here. (If we granted\n\t# Fleet administrators _roles_ on the Silo, then those would cascade\n\t# into the Silo as well.)\n\trelations = { parent_fleet: Fleet };\n\t\"read\" if \"viewer\" on \"parent_fleet\";\n\t\"modify\" if \"collaborator\" on \"parent_fleet\";\n\n\t# external authenticator has to create silo users\n\t\"list_children\" if \"external-authenticator\" on \"parent_fleet\";\n\t\"create_child\" if \"external-authenticator\" on \"parent_fleet\";\n}\n\nhas_relation(fleet: Fleet, \"parent_fleet\", silo: Silo)\n\tif silo.fleet = fleet;\n\n# As a special case, all authenticated users can read their own Silo. That's\n# not quite the same as having the \"viewer\" role. For example, they cannot list\n# Organizations in the Silo.\n#\n# One reason this is necessary is because if an unprivileged user tries to\n# create an Organization using \"POST /organizations\", they should get back a 403\n# (which implies they're able to see /organizations, which is essentially seeing\n# the Silo itself) rather than a 404. This behavior isn't a hard constraint\n# (i.e., you could reasonably get a 404 for an API you're not allowed to call).\n# Nor is the implementation (i.e., we could special-case this endpoint somehow).\n# But granting this permission is the simplest way to keep this endpoint's\n# behavior consistent with the rest of the API.\n#\n# This rule is also used to determine if a user can list the identity providers\n# in the Silo (which they should be able to), since that's predicated on being\n# able to read the Silo.\n#\n# It's unclear what else would break if users couldn't see their own Silo.\nhas_permission(actor: AuthenticatedActor, \"read\", silo: Silo)\n\tif silo in actor.silo;\n\nresource Project {\n\tpermissions = [\n\t \"list_children\",\n\t \"modify\",\n\t \"read\",\n\t \"create_child\",\n\t];\n\troles = [ \"admin\", \"collaborator\", \"viewer\" ];\n\n\t# Roles implied by other roles on this resource\n\t\"viewer\" if \"collaborator\";\n\t\"collaborator\" if \"admin\";\n\n\t# Permissions granted directly by roles on this resource\n\t\"list_children\" if \"viewer\";\n\t\"read\" if \"viewer\";\n\t\"create_child\" if \"collaborator\";\n\t\"modify\" if \"admin\";\n\n\t# Roles implied by roles on this resource's parent (Silo)\n\trelations = { parent_silo: Silo };\n\t\"admin\" if \"collaborator\" on \"parent_silo\";\n\t\"viewer\" if \"viewer\" on \"parent_silo\";\n}\nhas_relation(silo: Silo, \"parent_silo\", project: Project)\n\tif project.silo = silo;\n\n#\n# GENERAL RESOURCES OUTSIDE THE SILO/PROJECT HIERARCHY\n#\n# Many resources use snippets of Polar generated by the `authz_resource!` Rust\n# macro. Some resources require custom Polar code. Those appear here.\n#\n\nresource Certificate {\n\tpermissions = [ \"read\", \"modify\" ];\n\trelations = { parent_silo: Silo, parent_fleet: Fleet };\n\n\t# Fleet-level and silo-level roles both grant privileges on certificates.\n\t\"read\" if \"admin\" on \"parent_silo\";\n\t\"modify\" if \"admin\" on \"parent_silo\";\n\t\"read\" if \"admin\" on \"parent_fleet\";\n\t\"modify\" if \"admin\" on \"parent_fleet\";\n}\nhas_relation(silo: Silo, \"parent_silo\", certificate: Certificate)\n\tif certificate.silo = silo;\nhas_relation(fleet: Fleet, \"parent_fleet\", certificate: Certificate)\n\tif certificate.silo.fleet = fleet;\n\nresource SiloUser {\n\tpermissions = [\n\t \"list_children\",\n\t \"modify\",\n\t \"read\",\n\t \"create_child\",\n\t];\n\n\t# Fleet and Silo administrators can manage a Silo's users. This is one\n\t# of the only areas of Silo configuration that Fleet Administrators have\n\t# permissions on.\n\trelations = { parent_silo: Silo, parent_fleet: Fleet };\n\t\"list_children\" if \"read\" on \"parent_silo\";\n\t\"read\" if \"read\" on \"parent_silo\";\n\t\"modify\" if \"admin\" on \"parent_silo\";\n\t\"create_child\" if \"admin\" on \"parent_silo\";\n\t\"list_children\" if \"read\" on \"parent_fleet\";\n\t\"read\" if \"read\" on \"parent_fleet\";\n\t\"modify\" if \"admin\" on \"parent_fleet\";\n\t\"create_child\" if \"admin\" on \"parent_fleet\";\n}\nhas_relation(silo: Silo, \"parent_silo\", user: SiloUser)\n\tif user.silo = silo;\nhas_relation(fleet: Fleet, \"parent_fleet\", user: SiloUser)\n\tif user.silo.fleet = fleet;\n\n# authenticated actors have all permissions on themselves\nhas_permission(actor: AuthenticatedActor, _perm: String, silo_user: SiloUser)\n if actor.equals_silo_user(silo_user);\n\nhas_permission(actor: AuthenticatedActor, \"read\", silo_user: SiloUser)\n if silo_user.silo in actor.silo;\n\nresource SiloGroup {\n\tpermissions = [\n\t \"list_children\",\n\t \"modify\",\n\t \"read\",\n\t \"create_child\",\n\t];\n\n\trelations = { parent_silo: Silo };\n\t\"list_children\" if \"read\" on \"parent_silo\";\n\t\"read\" if \"read\" on \"parent_silo\";\n\t\"modify\" if \"admin\" on \"parent_silo\";\n\t\"create_child\" if \"admin\" on \"parent_silo\";\n}\nhas_relation(silo: Silo, \"parent_silo\", group: SiloGroup)\n\tif group.silo = silo;\n\nresource SshKey {\n\tpermissions = [ \"read\", \"modify\" ];\n\trelations = { silo_user: SiloUser };\n\n\t\"read\" if \"read\" on \"silo_user\";\n\t\"modify\" if \"modify\" on \"silo_user\";\n}\nhas_relation(user: SiloUser, \"silo_user\", ssh_key: SshKey)\n\tif ssh_key.silo_user = user;\n\nresource IdentityProvider {\n\tpermissions = [\n\t \"read\",\n\t \"modify\",\n\t \"create_child\",\n\t \"list_children\",\n\t];\n\trelations = { parent_silo: Silo, parent_fleet: Fleet };\n\n\t# Silo-level roles grant privileges on identity providers.\n\t\"read\" if \"viewer\" on \"parent_silo\";\n\t\"list_children\" if \"viewer\" on \"parent_silo\";\n\t\"modify\" if \"admin\" on \"parent_silo\";\n\t\"create_child\" if \"admin\" on \"parent_silo\";\n\n\t# Fleet-level roles also grant privileges on identity providers.\n\t\"read\" if \"viewer\" on \"parent_fleet\";\n\t\"list_children\" if \"viewer\" on \"parent_fleet\";\n\t\"modify\" if \"admin\" on \"parent_fleet\";\n\t\"create_child\" if \"admin\" on \"parent_fleet\";\n}\nhas_relation(silo: Silo, \"parent_silo\", identity_provider: IdentityProvider)\n\tif identity_provider.silo = silo;\nhas_relation(fleet: Fleet, \"parent_fleet\", collection: IdentityProvider)\n\tif collection.silo.fleet = fleet;\n\nresource SamlIdentityProvider {\n\tpermissions = [\n\t \"read\",\n\t \"modify\",\n\t \"create_child\",\n\t \"list_children\",\n\t];\n\trelations = { parent_silo: Silo, parent_fleet: Fleet };\n\n\t# Silo-level roles grant privileges on identity providers.\n\t\"read\" if \"viewer\" on \"parent_silo\";\n\t\"list_children\" if \"viewer\" on \"parent_silo\";\n\t\"modify\" if \"admin\" on \"parent_silo\";\n\t\"create_child\" if \"admin\" on \"parent_silo\";\n\n\t# Fleet-level roles also grant privileges on identity providers.\n\t\"read\" if \"viewer\" on \"parent_fleet\";\n\t\"list_children\" if \"viewer\" on \"parent_fleet\";\n\t\"modify\" if \"admin\" on \"parent_fleet\";\n\t\"create_child\" if \"admin\" on \"parent_fleet\";\n}\nhas_relation(silo: Silo, \"parent_silo\", saml_identity_provider: SamlIdentityProvider)\n\tif saml_identity_provider.silo = silo;\nhas_relation(fleet: Fleet, \"parent_fleet\", collection: SamlIdentityProvider)\n\tif collection.silo.fleet = fleet;\n\n#\n# SYNTHETIC RESOURCES OUTSIDE THE SILO HIERARCHY\n#\n# The resources here do not correspond to anything that appears explicitly in\n# the API or is stored in the database. These are used either at the top level\n# of the API path (e.g., \"/v1/system/ip-pools\") or as an implementation detail of the system\n# (in the case of console sessions and \"Database\"). The policies are\n# either statically-defined in this file or driven by role assignments on the\n# Fleet. None of these resources defines their own roles.\n#\n\n# Describes the policy for reading and modifying DNS configuration\n# (both internal and external)\nresource DnsConfig {\n\tpermissions = [ \"read\", \"modify\" ];\n\trelations = { parent_fleet: Fleet };\n\t# \"external-authenticator\" requires these permissions because that's the\n\t# context that Nexus uses when creating and deleting Silos. These\n\t# operations necessarily need to read and modify DNS configuration.\n\t\"read\" if \"external-authenticator\" on \"parent_fleet\";\n\t\"modify\" if \"external-authenticator\" on \"parent_fleet\";\n\t# \"admin\" on the parent fleet also gets these permissions, primarily for\n\t# the test suite.\n\t\"read\" if \"admin\" on \"parent_fleet\";\n\t\"modify\" if \"admin\" on \"parent_fleet\";\n}\nhas_relation(fleet: Fleet, \"parent_fleet\", dns_config: DnsConfig)\n\tif dns_config.fleet = fleet;\n\n# Describes the policy for accessing blueprints\nresource BlueprintConfig {\n\tpermissions = [\n\t \"list_children\", # list blueprints\n\t \"create_child\", # create blueprint\n\t \"read\", # read the current target\n\t \"modify\", # change the current target\n\t];\n\n\trelations = { parent_fleet: Fleet };\n\t\"create_child\" if \"admin\" on \"parent_fleet\";\n\t\"modify\" if \"admin\" on \"parent_fleet\";\n\t\"list_children\" if \"viewer\" on \"parent_fleet\";\n\t\"read\" if \"viewer\" on \"parent_fleet\";\n}\nhas_relation(fleet: Fleet, \"parent_fleet\", list: BlueprintConfig)\n\tif list.fleet = fleet;\n\n# Describes the policy for reading and modifying low-level inventory\nresource Inventory {\n\tpermissions = [ \"read\", \"modify\" ];\n\trelations = { parent_fleet: Fleet };\n\t\"read\" if \"viewer\" on \"parent_fleet\";\n\t\"modify\" if \"admin\" on \"parent_fleet\";\n}\nhas_relation(fleet: Fleet, \"parent_fleet\", inventory: Inventory)\n\tif inventory.fleet = fleet;\n\n# Describes the policy for accessing \"/v1/system/ip-pools\" in the API\nresource IpPoolList {\n\tpermissions = [\n\t \"list_children\",\n\t \"modify\",\n\t \"create_child\",\n\t];\n\n\t# Fleet Administrators can create or modify the IP Pools list.\n\trelations = { parent_fleet: Fleet };\n\t\"modify\" if \"admin\" on \"parent_fleet\";\n\t\"create_child\" if \"admin\" on \"parent_fleet\";\n\n\t# Fleet Viewers can list IP Pools\n\t\"list_children\" if \"viewer\" on \"parent_fleet\";\n}\nhas_relation(fleet: Fleet, \"parent_fleet\", ip_pool_list: IpPoolList)\n\tif ip_pool_list.fleet = fleet;\n\n# Any authenticated user can create a child of a provided IP Pool.\n# This is necessary to use the pools when provisioning instances.\nhas_permission(actor: AuthenticatedActor, \"create_child\", ip_pool: IpPool)\n\tif silo in actor.silo and silo.fleet = ip_pool.fleet;\n\n# Describes the policy for creating and managing web console sessions.\nresource ConsoleSessionList {\n\tpermissions = [ \"create_child\" ];\n\trelations = { parent_fleet: Fleet };\n\t\"create_child\" if \"external-authenticator\" on \"parent_fleet\";\n}\nhas_relation(fleet: Fleet, \"parent_fleet\", collection: ConsoleSessionList)\n\tif collection.fleet = fleet;\n\n# Describes the policy for creating and managing device authorization requests.\nresource DeviceAuthRequestList {\n\tpermissions = [ \"create_child\" ];\n\trelations = { parent_fleet: Fleet };\n\t\"create_child\" if \"external-authenticator\" on \"parent_fleet\";\n}\nhas_relation(fleet: Fleet, \"parent_fleet\", collection: DeviceAuthRequestList)\n\tif collection.fleet = fleet;\n\n# Describes the policy for creating and managing Silo certificates\nresource SiloCertificateList {\n\tpermissions = [ \"list_children\", \"create_child\" ];\n\n\trelations = { parent_silo: Silo, parent_fleet: Fleet };\n\n\t# Both Fleet and Silo administrators can see and modify the Silo's\n\t# certificates.\n\t\"list_children\" if \"admin\" on \"parent_silo\";\n\t\"list_children\" if \"admin\" on \"parent_fleet\";\n\t\"create_child\" if \"admin\" on \"parent_silo\";\n\t\"create_child\" if \"admin\" on \"parent_fleet\";\n}\nhas_relation(silo: Silo, \"parent_silo\", collection: SiloCertificateList)\n\tif collection.silo = silo;\nhas_relation(fleet: Fleet, \"parent_fleet\", collection: SiloCertificateList)\n\tif collection.silo.fleet = fleet;\n\n# Describes the policy for creating and managing Silo identity providers\nresource SiloIdentityProviderList {\n\tpermissions = [ \"list_children\", \"create_child\" ];\n\n\trelations = { parent_silo: Silo, parent_fleet: Fleet };\n\n\t# Everyone who can read the Silo (which includes all the users in the\n\t# Silo) can see the identity providers in it.\n\t\"list_children\" if \"read\" on \"parent_silo\";\n\n\t# Fleet and Silo administrators can manage the Silo's identity provider\n\t# configuration. This is one of the only areas of Silo configuration\n\t# that Fleet Administrators have permissions on. This is also one of\n\t# the only cases where we need to look two levels up the hierarchy to\n\t# see if somebody has the right permission. For most other things,\n\t# permissions cascade down the hierarchy so we only need to look at the\n\t# parent.\n\t\"create_child\" if \"admin\" on \"parent_silo\";\n\t\"create_child\" if \"admin\" on \"parent_fleet\";\n}\nhas_relation(silo: Silo, \"parent_silo\", collection: SiloIdentityProviderList)\n\tif collection.silo = silo;\nhas_relation(fleet: Fleet, \"parent_fleet\", collection: SiloIdentityProviderList)\n\tif collection.silo.fleet = fleet;\n\n# Describes the policy for creating and managing Silo users (mostly intended for\n# API-managed users)\nresource SiloUserList {\n\tpermissions = [ \"list_children\", \"create_child\" ];\n\n\trelations = { parent_silo: Silo, parent_fleet: Fleet };\n\n\t# Everyone who can read the Silo (which includes all the users in the\n\t# Silo) can see the users in it.\n\t\"list_children\" if \"read\" on \"parent_silo\";\n\n\t# Fleet and Silo administrators can manage the Silo's users. This is\n\t# one of the only areas of Silo configuration that Fleet Administrators\n\t# have permissions on. This is also one of the few cases (so far) where\n\t# we need to look two levels up the hierarchy to see if somebody has the\n\t# right permission. For most other things, permissions cascade down the\n\t# hierarchy so we only need to look at the parent.\n\t\"create_child\" if \"admin\" on \"parent_silo\";\n\t\"list_children\" if \"admin\" on \"parent_fleet\";\n\t\"create_child\" if \"admin\" on \"parent_fleet\";\n}\nhas_relation(silo: Silo, \"parent_silo\", collection: SiloUserList)\n\tif collection.silo = silo;\nhas_relation(fleet: Fleet, \"parent_fleet\", collection: SiloUserList)\n\tif collection.silo.fleet = fleet;\n\n# These rules grants the external authenticator role the permissions it needs to\n# read silo users and modify their sessions. This is necessary for login to\n# work.\nhas_permission(actor: AuthenticatedActor, \"read\", silo: Silo)\n\tif has_role(actor, \"external-authenticator\", silo.fleet);\nhas_permission(actor: AuthenticatedActor, \"read\", user: SiloUser)\n\tif has_role(actor, \"external-authenticator\", user.silo.fleet);\nhas_permission(actor: AuthenticatedActor, \"modify\", user: SiloUser)\n\tif has_role(actor, \"external-authenticator\", user.silo.fleet);\nhas_permission(actor: AuthenticatedActor, \"read\", group: SiloGroup)\n\tif has_role(actor, \"external-authenticator\", group.silo.fleet);\nhas_permission(actor: AuthenticatedActor, \"modify\", group: SiloGroup)\n\tif has_role(actor, \"external-authenticator\", group.silo.fleet);\n\nhas_permission(actor: AuthenticatedActor, \"read\", session: ConsoleSession)\n\tif has_role(actor, \"external-authenticator\", session.fleet);\nhas_permission(actor: AuthenticatedActor, \"modify\", session: ConsoleSession)\n\tif has_role(actor, \"external-authenticator\", session.fleet);\n\n# All authenticated users can read and delete device authn requests because\n# by necessity these operations happen before we've figured out what user (or\n# even Silo) the device auth is associated with. Any user can claim a device\n# auth request with the right user code (that's how it works) -- it's the user\n# code and associated logic that prevents unauthorized access here.\nhas_permission(_actor: AuthenticatedActor, \"read\", _device_auth: DeviceAuthRequest);\nhas_permission(_actor: AuthenticatedActor, \"modify\", _device_auth: DeviceAuthRequest);\n\nhas_permission(actor: AuthenticatedActor, \"read\", device_token: DeviceAccessToken)\n\tif has_role(actor, \"external-authenticator\", device_token.fleet);\n\nhas_permission(actor: AuthenticatedActor, \"read\", identity_provider: IdentityProvider)\n\tif has_role(actor, \"external-authenticator\", identity_provider.silo.fleet);\n\nhas_permission(actor: AuthenticatedActor, \"read\", saml_identity_provider: SamlIdentityProvider)\n\tif has_role(actor, \"external-authenticator\", saml_identity_provider.silo.fleet);\n\n# Describes the policy for who can access the internal database.\nresource Database {\n\tpermissions = [\n\t # \"query\" is required to perform any query against the database,\n\t # whether a read or write query. This is checked when an operation\n\t # checks out a database connection from the connection pool.\n\t #\n\t # Any authenticated user gets this permission. There's generally\n\t # some other authz check involved in the database query. For\n\t # example, if you're querying the database to \"read\" a \"Project\", we\n\t # should also be checking that. So why do we do this at all? It's\n\t # a belt-and-suspenders measure so that if we somehow introduced an\n\t # unauthenticated code path that hits the database, it cannot be\n\t # used to DoS the database because we won't allow the operation to\n\t # make the query. (As long as the code path _is_ authenticated, we\n\t # can use throttling mechanisms to prevent DoS.)\n\t \"query\",\n\n\t # \"modify\" is required to populate database data that's delivered\n\t # with the system. It should also be required for schema changes,\n\t # when we support those. This is separate from \"query\" so that we\n\t # cannot accidentally invoke these code paths from API calls and\n\t # other general functions.\n\t \"modify\"\n\t];\n}\n\n# All authenticated users have the \"query\" permission on the database.\nhas_permission(_actor: AuthenticatedActor, \"query\", _resource: Database);\n\n# The \"db-init\" user is the only one with the \"modify\" permission.\nhas_permission(USER_DB_INIT: AuthenticatedActor, \"modify\", _resource: Database);\nhas_permission(USER_DB_INIT: AuthenticatedActor, \"create_child\", _resource: IpPoolList);\n# It also has \"admin\" on the internal silo to populate it with built-in resources.\n# TODO-completeness: actually limit to just internal silo and not all silos\nhas_role(USER_DB_INIT: AuthenticatedActor, \"admin\", _silo: Silo);\n\n# Allow the internal API admin permissions on all silos.\nhas_role(USER_INTERNAL_API: AuthenticatedActor, \"admin\", _silo: Silo);\n\n\n\n resource Disk {\n permissions = [\n \"list_children\",\n \"modify\",\n \"read\",\n \"create_child\",\n ];\n\n relations = { containing_project: Project };\n \"list_children\" if \"viewer\" on \"containing_project\";\n \"read\" if \"viewer\" on \"containing_project\";\n \"modify\" if \"collaborator\" on \"containing_project\";\n \"create_child\" if \"collaborator\" on \"containing_project\";\n }\n\n has_relation(parent: Project, \"containing_project\", child: Disk)\n if child.project = parent;\n \n\n resource Snapshot {\n permissions = [\n \"list_children\",\n \"modify\",\n \"read\",\n \"create_child\",\n ];\n\n relations = { containing_project: Project };\n \"list_children\" if \"viewer\" on \"containing_project\";\n \"read\" if \"viewer\" on \"containing_project\";\n \"modify\" if \"collaborator\" on \"containing_project\";\n \"create_child\" if \"collaborator\" on \"containing_project\";\n }\n\n has_relation(parent: Project, \"containing_project\", child: Snapshot)\n if child.project = parent;\n \n\n resource ProjectImage {\n permissions = [\n \"list_children\",\n \"modify\",\n \"read\",\n \"create_child\",\n ];\n\n relations = { containing_project: Project };\n \"list_children\" if \"viewer\" on \"containing_project\";\n \"read\" if \"viewer\" on \"containing_project\";\n \"modify\" if \"collaborator\" on \"containing_project\";\n \"create_child\" if \"collaborator\" on \"containing_project\";\n }\n\n has_relation(parent: Project, \"containing_project\", child: ProjectImage)\n if child.project = parent;\n \n\n resource Instance {\n permissions = [\n \"list_children\",\n \"modify\",\n \"read\",\n \"create_child\",\n ];\n\n relations = { containing_project: Project };\n \"list_children\" if \"viewer\" on \"containing_project\";\n \"read\" if \"viewer\" on \"containing_project\";\n \"modify\" if \"collaborator\" on \"containing_project\";\n \"create_child\" if \"collaborator\" on \"containing_project\";\n }\n\n has_relation(parent: Project, \"containing_project\", child: Instance)\n if child.project = parent;\n \n\n resource IpPool {\n permissions = [\n \"list_children\",\n \"modify\",\n \"read\",\n \"create_child\",\n ];\n \n relations = { parent_fleet: Fleet };\n \"list_children\" if \"viewer\" on \"parent_fleet\";\n \"read\" if \"viewer\" on \"parent_fleet\";\n \"modify\" if \"admin\" on \"parent_fleet\";\n \"create_child\" if \"admin\" on \"parent_fleet\";\n }\n has_relation(fleet: Fleet, \"parent_fleet\", child: IpPool)\n if child.fleet = fleet;\n \n\n resource InstanceNetworkInterface {\n permissions = [\n \"list_children\",\n \"modify\",\n \"read\",\n \"create_child\",\n ];\n\n relations = {\n containing_project: Project,\n parent: Instance\n };\n \"list_children\" if \"viewer\" on \"containing_project\";\n \"read\" if \"viewer\" on \"containing_project\";\n \"modify\" if \"collaborator\" on \"containing_project\";\n \"create_child\" if \"collaborator\" on \"containing_project\";\n }\n\n has_relation(project: Project, \"containing_project\", child: InstanceNetworkInterface)\n if has_relation(project, \"containing_project\", child.instance);\n\n has_relation(parent: Instance, \"parent\", child: InstanceNetworkInterface)\n if child.instance = parent;\n \n\n resource Vpc {\n permissions = [\n \"list_children\",\n \"modify\",\n \"read\",\n \"create_child\",\n ];\n\n relations = { containing_project: Project };\n \"list_children\" if \"viewer\" on \"containing_project\";\n \"read\" if \"viewer\" on \"containing_project\";\n \"modify\" if \"collaborator\" on \"containing_project\";\n \"create_child\" if \"collaborator\" on \"containing_project\";\n }\n\n has_relation(parent: Project, \"containing_project\", child: Vpc)\n if child.project = parent;\n \n\n resource VpcRouter {\n permissions = [\n \"list_children\",\n \"modify\",\n \"read\",\n \"create_child\",\n ];\n\n relations = {\n containing_project: Project,\n parent: Vpc\n };\n \"list_children\" if \"viewer\" on \"containing_project\";\n \"read\" if \"viewer\" on \"containing_project\";\n \"modify\" if \"collaborator\" on \"containing_project\";\n \"create_child\" if \"collaborator\" on \"containing_project\";\n }\n\n has_relation(project: Project, \"containing_project\", child: VpcRouter)\n if has_relation(project, \"containing_project\", child.vpc);\n\n has_relation(parent: Vpc, \"parent\", child: VpcRouter)\n if child.vpc = parent;\n \n\n resource RouterRoute {\n permissions = [\n \"list_children\",\n \"modify\",\n \"read\",\n \"create_child\",\n ];\n\n relations = {\n containing_project: Project,\n parent: VpcRouter\n };\n \"list_children\" if \"viewer\" on \"containing_project\";\n \"read\" if \"viewer\" on \"containing_project\";\n \"modify\" if \"collaborator\" on \"containing_project\";\n \"create_child\" if \"collaborator\" on \"containing_project\";\n }\n\n has_relation(project: Project, \"containing_project\", child: RouterRoute)\n if has_relation(project, \"containing_project\", child.vpc_router);\n\n has_relation(parent: VpcRouter, \"parent\", child: RouterRoute)\n if child.vpc_router = parent;\n \n\n resource VpcSubnet {\n permissions = [\n \"list_children\",\n \"modify\",\n \"read\",\n \"create_child\",\n ];\n\n relations = {\n containing_project: Project,\n parent: Vpc\n };\n \"list_children\" if \"viewer\" on \"containing_project\";\n \"read\" if \"viewer\" on \"containing_project\";\n \"modify\" if \"collaborator\" on \"containing_project\";\n \"create_child\" if \"collaborator\" on \"containing_project\";\n }\n\n has_relation(project: Project, \"containing_project\", child: VpcSubnet)\n if has_relation(project, \"containing_project\", child.vpc);\n\n has_relation(parent: Vpc, \"parent\", child: VpcSubnet)\n if child.vpc = parent;\n \n\n resource FloatingIp {\n permissions = [\n \"list_children\",\n \"modify\",\n \"read\",\n \"create_child\",\n ];\n\n relations = { containing_project: Project };\n \"list_children\" if \"viewer\" on \"containing_project\";\n \"read\" if \"viewer\" on \"containing_project\";\n \"modify\" if \"collaborator\" on \"containing_project\";\n \"create_child\" if \"collaborator\" on \"containing_project\";\n }\n\n has_relation(parent: Project, \"containing_project\", child: FloatingIp)\n if child.project = parent;\n \n\n resource Image {\n permissions = [\n \"list_children\",\n \"modify\",\n \"read\",\n \"create_child\",\n ];\n\n relations = { containing_silo: Silo };\n \"list_children\" if \"viewer\" on \"containing_silo\";\n \"read\" if \"viewer\" on \"containing_silo\";\n \"modify\" if \"collaborator\" on \"containing_silo\";\n \"create_child\" if \"collaborator\" on \"containing_silo\";\n }\n\n has_relation(parent: Silo, \"containing_silo\", child: Image)\n if child.silo = parent;\n \n\n resource SiloImage {\n permissions = [\n \"list_children\",\n \"modify\",\n \"read\",\n \"create_child\",\n ];\n\n relations = { containing_silo: Silo };\n \"list_children\" if \"viewer\" on \"containing_silo\";\n \"read\" if \"viewer\" on \"containing_silo\";\n \"modify\" if \"collaborator\" on \"containing_silo\";\n \"create_child\" if \"collaborator\" on \"containing_silo\";\n }\n\n has_relation(parent: Silo, \"containing_silo\", child: SiloImage)\n if child.silo = parent;\n \n\n resource AddressLot {\n permissions = [\n \"list_children\",\n \"modify\",\n \"read\",\n \"create_child\",\n ];\n \n relations = { parent_fleet: Fleet };\n \"list_children\" if \"viewer\" on \"parent_fleet\";\n \"read\" if \"viewer\" on \"parent_fleet\";\n \"modify\" if \"admin\" on \"parent_fleet\";\n \"create_child\" if \"admin\" on \"parent_fleet\";\n }\n has_relation(fleet: Fleet, \"parent_fleet\", child: AddressLot)\n if child.fleet = fleet;\n \n\n resource Blueprint {\n permissions = [\n \"list_children\",\n \"modify\",\n \"read\",\n \"create_child\",\n ];\n \n relations = { parent_fleet: Fleet };\n \"list_children\" if \"viewer\" on \"parent_fleet\";\n \"read\" if \"viewer\" on \"parent_fleet\";\n \"modify\" if \"admin\" on \"parent_fleet\";\n \"create_child\" if \"admin\" on \"parent_fleet\";\n }\n has_relation(fleet: Fleet, \"parent_fleet\", child: Blueprint)\n if child.fleet = fleet;\n \n\n resource LoopbackAddress {\n permissions = [\n \"list_children\",\n \"modify\",\n \"read\",\n \"create_child\",\n ];\n \n relations = { parent_fleet: Fleet };\n \"list_children\" if \"viewer\" on \"parent_fleet\";\n \"read\" if \"viewer\" on \"parent_fleet\";\n \"modify\" if \"admin\" on \"parent_fleet\";\n \"create_child\" if \"admin\" on \"parent_fleet\";\n }\n has_relation(fleet: Fleet, \"parent_fleet\", child: LoopbackAddress)\n if child.fleet = fleet;\n \n\n\n resource ConsoleSession {\n permissions = [\n \"list_children\",\n \"modify\",\n \"read\",\n \"create_child\",\n ];\n \n relations = { parent_fleet: Fleet };\n \"list_children\" if \"viewer\" on \"parent_fleet\";\n \"read\" if \"viewer\" on \"parent_fleet\";\n \"modify\" if \"admin\" on \"parent_fleet\";\n \"create_child\" if \"admin\" on \"parent_fleet\";\n }\n has_relation(fleet: Fleet, \"parent_fleet\", child: ConsoleSession)\n if child.fleet = fleet;\n \n\n resource DeviceAuthRequest {\n permissions = [\n \"list_children\",\n \"modify\",\n \"read\",\n \"create_child\",\n ];\n \n relations = { parent_fleet: Fleet };\n \"list_children\" if \"viewer\" on \"parent_fleet\";\n \"read\" if \"viewer\" on \"parent_fleet\";\n \"modify\" if \"admin\" on \"parent_fleet\";\n \"create_child\" if \"admin\" on \"parent_fleet\";\n }\n has_relation(fleet: Fleet, \"parent_fleet\", child: DeviceAuthRequest)\n if child.fleet = fleet;\n \n\n resource DeviceAccessToken {\n permissions = [\n \"list_children\",\n \"modify\",\n \"read\",\n \"create_child\",\n ];\n \n relations = { parent_fleet: Fleet };\n \"list_children\" if \"viewer\" on \"parent_fleet\";\n \"read\" if \"viewer\" on \"parent_fleet\";\n \"modify\" if \"admin\" on \"parent_fleet\";\n \"create_child\" if \"admin\" on \"parent_fleet\";\n }\n has_relation(fleet: Fleet, \"parent_fleet\", child: DeviceAccessToken)\n if child.fleet = fleet;\n \n\n resource PhysicalDisk {\n permissions = [\n \"list_children\",\n \"modify\",\n \"read\",\n \"create_child\",\n ];\n \n relations = { parent_fleet: Fleet };\n \"list_children\" if \"viewer\" on \"parent_fleet\";\n \"read\" if \"viewer\" on \"parent_fleet\";\n \"modify\" if \"admin\" on \"parent_fleet\";\n \"create_child\" if \"admin\" on \"parent_fleet\";\n }\n has_relation(fleet: Fleet, \"parent_fleet\", child: PhysicalDisk)\n if child.fleet = fleet;\n \n\n resource Rack {\n permissions = [\n \"list_children\",\n \"modify\",\n \"read\",\n \"create_child\",\n ];\n \n relations = { parent_fleet: Fleet };\n \"list_children\" if \"viewer\" on \"parent_fleet\";\n \"read\" if \"viewer\" on \"parent_fleet\";\n \"modify\" if \"admin\" on \"parent_fleet\";\n \"create_child\" if \"admin\" on \"parent_fleet\";\n }\n has_relation(fleet: Fleet, \"parent_fleet\", child: Rack)\n if child.fleet = fleet;\n \n\n resource RoleBuiltin {\n permissions = [\n \"list_children\",\n \"modify\",\n \"read\",\n \"create_child\",\n ];\n \n relations = { parent_fleet: Fleet };\n \"list_children\" if \"viewer\" on \"parent_fleet\";\n \"read\" if \"viewer\" on \"parent_fleet\";\n \"modify\" if \"admin\" on \"parent_fleet\";\n \"create_child\" if \"admin\" on \"parent_fleet\";\n }\n has_relation(fleet: Fleet, \"parent_fleet\", child: RoleBuiltin)\n if child.fleet = fleet;\n \n\n\n\n\n\n\n\n resource Sled {\n permissions = [\n \"list_children\",\n \"modify\",\n \"read\",\n \"create_child\",\n ];\n \n relations = { parent_fleet: Fleet };\n \"list_children\" if \"viewer\" on \"parent_fleet\";\n \"read\" if \"viewer\" on \"parent_fleet\";\n \"modify\" if \"admin\" on \"parent_fleet\";\n \"create_child\" if \"admin\" on \"parent_fleet\";\n }\n has_relation(fleet: Fleet, \"parent_fleet\", child: Sled)\n if child.fleet = fleet;\n \n\n resource TufRepo {\n permissions = [\n \"list_children\",\n \"modify\",\n \"read\",\n \"create_child\",\n ];\n \n relations = { parent_fleet: Fleet };\n \"list_children\" if \"viewer\" on \"parent_fleet\";\n \"read\" if \"viewer\" on \"parent_fleet\";\n \"modify\" if \"admin\" on \"parent_fleet\";\n \"create_child\" if \"admin\" on \"parent_fleet\";\n }\n has_relation(fleet: Fleet, \"parent_fleet\", child: TufRepo)\n if child.fleet = fleet;\n \n\n resource TufArtifact {\n permissions = [\n \"list_children\",\n \"modify\",\n \"read\",\n \"create_child\",\n ];\n \n relations = { parent_fleet: Fleet };\n \"list_children\" if \"viewer\" on \"parent_fleet\";\n \"read\" if \"viewer\" on \"parent_fleet\";\n \"modify\" if \"admin\" on \"parent_fleet\";\n \"create_child\" if \"admin\" on \"parent_fleet\";\n }\n has_relation(fleet: Fleet, \"parent_fleet\", child: TufArtifact)\n if child.fleet = fleet;\n \n\n resource Zpool {\n permissions = [\n \"list_children\",\n \"modify\",\n \"read\",\n \"create_child\",\n ];\n \n relations = { parent_fleet: Fleet };\n \"list_children\" if \"viewer\" on \"parent_fleet\";\n \"read\" if \"viewer\" on \"parent_fleet\";\n \"modify\" if \"admin\" on \"parent_fleet\";\n \"create_child\" if \"admin\" on \"parent_fleet\";\n }\n has_relation(fleet: Fleet, \"parent_fleet\", child: Zpool)\n if child.fleet = fleet;\n \n\n resource Service {\n permissions = [\n \"list_children\",\n \"modify\",\n \"read\",\n \"create_child\",\n ];\n \n relations = { parent_fleet: Fleet };\n \"list_children\" if \"viewer\" on \"parent_fleet\";\n \"read\" if \"viewer\" on \"parent_fleet\";\n \"modify\" if \"admin\" on \"parent_fleet\";\n \"create_child\" if \"admin\" on \"parent_fleet\";\n }\n has_relation(fleet: Fleet, \"parent_fleet\", child: Service)\n if child.fleet = fleet;\n \n\n resource UserBuiltin {\n permissions = [\n \"list_children\",\n \"modify\",\n \"read\",\n \"create_child\",\n ];\n \n relations = { parent_fleet: Fleet };\n \"list_children\" if \"viewer\" on \"parent_fleet\";\n \"read\" if \"viewer\" on \"parent_fleet\";\n \"modify\" if \"admin\" on \"parent_fleet\";\n \"create_child\" if \"admin\" on \"parent_fleet\";\n }\n has_relation(fleet: Fleet, \"parent_fleet\", child: UserBuiltin)\n if child.fleet = fleet;\n "} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:10.8578494Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Modify","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:10.857907513Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:10.859916Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Modify","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"attempting to create built-in users","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:10.859957183Z","hostname":"ip-10-150-1-168","pid":22523} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:10.860047368Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:10.86008288Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:10.860630479Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"created 5 built-in users","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:10.913455888Z","hostname":"ip-10-150-1-168","pid":22523} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:10.913528071Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Modify","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:10.913575104Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:10.913615606Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Modify","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"attempting to create built-in roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:10.91367874Z","hostname":"ip-10-150-1-168","pid":22523} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:10.913721512Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:10.913764774Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:10.913804926Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"created 10 built-in roles","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:10.955290696Z","hostname":"ip-10-150-1-168","pid":22523} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:10.955347749Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Modify","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:10.955380641Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:10.956448008Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Modify","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"attempting to create built-in role assignments","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:10.957079392Z","hostname":"ip-10-150-1-168","pid":22523} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:10.957115624Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:10.957141415Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:10.957161706Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"created 4 built-in role assignments","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:10.982137818Z","hostname":"ip-10-150-1-168","pid":22523} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:10.982211222Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Modify","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:10.982253234Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:10.984661033Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Modify","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"attempting to create built-in silos","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:10.984720797Z","hostname":"ip-10-150-1-168","pid":22523} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:10.984765029Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:10.984809461Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:10.984854504Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"created 2 built-in silos","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:11.041476447Z","hostname":"ip-10-150-1-168","pid":22523} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.04154963Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.041694238Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.042648339Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.054216891Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Modify","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.054285615Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.056110733Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Modify","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"attempting to create built-in projects","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.056194377Z","hostname":"ip-10-150-1-168","pid":22523} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.056233419Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.056267281Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.057295146Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.059632092Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Silo { parent: Fleet, key: 001de000-5110-4000-8000-000000000001, lookup_type: ById(001de000-5110-4000-8000-000000000001) }","action":"CreateChild","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"loading roles","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.059673344Z","hostname":"ip-10-150-1-168","pid":22523,"resource_id":"001de000-5110-4000-8000-000000000001","resource_type":"Silo","actor":"Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.059716756Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.059753308Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.05978718Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"loading roles","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.061905974Z","hostname":"ip-10-150-1-168","pid":22523,"resource_id":"001de000-1334-4000-8000-000000000000","resource_type":"Fleet","actor":"Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.061963707Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.061996999Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.066707692Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.067684094Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.067741207Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Silo { parent: Fleet, key: 001de000-5110-4000-8000-000000000001, lookup_type: ById(001de000-5110-4000-8000-000000000001) }","action":"CreateChild","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.06779264Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Silo { parent: Fleet, key: 001de000-5110-4000-8000-000000000001, lookup_type: ById(001de000-5110-4000-8000-000000000001) }","action":"CreateChild","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"loading roles","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.067843163Z","hostname":"ip-10-150-1-168","pid":22523,"resource_id":"001de000-5110-4000-8000-000000000001","resource_type":"Silo","actor":"Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.067886585Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.067928437Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.068506738Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"loading roles","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.070111465Z","hostname":"ip-10-150-1-168","pid":22523,"resource_id":"001de000-1334-4000-8000-000000000000","resource_type":"Fleet","actor":"Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.0702163Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.070327646Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.07113856Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.072101882Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.075399449Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Silo { parent: Fleet, key: 001de000-5110-4000-8000-000000000001, lookup_type: ById(001de000-5110-4000-8000-000000000001) }","action":"CreateChild","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.075527496Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.07559758Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.076070755Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"created built-in services project","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:11.103682709Z","hostname":"ip-10-150-1-168","pid":22523} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.103746822Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Modify","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.103785144Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.10593603Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Modify","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"attempting to create built-in VPCs","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.106053136Z","hostname":"ip-10-150-1-168","pid":22523} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.10612004Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.106183503Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.106739173Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.129646994Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.12977262Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.13049575Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.13181309Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Project { parent: Silo { parent: Fleet, key: 001de000-5110-4000-8000-000000000001, lookup_type: ById(001de000-5110-4000-8000-000000000001) }, key: 001de000-4401-4000-8000-000000000000, lookup_type: ById(001de000-4401-4000-8000-000000000000) }","action":"CreateChild","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"loading roles","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.132899719Z","hostname":"ip-10-150-1-168","pid":22523,"resource_id":"001de000-4401-4000-8000-000000000000","resource_type":"Project","actor":"Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.132945881Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.132981973Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.133023345Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"loading roles","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.133990857Z","hostname":"ip-10-150-1-168","pid":22523,"resource_id":"001de000-5110-4000-8000-000000000001","resource_type":"Silo","actor":"Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.135106207Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.135142729Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.135181061Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"loading roles","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.135733371Z","hostname":"ip-10-150-1-168","pid":22523,"resource_id":"001de000-1334-4000-8000-000000000000","resource_type":"Fleet","actor":"Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.136375075Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.136432878Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.136490861Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.137416421Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.142732767Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Project { parent: Silo { parent: Fleet, key: 001de000-5110-4000-8000-000000000001, lookup_type: ById(001de000-5110-4000-8000-000000000001) }, key: 001de000-4401-4000-8000-000000000000, lookup_type: ById(001de000-4401-4000-8000-000000000000) }","action":"CreateChild","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"successful lookup of siloed resource \"Project\" using built-in user","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.142850493Z","hostname":"ip-10-150-1-168","pid":22523} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.142910506Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Project { parent: Silo { parent: Fleet, key: 001de000-5110-4000-8000-000000000001, lookup_type: ById(001de000-5110-4000-8000-000000000001) }, key: 001de000-4401-4000-8000-000000000000, lookup_type: ById(001de000-4401-4000-8000-000000000000) }","action":"CreateChild","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"loading roles","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.142962339Z","hostname":"ip-10-150-1-168","pid":22523,"resource_id":"001de000-4401-4000-8000-000000000000","resource_type":"Project","actor":"Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.143004981Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.143048984Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.14373355Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"loading roles","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.146838587Z","hostname":"ip-10-150-1-168","pid":22523,"resource_id":"001de000-5110-4000-8000-000000000001","resource_type":"Silo","actor":"Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.146970884Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.147045518Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.147369386Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"loading roles","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.148260714Z","hostname":"ip-10-150-1-168","pid":22523,"resource_id":"001de000-1334-4000-8000-000000000000","resource_type":"Fleet","actor":"Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.148829884Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.148877817Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.148915959Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.149734093Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.153426592Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Project { parent: Silo { parent: Fleet, key: 001de000-5110-4000-8000-000000000001, lookup_type: ById(001de000-5110-4000-8000-000000000001) }, key: 001de000-4401-4000-8000-000000000000, lookup_type: ById(001de000-4401-4000-8000-000000000000) }","action":"CreateChild","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.153483185Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.153526577Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.153900237Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.192378205Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.192488061Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.193108604Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.213042375Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Vpc { parent: Project { parent: Silo { parent: Fleet, key: 001de000-5110-4000-8000-000000000001, lookup_type: ById(001de000-5110-4000-8000-000000000001) }, key: 001de000-4401-4000-8000-000000000000, lookup_type: ById(001de000-4401-4000-8000-000000000000) }, key: 001de000-074c-4000-8000-000000000000, lookup_type: ByName(\"oxide-services\") }","action":"CreateChild","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"loading roles","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.213300749Z","hostname":"ip-10-150-1-168","pid":22523,"resource_id":"001de000-4401-4000-8000-000000000000","resource_type":"Project","actor":"Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.214225188Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.214285701Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.214331924Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"loading roles","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.215308056Z","hostname":"ip-10-150-1-168","pid":22523,"resource_id":"001de000-5110-4000-8000-000000000001","resource_type":"Silo","actor":"Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.215908729Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.215953381Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.215980623Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"loading roles","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.219869601Z","hostname":"ip-10-150-1-168","pid":22523,"resource_id":"001de000-1334-4000-8000-000000000000","resource_type":"Fleet","actor":"Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.219939975Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.219977427Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.220534787Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.239365909Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.239428783Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Vpc { parent: Project { parent: Silo { parent: Fleet, key: 001de000-5110-4000-8000-000000000001, lookup_type: ById(001de000-5110-4000-8000-000000000001) }, key: 001de000-4401-4000-8000-000000000000, lookup_type: ById(001de000-4401-4000-8000-000000000000) }, key: 001de000-074c-4000-8000-000000000000, lookup_type: ByName(\"oxide-services\") }","action":"CreateChild","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.239487816Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.239531058Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.23956199Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.239593632Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"VpcRouter { parent: Vpc { parent: Project { parent: Silo { parent: Fleet, key: 001de000-5110-4000-8000-000000000001, lookup_type: ById(001de000-5110-4000-8000-000000000001) }, key: 001de000-4401-4000-8000-000000000000, lookup_type: ById(001de000-4401-4000-8000-000000000000) }, key: 001de000-074c-4000-8000-000000000000, lookup_type: ByName(\"oxide-services\") }, key: 001de000-074c-4000-8000-000000000001, lookup_type: ById(001de000-074c-4000-8000-000000000001) }","action":"CreateChild","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"loading roles","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.239638874Z","hostname":"ip-10-150-1-168","pid":22523,"resource_id":"001de000-4401-4000-8000-000000000000","resource_type":"Project","actor":"Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.239683677Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.239725549Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.239765001Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"loading roles","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.250882438Z","hostname":"ip-10-150-1-168","pid":22523,"resource_id":"001de000-5110-4000-8000-000000000001","resource_type":"Silo","actor":"Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.252630892Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.252695645Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.252744018Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"loading roles","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.252901347Z","hostname":"ip-10-150-1-168","pid":22523,"resource_id":"001de000-1334-4000-8000-000000000000","resource_type":"Fleet","actor":"Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.252953689Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.252997672Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.253468427Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.254783268Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.260807281Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"VpcRouter { parent: Vpc { parent: Project { parent: Silo { parent: Fleet, key: 001de000-5110-4000-8000-000000000001, lookup_type: ById(001de000-5110-4000-8000-000000000001) }, key: 001de000-4401-4000-8000-000000000000, lookup_type: ById(001de000-4401-4000-8000-000000000000) }, key: 001de000-074c-4000-8000-000000000000, lookup_type: ByName(\"oxide-services\") }, key: 001de000-074c-4000-8000-000000000001, lookup_type: ById(001de000-074c-4000-8000-000000000001) }","action":"CreateChild","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.260890745Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.260948079Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.261686958Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"attempting to create built-in VPC firewall rules","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.303794851Z","hostname":"ip-10-150-1-168","pid":22523} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.303855404Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.303899116Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.304467387Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.314684056Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.314819174Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.315802776Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.318384565Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.318496361Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.318983517Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.321475141Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Vpc { parent: Project { parent: Silo { parent: Fleet, key: 001de000-5110-4000-8000-000000000001, lookup_type: ById(001de000-5110-4000-8000-000000000001) }, key: 001de000-4401-4000-8000-000000000000, lookup_type: ById(001de000-4401-4000-8000-000000000000) }, key: 001de000-074c-4000-8000-000000000000, lookup_type: ById(001de000-074c-4000-8000-000000000000) }","action":"CreateChild","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"loading roles","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.321543985Z","hostname":"ip-10-150-1-168","pid":22523,"resource_id":"001de000-4401-4000-8000-000000000000","resource_type":"Project","actor":"Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.321596718Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.321653631Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.322264374Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"loading roles","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.323401425Z","hostname":"ip-10-150-1-168","pid":22523,"resource_id":"001de000-5110-4000-8000-000000000001","resource_type":"Silo","actor":"Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.323551203Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.323605586Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.324093112Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"loading roles","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.32499536Z","hostname":"ip-10-150-1-168","pid":22523,"resource_id":"001de000-1334-4000-8000-000000000000","resource_type":"Fleet","actor":"Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.325058574Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.325098796Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.325453685Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.326399816Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.332736216Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Vpc { parent: Project { parent: Silo { parent: Fleet, key: 001de000-5110-4000-8000-000000000001, lookup_type: ById(001de000-5110-4000-8000-000000000001) }, key: 001de000-4401-4000-8000-000000000000, lookup_type: ById(001de000-4401-4000-8000-000000000000) }, key: 001de000-074c-4000-8000-000000000000, lookup_type: ById(001de000-074c-4000-8000-000000000000) }","action":"CreateChild","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"successful lookup of siloed resource \"Vpc\" using built-in user","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.332852412Z","hostname":"ip-10-150-1-168","pid":22523} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.332903225Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Vpc { parent: Project { parent: Silo { parent: Fleet, key: 001de000-5110-4000-8000-000000000001, lookup_type: ById(001de000-5110-4000-8000-000000000001) }, key: 001de000-4401-4000-8000-000000000000, lookup_type: ById(001de000-4401-4000-8000-000000000000) }, key: 001de000-074c-4000-8000-000000000000, lookup_type: ById(001de000-074c-4000-8000-000000000000) }","action":"Read","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"loading roles","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.332933067Z","hostname":"ip-10-150-1-168","pid":22523,"resource_id":"001de000-4401-4000-8000-000000000000","resource_type":"Project","actor":"Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.332957518Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.333011321Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.333378821Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"loading roles","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.33447965Z","hostname":"ip-10-150-1-168","pid":22523,"resource_id":"001de000-5110-4000-8000-000000000001","resource_type":"Silo","actor":"Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.335570248Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.335620041Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.335677194Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"loading roles","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.33614958Z","hostname":"ip-10-150-1-168","pid":22523,"resource_id":"001de000-1334-4000-8000-000000000000","resource_type":"Fleet","actor":"Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.336202922Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.336263315Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.338635763Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.357143578Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.362683735Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Vpc { parent: Project { parent: Silo { parent: Fleet, key: 001de000-5110-4000-8000-000000000001, lookup_type: ById(001de000-5110-4000-8000-000000000001) }, key: 001de000-4401-4000-8000-000000000000, lookup_type: ById(001de000-4401-4000-8000-000000000000) }, key: 001de000-074c-4000-8000-000000000000, lookup_type: ById(001de000-074c-4000-8000-000000000000) }","action":"Read","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.362782251Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.362849544Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.363152891Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.3970144Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Vpc { parent: Project { parent: Silo { parent: Fleet, key: 001de000-5110-4000-8000-000000000001, lookup_type: ById(001de000-5110-4000-8000-000000000001) }, key: 001de000-4401-4000-8000-000000000000, lookup_type: ById(001de000-4401-4000-8000-000000000000) }, key: 001de000-074c-4000-8000-000000000000, lookup_type: ById(001de000-074c-4000-8000-000000000000) }","action":"Modify","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"loading roles","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.397092594Z","hostname":"ip-10-150-1-168","pid":22523,"resource_id":"001de000-4401-4000-8000-000000000000","resource_type":"Project","actor":"Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.397145267Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.397211761Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.398650488Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"loading roles","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.401015915Z","hostname":"ip-10-150-1-168","pid":22523,"resource_id":"001de000-5110-4000-8000-000000000001","resource_type":"Silo","actor":"Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.401935344Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.401991087Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.40203422Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"loading roles","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.417528722Z","hostname":"ip-10-150-1-168","pid":22523,"resource_id":"001de000-1334-4000-8000-000000000000","resource_type":"Fleet","actor":"Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.417624727Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.41768071Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.418311604Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.423290722Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.425651538Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Vpc { parent: Project { parent: Silo { parent: Fleet, key: 001de000-5110-4000-8000-000000000001, lookup_type: ById(001de000-5110-4000-8000-000000000001) }, key: 001de000-4401-4000-8000-000000000000, lookup_type: ById(001de000-4401-4000-8000-000000000000) }, key: 001de000-074c-4000-8000-000000000000, lookup_type: ById(001de000-074c-4000-8000-000000000000) }","action":"Modify","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.4329333Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.432984423Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.433009334Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"created built-in VPC firewall rules","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:11.452024996Z","hostname":"ip-10-150-1-168","pid":22523} {"msg":"attempting to create built-in VPC Subnets","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.4520992Z","hostname":"ip-10-150-1-168","pid":22523} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.452132012Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.452168173Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.452719443Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.480611152Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.480667415Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.481229565Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.485319155Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.485405319Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.48597696Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.487029347Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Vpc { parent: Project { parent: Silo { parent: Fleet, key: 001de000-5110-4000-8000-000000000001, lookup_type: ById(001de000-5110-4000-8000-000000000001) }, key: 001de000-4401-4000-8000-000000000000, lookup_type: ById(001de000-4401-4000-8000-000000000000) }, key: 001de000-074c-4000-8000-000000000000, lookup_type: ById(001de000-074c-4000-8000-000000000000) }","action":"CreateChild","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"loading roles","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.487420408Z","hostname":"ip-10-150-1-168","pid":22523,"resource_id":"001de000-4401-4000-8000-000000000000","resource_type":"Project","actor":"Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.48746644Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.487516273Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.487807318Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"loading roles","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.489432806Z","hostname":"ip-10-150-1-168","pid":22523,"resource_id":"001de000-5110-4000-8000-000000000001","resource_type":"Silo","actor":"Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.489501589Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.489542462Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.489574053Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"loading roles","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.490648811Z","hostname":"ip-10-150-1-168","pid":22523,"resource_id":"001de000-1334-4000-8000-000000000000","resource_type":"Fleet","actor":"Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.490789318Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.490842841Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.491472765Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.492637708Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.498679032Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Vpc { parent: Project { parent: Silo { parent: Fleet, key: 001de000-5110-4000-8000-000000000001, lookup_type: ById(001de000-5110-4000-8000-000000000001) }, key: 001de000-4401-4000-8000-000000000000, lookup_type: ById(001de000-4401-4000-8000-000000000000) }, key: 001de000-074c-4000-8000-000000000000, lookup_type: ById(001de000-074c-4000-8000-000000000000) }","action":"CreateChild","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"successful lookup of siloed resource \"Vpc\" using built-in user","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.498790598Z","hostname":"ip-10-150-1-168","pid":22523} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.499789532Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.499832894Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.499862376Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.526577732Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Vpc { parent: Project { parent: Silo { parent: Fleet, key: 001de000-5110-4000-8000-000000000001, lookup_type: ById(001de000-5110-4000-8000-000000000001) }, key: 001de000-4401-4000-8000-000000000000, lookup_type: ById(001de000-4401-4000-8000-000000000000) }, key: 001de000-074c-4000-8000-000000000000, lookup_type: ById(001de000-074c-4000-8000-000000000000) }","action":"CreateChild","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"loading roles","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.526869977Z","hostname":"ip-10-150-1-168","pid":22523,"resource_id":"001de000-4401-4000-8000-000000000000","resource_type":"Project","actor":"Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.52691468Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.526953112Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.527245177Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"loading roles","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.529018333Z","hostname":"ip-10-150-1-168","pid":22523,"resource_id":"001de000-5110-4000-8000-000000000001","resource_type":"Silo","actor":"Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.529184232Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.529255685Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.530043358Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"loading roles","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.530917675Z","hostname":"ip-10-150-1-168","pid":22523,"resource_id":"001de000-1334-4000-8000-000000000000","resource_type":"Fleet","actor":"Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.530970928Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.53101434Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.531439623Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.532342501Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.537989685Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Vpc { parent: Project { parent: Silo { parent: Fleet, key: 001de000-5110-4000-8000-000000000001, lookup_type: ById(001de000-5110-4000-8000-000000000001) }, key: 001de000-4401-4000-8000-000000000000, lookup_type: ById(001de000-4401-4000-8000-000000000000) }, key: 001de000-074c-4000-8000-000000000000, lookup_type: ById(001de000-074c-4000-8000-000000000000) }","action":"CreateChild","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.54700866Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.547068153Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.547632413Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.548701461Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Vpc { parent: Project { parent: Silo { parent: Fleet, key: 001de000-5110-4000-8000-000000000001, lookup_type: ById(001de000-5110-4000-8000-000000000001) }, key: 001de000-4401-4000-8000-000000000000, lookup_type: ById(001de000-4401-4000-8000-000000000000) }, key: 001de000-074c-4000-8000-000000000000, lookup_type: ById(001de000-074c-4000-8000-000000000000) }","action":"CreateChild","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"loading roles","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.549109412Z","hostname":"ip-10-150-1-168","pid":22523,"resource_id":"001de000-4401-4000-8000-000000000000","resource_type":"Project","actor":"Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.549164015Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.549208218Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.549416089Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"loading roles","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.557796839Z","hostname":"ip-10-150-1-168","pid":22523,"resource_id":"001de000-5110-4000-8000-000000000001","resource_type":"Silo","actor":"Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.557860833Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.557904145Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.558361249Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"loading roles","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.559479669Z","hostname":"ip-10-150-1-168","pid":22523,"resource_id":"001de000-1334-4000-8000-000000000000","resource_type":"Fleet","actor":"Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.559530612Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.559592016Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.559932354Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.560828292Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.567879711Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Vpc { parent: Project { parent: Silo { parent: Fleet, key: 001de000-5110-4000-8000-000000000001, lookup_type: ById(001de000-5110-4000-8000-000000000001) }, key: 001de000-4401-4000-8000-000000000000, lookup_type: ById(001de000-4401-4000-8000-000000000000) }, key: 001de000-074c-4000-8000-000000000000, lookup_type: ById(001de000-074c-4000-8000-000000000000) }","action":"CreateChild","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.57513158Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.577740741Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.577804014Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.577858367Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Vpc { parent: Project { parent: Silo { parent: Fleet, key: 001de000-5110-4000-8000-000000000001, lookup_type: ById(001de000-5110-4000-8000-000000000001) }, key: 001de000-4401-4000-8000-000000000000, lookup_type: ById(001de000-4401-4000-8000-000000000000) }, key: 001de000-074c-4000-8000-000000000000, lookup_type: ById(001de000-074c-4000-8000-000000000000) }","action":"CreateChild","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"loading roles","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.577983434Z","hostname":"ip-10-150-1-168","pid":22523,"resource_id":"001de000-4401-4000-8000-000000000000","resource_type":"Project","actor":"Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.57885955Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.578909843Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.578950506Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"loading roles","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.582973562Z","hostname":"ip-10-150-1-168","pid":22523,"resource_id":"001de000-5110-4000-8000-000000000001","resource_type":"Silo","actor":"Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.583037985Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.583083697Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.584212138Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"loading roles","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.585244234Z","hostname":"ip-10-150-1-168","pid":22523,"resource_id":"001de000-1334-4000-8000-000000000000","resource_type":"Fleet","actor":"Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.585980144Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.586033436Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.586076979Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.587041781Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.592147375Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Vpc { parent: Project { parent: Silo { parent: Fleet, key: 001de000-5110-4000-8000-000000000001, lookup_type: ById(001de000-5110-4000-8000-000000000001) }, key: 001de000-4401-4000-8000-000000000000, lookup_type: ById(001de000-4401-4000-8000-000000000000) }, key: 001de000-074c-4000-8000-000000000000, lookup_type: ById(001de000-074c-4000-8000-000000000000) }","action":"CreateChild","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"created built-in services vpc subnets","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:11.600348436Z","hostname":"ip-10-150-1-168","pid":22523} {"msg":"created built-in services vpc","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:11.600512184Z","hostname":"ip-10-150-1-168","pid":22523} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.600571517Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Modify","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.60061557Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.602602526Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Modify","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"attempting to create silo users","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.60265899Z","hostname":"ip-10-150-1-168","pid":22523} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.602700432Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.602752655Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.603066591Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"created 2 silo users","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:11.618022705Z","hostname":"ip-10-150-1-168","pid":22523} {"msg":"attempting to create silo user role assignments","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.618167283Z","hostname":"ip-10-150-1-168","pid":22523} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.618215115Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.618287549Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.618835849Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"created 2 silo user role assignments","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:11.635588559Z","hostname":"ip-10-150-1-168","pid":22523} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.635666943Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.635713826Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.636305288Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.642653318Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.642705551Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.643273482Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.664912605Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"IpPoolList","action":"CreateChild","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"loading roles","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.66501767Z","hostname":"ip-10-150-1-168","pid":22523,"resource_id":"001de000-1334-4000-8000-000000000000","resource_type":"Fleet","actor":"Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.665055982Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.665086144Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.665855115Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.676421073Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.679452096Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"IpPoolList","action":"CreateChild","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.679770113Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.679815365Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.680337483Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.696943615Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"IpPoolList","action":"CreateChild","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"loading roles","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.697072812Z","hostname":"ip-10-150-1-168","pid":22523,"resource_id":"001de000-1334-4000-8000-000000000000","resource_type":"Fleet","actor":"Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.697130296Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.697167207Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.697606391Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.70856674Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.710104763Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"IpPoolList","action":"CreateChild","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.710162436Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.710203258Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.710571298Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. })"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:11.777100853Z","hostname":"ip-10-150-1-168","pid":22523,"class":"Action"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:11.777167666Z","hostname":"ip-10-150-1-168","pid":22523,"class":"AnyActor"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:11.777277422Z","hostname":"ip-10-150-1-168","pid":22523,"class":"AuthenticatedActor"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:11.777319794Z","hostname":"ip-10-150-1-168","pid":22523,"class":"BlueprintConfig"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:11.777354366Z","hostname":"ip-10-150-1-168","pid":22523,"class":"Database"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:11.777387478Z","hostname":"ip-10-150-1-168","pid":22523,"class":"DnsConfig"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:11.77742015Z","hostname":"ip-10-150-1-168","pid":22523,"class":"Fleet"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:11.777451531Z","hostname":"ip-10-150-1-168","pid":22523,"class":"Inventory"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:11.777483413Z","hostname":"ip-10-150-1-168","pid":22523,"class":"IpPoolList"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:11.777538446Z","hostname":"ip-10-150-1-168","pid":22523,"class":"ConsoleSessionList"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:11.777571558Z","hostname":"ip-10-150-1-168","pid":22523,"class":"DeviceAuthRequestList"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:11.777604009Z","hostname":"ip-10-150-1-168","pid":22523,"class":"SiloCertificateList"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:11.777650472Z","hostname":"ip-10-150-1-168","pid":22523,"class":"SiloIdentityProviderList"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:11.777686444Z","hostname":"ip-10-150-1-168","pid":22523,"class":"SiloUserList"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:11.777718666Z","hostname":"ip-10-150-1-168","pid":22523,"class":"Project"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:11.777750187Z","hostname":"ip-10-150-1-168","pid":22523,"class":"Disk"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:11.783301546Z","hostname":"ip-10-150-1-168","pid":22523,"class":"Snapshot"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:11.783407911Z","hostname":"ip-10-150-1-168","pid":22523,"class":"ProjectImage"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:11.783456814Z","hostname":"ip-10-150-1-168","pid":22523,"class":"Instance"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:11.783495816Z","hostname":"ip-10-150-1-168","pid":22523,"class":"IpPool"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:11.783533868Z","hostname":"ip-10-150-1-168","pid":22523,"class":"InstanceNetworkInterface"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:11.78357279Z","hostname":"ip-10-150-1-168","pid":22523,"class":"Vpc"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:11.783619533Z","hostname":"ip-10-150-1-168","pid":22523,"class":"VpcRouter"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:11.783655285Z","hostname":"ip-10-150-1-168","pid":22523,"class":"RouterRoute"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:11.783687396Z","hostname":"ip-10-150-1-168","pid":22523,"class":"VpcSubnet"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:11.783717868Z","hostname":"ip-10-150-1-168","pid":22523,"class":"FloatingIp"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:11.78374801Z","hostname":"ip-10-150-1-168","pid":22523,"class":"Image"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:11.783778661Z","hostname":"ip-10-150-1-168","pid":22523,"class":"SiloImage"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:11.783807303Z","hostname":"ip-10-150-1-168","pid":22523,"class":"AddressLot"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:11.783838195Z","hostname":"ip-10-150-1-168","pid":22523,"class":"Blueprint"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:11.783868626Z","hostname":"ip-10-150-1-168","pid":22523,"class":"LoopbackAddress"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:11.783898368Z","hostname":"ip-10-150-1-168","pid":22523,"class":"Certificate"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:11.783931949Z","hostname":"ip-10-150-1-168","pid":22523,"class":"ConsoleSession"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:11.783970351Z","hostname":"ip-10-150-1-168","pid":22523,"class":"DeviceAuthRequest"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:11.784007853Z","hostname":"ip-10-150-1-168","pid":22523,"class":"DeviceAccessToken"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:11.784042975Z","hostname":"ip-10-150-1-168","pid":22523,"class":"PhysicalDisk"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:11.784073897Z","hostname":"ip-10-150-1-168","pid":22523,"class":"Rack"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:11.784108079Z","hostname":"ip-10-150-1-168","pid":22523,"class":"RoleBuiltin"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:11.784142521Z","hostname":"ip-10-150-1-168","pid":22523,"class":"SshKey"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:11.784179313Z","hostname":"ip-10-150-1-168","pid":22523,"class":"Silo"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:11.784218855Z","hostname":"ip-10-150-1-168","pid":22523,"class":"SiloUser"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:11.784259977Z","hostname":"ip-10-150-1-168","pid":22523,"class":"SiloGroup"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:11.784302929Z","hostname":"ip-10-150-1-168","pid":22523,"class":"IdentityProvider"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:11.784346772Z","hostname":"ip-10-150-1-168","pid":22523,"class":"SamlIdentityProvider"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:11.784397894Z","hostname":"ip-10-150-1-168","pid":22523,"class":"Sled"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:11.784435397Z","hostname":"ip-10-150-1-168","pid":22523,"class":"TufRepo"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:11.784467098Z","hostname":"ip-10-150-1-168","pid":22523,"class":"TufArtifact"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:11.78449867Z","hostname":"ip-10-150-1-168","pid":22523,"class":"Zpool"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:11.784529852Z","hostname":"ip-10-150-1-168","pid":22523,"class":"Service"} {"msg":"registering Oso class","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:11.784560493Z","hostname":"ip-10-150-1-168","pid":22523,"class":"UserBuiltin"} {"msg":"full Oso configuration","v":0,"name":"test_insert_request_exact_ip","level":30,"time":"2024-02-14T20:43:11.784595895Z","hostname":"ip-10-150-1-168","pid":22523,"config":"#\n# Oso configuration for Omicron\n# This file is augmented by generated snippets.\n#\n\n#\n# ACTOR TYPES AND BASIC RULES\n#\n\n# `AnyActor` includes both authenticated and unauthenticated users.\nactor AnyActor {}\n\n# An `AuthenticatedActor` has an identity in the system. All of our operations\n# today require that an actor be authenticated.\nactor AuthenticatedActor {}\n\n# For any resource, `actor` can perform action `action` on it if they're\n# authenticated and their role(s) give them the corresponding permission on that\n# resource.\nallow(actor: AnyActor, action: Action, resource) if\n actor.authenticated and\n has_permission(actor.authn_actor.unwrap(), action.to_perm(), resource);\n\n# Define role relationships\nhas_role(actor: AuthenticatedActor, role: String, resource: Resource)\n\tif resource.has_role(actor, role);\n\n#\n# ROLES AND PERMISSIONS IN THE FLEET/SILO/PROJECT HIERARCHY\n#\n# We define the following permissions for most resources in the system:\n#\n# - \"create_child\": required to create child resources (of any type)\n#\n# - \"list_children\": required to list child resources (of all types) of a\n# resource\n#\n# - \"modify\": required to modify or delete a resource\n#\n# - \"read\": required to read a resource\n#\n# We define the following predefined roles for only a few high-level resources:\n# the Fleet (see below), Silo, Organization, and Project. The specific roles\n# are oriented around intended use-cases:\n#\n# - \"admin\": has all permissions on the resource\n#\n# - \"collaborator\": has \"read\", \"list_children\", and \"create_child\", plus\n# the \"admin\" role for child resources. The idea is that if you're an\n# Organization Collaborator, you have full control over the Projects within\n# the Organization, but you cannot modify or delete the Organization itself.\n#\n# - \"viewer\": has \"read\" and \"list_children\" on a resource\n#\n# Below the Project level, permissions are granted via roles at the Project\n# level. For example, for someone to be able to create, modify, or delete any\n# Instances, they must be granted project.collaborator, which means they can\n# create, modify, or delete _all_ resources in the Project.\n#\n# The complete set of predefined roles:\n#\n# - fleet.admin (superuser for the whole system)\n# - fleet.collaborator (can manage Silos)\n# - fleet.viewer (can read most non-siloed resources in the system)\n# - silo.admin (superuser for the silo)\n# - silo.collaborator (can create and own Organizations)\n# - silo.viewer (can read most resources within the Silo)\n# - organization.admin (complete control over an organization)\n# - organization.collaborator (can manage Projects)\n# - organization.viewer (can read most resources within the Organization)\n# - project.admin (complete control over a Project)\n# - project.collaborator (can manage all resources within the Project)\n# - project.viewer (can read most resources within the Project)\n#\n# Outside the Silo/Organization/Project hierarchy, we (currently) treat most\n# resources as nested under Fleet or else a synthetic resource (see below). We\n# do not yet support role assignments on anything other than Fleet, Silo,\n# Organization, or Project.\n#\n\n# \"Fleet\" is a global singleton representing the whole system. The name comes\n# from the idea described in RFD 24, but it's not quite right. This probably\n# should be more like \"Region\" or \"AvailabilityZone\". The precise boundaries\n# have not yet been figured out.\nresource Fleet {\n\tpermissions = [\n\t \"list_children\",\n\t \"modify\",\n\t \"read\",\n\t \"create_child\",\n\t];\n\n\troles = [\n\t # Roles that can be attached by users\n\t \"admin\",\n\t \"collaborator\",\n\t \"viewer\",\n\n\t # Internal-only roles\n\t \"external-authenticator\"\n\t];\n\n\t# Roles implied by other roles on this resource\n\t\"viewer\" if \"collaborator\";\n\t\"collaborator\" if \"admin\";\n\n\t# Permissions granted directly by roles on this resource\n\t\"list_children\" if \"viewer\";\n\t\"read\" if \"viewer\";\n\t\"create_child\" if \"collaborator\";\n\t\"modify\" if \"admin\";\n}\n\n# For fleets specifically, roles can be conferred by roles on the user's Silo.\nhas_role(actor: AuthenticatedActor, role: String, _: Fleet) if\n\tsilo_role in actor.confers_fleet_role(role) and\n\thas_role(actor, silo_role, actor.silo.unwrap());\n\nresource Silo {\n\tpermissions = [\n\t \"list_children\",\n\t \"modify\",\n\t \"read\",\n\t \"create_child\",\n\t];\n\troles = [ \"admin\", \"collaborator\", \"viewer\" ];\n\n\t# Roles implied by other roles on this resource\n\t\"viewer\" if \"collaborator\";\n\t\"collaborator\" if \"admin\";\n\n\t# Permissions granted directly by roles on this resource\n\t\"list_children\" if \"viewer\";\n\t\"read\" if \"viewer\";\n\n\t\"create_child\" if \"collaborator\";\n\t\"modify\" if \"admin\";\n\n\t# Permissions implied by roles on this resource's parent (Fleet). Fleet\n\t# privileges allow a user to see and potentially administer the Silo,\n\t# but they do not give anyone permission to look at anything inside the\n\t# Silo. To achieve this, we use permission rules here. (If we granted\n\t# Fleet administrators _roles_ on the Silo, then those would cascade\n\t# into the Silo as well.)\n\trelations = { parent_fleet: Fleet };\n\t\"read\" if \"viewer\" on \"parent_fleet\";\n\t\"modify\" if \"collaborator\" on \"parent_fleet\";\n\n\t# external authenticator has to create silo users\n\t\"list_children\" if \"external-authenticator\" on \"parent_fleet\";\n\t\"create_child\" if \"external-authenticator\" on \"parent_fleet\";\n}\n\nhas_relation(fleet: Fleet, \"parent_fleet\", silo: Silo)\n\tif silo.fleet = fleet;\n\n# As a special case, all authenticated users can read their own Silo. That's\n# not quite the same as having the \"viewer\" role. For example, they cannot list\n# Organizations in the Silo.\n#\n# One reason this is necessary is because if an unprivileged user tries to\n# create an Organization using \"POST /organizations\", they should get back a 403\n# (which implies they're able to see /organizations, which is essentially seeing\n# the Silo itself) rather than a 404. This behavior isn't a hard constraint\n# (i.e., you could reasonably get a 404 for an API you're not allowed to call).\n# Nor is the implementation (i.e., we could special-case this endpoint somehow).\n# But granting this permission is the simplest way to keep this endpoint's\n# behavior consistent with the rest of the API.\n#\n# This rule is also used to determine if a user can list the identity providers\n# in the Silo (which they should be able to), since that's predicated on being\n# able to read the Silo.\n#\n# It's unclear what else would break if users couldn't see their own Silo.\nhas_permission(actor: AuthenticatedActor, \"read\", silo: Silo)\n\tif silo in actor.silo;\n\nresource Project {\n\tpermissions = [\n\t \"list_children\",\n\t \"modify\",\n\t \"read\",\n\t \"create_child\",\n\t];\n\troles = [ \"admin\", \"collaborator\", \"viewer\" ];\n\n\t# Roles implied by other roles on this resource\n\t\"viewer\" if \"collaborator\";\n\t\"collaborator\" if \"admin\";\n\n\t# Permissions granted directly by roles on this resource\n\t\"list_children\" if \"viewer\";\n\t\"read\" if \"viewer\";\n\t\"create_child\" if \"collaborator\";\n\t\"modify\" if \"admin\";\n\n\t# Roles implied by roles on this resource's parent (Silo)\n\trelations = { parent_silo: Silo };\n\t\"admin\" if \"collaborator\" on \"parent_silo\";\n\t\"viewer\" if \"viewer\" on \"parent_silo\";\n}\nhas_relation(silo: Silo, \"parent_silo\", project: Project)\n\tif project.silo = silo;\n\n#\n# GENERAL RESOURCES OUTSIDE THE SILO/PROJECT HIERARCHY\n#\n# Many resources use snippets of Polar generated by the `authz_resource!` Rust\n# macro. Some resources require custom Polar code. Those appear here.\n#\n\nresource Certificate {\n\tpermissions = [ \"read\", \"modify\" ];\n\trelations = { parent_silo: Silo, parent_fleet: Fleet };\n\n\t# Fleet-level and silo-level roles both grant privileges on certificates.\n\t\"read\" if \"admin\" on \"parent_silo\";\n\t\"modify\" if \"admin\" on \"parent_silo\";\n\t\"read\" if \"admin\" on \"parent_fleet\";\n\t\"modify\" if \"admin\" on \"parent_fleet\";\n}\nhas_relation(silo: Silo, \"parent_silo\", certificate: Certificate)\n\tif certificate.silo = silo;\nhas_relation(fleet: Fleet, \"parent_fleet\", certificate: Certificate)\n\tif certificate.silo.fleet = fleet;\n\nresource SiloUser {\n\tpermissions = [\n\t \"list_children\",\n\t \"modify\",\n\t \"read\",\n\t \"create_child\",\n\t];\n\n\t# Fleet and Silo administrators can manage a Silo's users. This is one\n\t# of the only areas of Silo configuration that Fleet Administrators have\n\t# permissions on.\n\trelations = { parent_silo: Silo, parent_fleet: Fleet };\n\t\"list_children\" if \"read\" on \"parent_silo\";\n\t\"read\" if \"read\" on \"parent_silo\";\n\t\"modify\" if \"admin\" on \"parent_silo\";\n\t\"create_child\" if \"admin\" on \"parent_silo\";\n\t\"list_children\" if \"read\" on \"parent_fleet\";\n\t\"read\" if \"read\" on \"parent_fleet\";\n\t\"modify\" if \"admin\" on \"parent_fleet\";\n\t\"create_child\" if \"admin\" on \"parent_fleet\";\n}\nhas_relation(silo: Silo, \"parent_silo\", user: SiloUser)\n\tif user.silo = silo;\nhas_relation(fleet: Fleet, \"parent_fleet\", user: SiloUser)\n\tif user.silo.fleet = fleet;\n\n# authenticated actors have all permissions on themselves\nhas_permission(actor: AuthenticatedActor, _perm: String, silo_user: SiloUser)\n if actor.equals_silo_user(silo_user);\n\nhas_permission(actor: AuthenticatedActor, \"read\", silo_user: SiloUser)\n if silo_user.silo in actor.silo;\n\nresource SiloGroup {\n\tpermissions = [\n\t \"list_children\",\n\t \"modify\",\n\t \"read\",\n\t \"create_child\",\n\t];\n\n\trelations = { parent_silo: Silo };\n\t\"list_children\" if \"read\" on \"parent_silo\";\n\t\"read\" if \"read\" on \"parent_silo\";\n\t\"modify\" if \"admin\" on \"parent_silo\";\n\t\"create_child\" if \"admin\" on \"parent_silo\";\n}\nhas_relation(silo: Silo, \"parent_silo\", group: SiloGroup)\n\tif group.silo = silo;\n\nresource SshKey {\n\tpermissions = [ \"read\", \"modify\" ];\n\trelations = { silo_user: SiloUser };\n\n\t\"read\" if \"read\" on \"silo_user\";\n\t\"modify\" if \"modify\" on \"silo_user\";\n}\nhas_relation(user: SiloUser, \"silo_user\", ssh_key: SshKey)\n\tif ssh_key.silo_user = user;\n\nresource IdentityProvider {\n\tpermissions = [\n\t \"read\",\n\t \"modify\",\n\t \"create_child\",\n\t \"list_children\",\n\t];\n\trelations = { parent_silo: Silo, parent_fleet: Fleet };\n\n\t# Silo-level roles grant privileges on identity providers.\n\t\"read\" if \"viewer\" on \"parent_silo\";\n\t\"list_children\" if \"viewer\" on \"parent_silo\";\n\t\"modify\" if \"admin\" on \"parent_silo\";\n\t\"create_child\" if \"admin\" on \"parent_silo\";\n\n\t# Fleet-level roles also grant privileges on identity providers.\n\t\"read\" if \"viewer\" on \"parent_fleet\";\n\t\"list_children\" if \"viewer\" on \"parent_fleet\";\n\t\"modify\" if \"admin\" on \"parent_fleet\";\n\t\"create_child\" if \"admin\" on \"parent_fleet\";\n}\nhas_relation(silo: Silo, \"parent_silo\", identity_provider: IdentityProvider)\n\tif identity_provider.silo = silo;\nhas_relation(fleet: Fleet, \"parent_fleet\", collection: IdentityProvider)\n\tif collection.silo.fleet = fleet;\n\nresource SamlIdentityProvider {\n\tpermissions = [\n\t \"read\",\n\t \"modify\",\n\t \"create_child\",\n\t \"list_children\",\n\t];\n\trelations = { parent_silo: Silo, parent_fleet: Fleet };\n\n\t# Silo-level roles grant privileges on identity providers.\n\t\"read\" if \"viewer\" on \"parent_silo\";\n\t\"list_children\" if \"viewer\" on \"parent_silo\";\n\t\"modify\" if \"admin\" on \"parent_silo\";\n\t\"create_child\" if \"admin\" on \"parent_silo\";\n\n\t# Fleet-level roles also grant privileges on identity providers.\n\t\"read\" if \"viewer\" on \"parent_fleet\";\n\t\"list_children\" if \"viewer\" on \"parent_fleet\";\n\t\"modify\" if \"admin\" on \"parent_fleet\";\n\t\"create_child\" if \"admin\" on \"parent_fleet\";\n}\nhas_relation(silo: Silo, \"parent_silo\", saml_identity_provider: SamlIdentityProvider)\n\tif saml_identity_provider.silo = silo;\nhas_relation(fleet: Fleet, \"parent_fleet\", collection: SamlIdentityProvider)\n\tif collection.silo.fleet = fleet;\n\n#\n# SYNTHETIC RESOURCES OUTSIDE THE SILO HIERARCHY\n#\n# The resources here do not correspond to anything that appears explicitly in\n# the API or is stored in the database. These are used either at the top level\n# of the API path (e.g., \"/v1/system/ip-pools\") or as an implementation detail of the system\n# (in the case of console sessions and \"Database\"). The policies are\n# either statically-defined in this file or driven by role assignments on the\n# Fleet. None of these resources defines their own roles.\n#\n\n# Describes the policy for reading and modifying DNS configuration\n# (both internal and external)\nresource DnsConfig {\n\tpermissions = [ \"read\", \"modify\" ];\n\trelations = { parent_fleet: Fleet };\n\t# \"external-authenticator\" requires these permissions because that's the\n\t# context that Nexus uses when creating and deleting Silos. These\n\t# operations necessarily need to read and modify DNS configuration.\n\t\"read\" if \"external-authenticator\" on \"parent_fleet\";\n\t\"modify\" if \"external-authenticator\" on \"parent_fleet\";\n\t# \"admin\" on the parent fleet also gets these permissions, primarily for\n\t# the test suite.\n\t\"read\" if \"admin\" on \"parent_fleet\";\n\t\"modify\" if \"admin\" on \"parent_fleet\";\n}\nhas_relation(fleet: Fleet, \"parent_fleet\", dns_config: DnsConfig)\n\tif dns_config.fleet = fleet;\n\n# Describes the policy for accessing blueprints\nresource BlueprintConfig {\n\tpermissions = [\n\t \"list_children\", # list blueprints\n\t \"create_child\", # create blueprint\n\t \"read\", # read the current target\n\t \"modify\", # change the current target\n\t];\n\n\trelations = { parent_fleet: Fleet };\n\t\"create_child\" if \"admin\" on \"parent_fleet\";\n\t\"modify\" if \"admin\" on \"parent_fleet\";\n\t\"list_children\" if \"viewer\" on \"parent_fleet\";\n\t\"read\" if \"viewer\" on \"parent_fleet\";\n}\nhas_relation(fleet: Fleet, \"parent_fleet\", list: BlueprintConfig)\n\tif list.fleet = fleet;\n\n# Describes the policy for reading and modifying low-level inventory\nresource Inventory {\n\tpermissions = [ \"read\", \"modify\" ];\n\trelations = { parent_fleet: Fleet };\n\t\"read\" if \"viewer\" on \"parent_fleet\";\n\t\"modify\" if \"admin\" on \"parent_fleet\";\n}\nhas_relation(fleet: Fleet, \"parent_fleet\", inventory: Inventory)\n\tif inventory.fleet = fleet;\n\n# Describes the policy for accessing \"/v1/system/ip-pools\" in the API\nresource IpPoolList {\n\tpermissions = [\n\t \"list_children\",\n\t \"modify\",\n\t \"create_child\",\n\t];\n\n\t# Fleet Administrators can create or modify the IP Pools list.\n\trelations = { parent_fleet: Fleet };\n\t\"modify\" if \"admin\" on \"parent_fleet\";\n\t\"create_child\" if \"admin\" on \"parent_fleet\";\n\n\t# Fleet Viewers can list IP Pools\n\t\"list_children\" if \"viewer\" on \"parent_fleet\";\n}\nhas_relation(fleet: Fleet, \"parent_fleet\", ip_pool_list: IpPoolList)\n\tif ip_pool_list.fleet = fleet;\n\n# Any authenticated user can create a child of a provided IP Pool.\n# This is necessary to use the pools when provisioning instances.\nhas_permission(actor: AuthenticatedActor, \"create_child\", ip_pool: IpPool)\n\tif silo in actor.silo and silo.fleet = ip_pool.fleet;\n\n# Describes the policy for creating and managing web console sessions.\nresource ConsoleSessionList {\n\tpermissions = [ \"create_child\" ];\n\trelations = { parent_fleet: Fleet };\n\t\"create_child\" if \"external-authenticator\" on \"parent_fleet\";\n}\nhas_relation(fleet: Fleet, \"parent_fleet\", collection: ConsoleSessionList)\n\tif collection.fleet = fleet;\n\n# Describes the policy for creating and managing device authorization requests.\nresource DeviceAuthRequestList {\n\tpermissions = [ \"create_child\" ];\n\trelations = { parent_fleet: Fleet };\n\t\"create_child\" if \"external-authenticator\" on \"parent_fleet\";\n}\nhas_relation(fleet: Fleet, \"parent_fleet\", collection: DeviceAuthRequestList)\n\tif collection.fleet = fleet;\n\n# Describes the policy for creating and managing Silo certificates\nresource SiloCertificateList {\n\tpermissions = [ \"list_children\", \"create_child\" ];\n\n\trelations = { parent_silo: Silo, parent_fleet: Fleet };\n\n\t# Both Fleet and Silo administrators can see and modify the Silo's\n\t# certificates.\n\t\"list_children\" if \"admin\" on \"parent_silo\";\n\t\"list_children\" if \"admin\" on \"parent_fleet\";\n\t\"create_child\" if \"admin\" on \"parent_silo\";\n\t\"create_child\" if \"admin\" on \"parent_fleet\";\n}\nhas_relation(silo: Silo, \"parent_silo\", collection: SiloCertificateList)\n\tif collection.silo = silo;\nhas_relation(fleet: Fleet, \"parent_fleet\", collection: SiloCertificateList)\n\tif collection.silo.fleet = fleet;\n\n# Describes the policy for creating and managing Silo identity providers\nresource SiloIdentityProviderList {\n\tpermissions = [ \"list_children\", \"create_child\" ];\n\n\trelations = { parent_silo: Silo, parent_fleet: Fleet };\n\n\t# Everyone who can read the Silo (which includes all the users in the\n\t# Silo) can see the identity providers in it.\n\t\"list_children\" if \"read\" on \"parent_silo\";\n\n\t# Fleet and Silo administrators can manage the Silo's identity provider\n\t# configuration. This is one of the only areas of Silo configuration\n\t# that Fleet Administrators have permissions on. This is also one of\n\t# the only cases where we need to look two levels up the hierarchy to\n\t# see if somebody has the right permission. For most other things,\n\t# permissions cascade down the hierarchy so we only need to look at the\n\t# parent.\n\t\"create_child\" if \"admin\" on \"parent_silo\";\n\t\"create_child\" if \"admin\" on \"parent_fleet\";\n}\nhas_relation(silo: Silo, \"parent_silo\", collection: SiloIdentityProviderList)\n\tif collection.silo = silo;\nhas_relation(fleet: Fleet, \"parent_fleet\", collection: SiloIdentityProviderList)\n\tif collection.silo.fleet = fleet;\n\n# Describes the policy for creating and managing Silo users (mostly intended for\n# API-managed users)\nresource SiloUserList {\n\tpermissions = [ \"list_children\", \"create_child\" ];\n\n\trelations = { parent_silo: Silo, parent_fleet: Fleet };\n\n\t# Everyone who can read the Silo (which includes all the users in the\n\t# Silo) can see the users in it.\n\t\"list_children\" if \"read\" on \"parent_silo\";\n\n\t# Fleet and Silo administrators can manage the Silo's users. This is\n\t# one of the only areas of Silo configuration that Fleet Administrators\n\t# have permissions on. This is also one of the few cases (so far) where\n\t# we need to look two levels up the hierarchy to see if somebody has the\n\t# right permission. For most other things, permissions cascade down the\n\t# hierarchy so we only need to look at the parent.\n\t\"create_child\" if \"admin\" on \"parent_silo\";\n\t\"list_children\" if \"admin\" on \"parent_fleet\";\n\t\"create_child\" if \"admin\" on \"parent_fleet\";\n}\nhas_relation(silo: Silo, \"parent_silo\", collection: SiloUserList)\n\tif collection.silo = silo;\nhas_relation(fleet: Fleet, \"parent_fleet\", collection: SiloUserList)\n\tif collection.silo.fleet = fleet;\n\n# These rules grants the external authenticator role the permissions it needs to\n# read silo users and modify their sessions. This is necessary for login to\n# work.\nhas_permission(actor: AuthenticatedActor, \"read\", silo: Silo)\n\tif has_role(actor, \"external-authenticator\", silo.fleet);\nhas_permission(actor: AuthenticatedActor, \"read\", user: SiloUser)\n\tif has_role(actor, \"external-authenticator\", user.silo.fleet);\nhas_permission(actor: AuthenticatedActor, \"modify\", user: SiloUser)\n\tif has_role(actor, \"external-authenticator\", user.silo.fleet);\nhas_permission(actor: AuthenticatedActor, \"read\", group: SiloGroup)\n\tif has_role(actor, \"external-authenticator\", group.silo.fleet);\nhas_permission(actor: AuthenticatedActor, \"modify\", group: SiloGroup)\n\tif has_role(actor, \"external-authenticator\", group.silo.fleet);\n\nhas_permission(actor: AuthenticatedActor, \"read\", session: ConsoleSession)\n\tif has_role(actor, \"external-authenticator\", session.fleet);\nhas_permission(actor: AuthenticatedActor, \"modify\", session: ConsoleSession)\n\tif has_role(actor, \"external-authenticator\", session.fleet);\n\n# All authenticated users can read and delete device authn requests because\n# by necessity these operations happen before we've figured out what user (or\n# even Silo) the device auth is associated with. Any user can claim a device\n# auth request with the right user code (that's how it works) -- it's the user\n# code and associated logic that prevents unauthorized access here.\nhas_permission(_actor: AuthenticatedActor, \"read\", _device_auth: DeviceAuthRequest);\nhas_permission(_actor: AuthenticatedActor, \"modify\", _device_auth: DeviceAuthRequest);\n\nhas_permission(actor: AuthenticatedActor, \"read\", device_token: DeviceAccessToken)\n\tif has_role(actor, \"external-authenticator\", device_token.fleet);\n\nhas_permission(actor: AuthenticatedActor, \"read\", identity_provider: IdentityProvider)\n\tif has_role(actor, \"external-authenticator\", identity_provider.silo.fleet);\n\nhas_permission(actor: AuthenticatedActor, \"read\", saml_identity_provider: SamlIdentityProvider)\n\tif has_role(actor, \"external-authenticator\", saml_identity_provider.silo.fleet);\n\n# Describes the policy for who can access the internal database.\nresource Database {\n\tpermissions = [\n\t # \"query\" is required to perform any query against the database,\n\t # whether a read or write query. This is checked when an operation\n\t # checks out a database connection from the connection pool.\n\t #\n\t # Any authenticated user gets this permission. There's generally\n\t # some other authz check involved in the database query. For\n\t # example, if you're querying the database to \"read\" a \"Project\", we\n\t # should also be checking that. So why do we do this at all? It's\n\t # a belt-and-suspenders measure so that if we somehow introduced an\n\t # unauthenticated code path that hits the database, it cannot be\n\t # used to DoS the database because we won't allow the operation to\n\t # make the query. (As long as the code path _is_ authenticated, we\n\t # can use throttling mechanisms to prevent DoS.)\n\t \"query\",\n\n\t # \"modify\" is required to populate database data that's delivered\n\t # with the system. It should also be required for schema changes,\n\t # when we support those. This is separate from \"query\" so that we\n\t # cannot accidentally invoke these code paths from API calls and\n\t # other general functions.\n\t \"modify\"\n\t];\n}\n\n# All authenticated users have the \"query\" permission on the database.\nhas_permission(_actor: AuthenticatedActor, \"query\", _resource: Database);\n\n# The \"db-init\" user is the only one with the \"modify\" permission.\nhas_permission(USER_DB_INIT: AuthenticatedActor, \"modify\", _resource: Database);\nhas_permission(USER_DB_INIT: AuthenticatedActor, \"create_child\", _resource: IpPoolList);\n# It also has \"admin\" on the internal silo to populate it with built-in resources.\n# TODO-completeness: actually limit to just internal silo and not all silos\nhas_role(USER_DB_INIT: AuthenticatedActor, \"admin\", _silo: Silo);\n\n# Allow the internal API admin permissions on all silos.\nhas_role(USER_INTERNAL_API: AuthenticatedActor, \"admin\", _silo: Silo);\n\n\n\n resource Disk {\n permissions = [\n \"list_children\",\n \"modify\",\n \"read\",\n \"create_child\",\n ];\n\n relations = { containing_project: Project };\n \"list_children\" if \"viewer\" on \"containing_project\";\n \"read\" if \"viewer\" on \"containing_project\";\n \"modify\" if \"collaborator\" on \"containing_project\";\n \"create_child\" if \"collaborator\" on \"containing_project\";\n }\n\n has_relation(parent: Project, \"containing_project\", child: Disk)\n if child.project = parent;\n \n\n resource Snapshot {\n permissions = [\n \"list_children\",\n \"modify\",\n \"read\",\n \"create_child\",\n ];\n\n relations = { containing_project: Project };\n \"list_children\" if \"viewer\" on \"containing_project\";\n \"read\" if \"viewer\" on \"containing_project\";\n \"modify\" if \"collaborator\" on \"containing_project\";\n \"create_child\" if \"collaborator\" on \"containing_project\";\n }\n\n has_relation(parent: Project, \"containing_project\", child: Snapshot)\n if child.project = parent;\n \n\n resource ProjectImage {\n permissions = [\n \"list_children\",\n \"modify\",\n \"read\",\n \"create_child\",\n ];\n\n relations = { containing_project: Project };\n \"list_children\" if \"viewer\" on \"containing_project\";\n \"read\" if \"viewer\" on \"containing_project\";\n \"modify\" if \"collaborator\" on \"containing_project\";\n \"create_child\" if \"collaborator\" on \"containing_project\";\n }\n\n has_relation(parent: Project, \"containing_project\", child: ProjectImage)\n if child.project = parent;\n \n\n resource Instance {\n permissions = [\n \"list_children\",\n \"modify\",\n \"read\",\n \"create_child\",\n ];\n\n relations = { containing_project: Project };\n \"list_children\" if \"viewer\" on \"containing_project\";\n \"read\" if \"viewer\" on \"containing_project\";\n \"modify\" if \"collaborator\" on \"containing_project\";\n \"create_child\" if \"collaborator\" on \"containing_project\";\n }\n\n has_relation(parent: Project, \"containing_project\", child: Instance)\n if child.project = parent;\n \n\n resource IpPool {\n permissions = [\n \"list_children\",\n \"modify\",\n \"read\",\n \"create_child\",\n ];\n \n relations = { parent_fleet: Fleet };\n \"list_children\" if \"viewer\" on \"parent_fleet\";\n \"read\" if \"viewer\" on \"parent_fleet\";\n \"modify\" if \"admin\" on \"parent_fleet\";\n \"create_child\" if \"admin\" on \"parent_fleet\";\n }\n has_relation(fleet: Fleet, \"parent_fleet\", child: IpPool)\n if child.fleet = fleet;\n \n\n resource InstanceNetworkInterface {\n permissions = [\n \"list_children\",\n \"modify\",\n \"read\",\n \"create_child\",\n ];\n\n relations = {\n containing_project: Project,\n parent: Instance\n };\n \"list_children\" if \"viewer\" on \"containing_project\";\n \"read\" if \"viewer\" on \"containing_project\";\n \"modify\" if \"collaborator\" on \"containing_project\";\n \"create_child\" if \"collaborator\" on \"containing_project\";\n }\n\n has_relation(project: Project, \"containing_project\", child: InstanceNetworkInterface)\n if has_relation(project, \"containing_project\", child.instance);\n\n has_relation(parent: Instance, \"parent\", child: InstanceNetworkInterface)\n if child.instance = parent;\n \n\n resource Vpc {\n permissions = [\n \"list_children\",\n \"modify\",\n \"read\",\n \"create_child\",\n ];\n\n relations = { containing_project: Project };\n \"list_children\" if \"viewer\" on \"containing_project\";\n \"read\" if \"viewer\" on \"containing_project\";\n \"modify\" if \"collaborator\" on \"containing_project\";\n \"create_child\" if \"collaborator\" on \"containing_project\";\n }\n\n has_relation(parent: Project, \"containing_project\", child: Vpc)\n if child.project = parent;\n \n\n resource VpcRouter {\n permissions = [\n \"list_children\",\n \"modify\",\n \"read\",\n \"create_child\",\n ];\n\n relations = {\n containing_project: Project,\n parent: Vpc\n };\n \"list_children\" if \"viewer\" on \"containing_project\";\n \"read\" if \"viewer\" on \"containing_project\";\n \"modify\" if \"collaborator\" on \"containing_project\";\n \"create_child\" if \"collaborator\" on \"containing_project\";\n }\n\n has_relation(project: Project, \"containing_project\", child: VpcRouter)\n if has_relation(project, \"containing_project\", child.vpc);\n\n has_relation(parent: Vpc, \"parent\", child: VpcRouter)\n if child.vpc = parent;\n \n\n resource RouterRoute {\n permissions = [\n \"list_children\",\n \"modify\",\n \"read\",\n \"create_child\",\n ];\n\n relations = {\n containing_project: Project,\n parent: VpcRouter\n };\n \"list_children\" if \"viewer\" on \"containing_project\";\n \"read\" if \"viewer\" on \"containing_project\";\n \"modify\" if \"collaborator\" on \"containing_project\";\n \"create_child\" if \"collaborator\" on \"containing_project\";\n }\n\n has_relation(project: Project, \"containing_project\", child: RouterRoute)\n if has_relation(project, \"containing_project\", child.vpc_router);\n\n has_relation(parent: VpcRouter, \"parent\", child: RouterRoute)\n if child.vpc_router = parent;\n \n\n resource VpcSubnet {\n permissions = [\n \"list_children\",\n \"modify\",\n \"read\",\n \"create_child\",\n ];\n\n relations = {\n containing_project: Project,\n parent: Vpc\n };\n \"list_children\" if \"viewer\" on \"containing_project\";\n \"read\" if \"viewer\" on \"containing_project\";\n \"modify\" if \"collaborator\" on \"containing_project\";\n \"create_child\" if \"collaborator\" on \"containing_project\";\n }\n\n has_relation(project: Project, \"containing_project\", child: VpcSubnet)\n if has_relation(project, \"containing_project\", child.vpc);\n\n has_relation(parent: Vpc, \"parent\", child: VpcSubnet)\n if child.vpc = parent;\n \n\n resource FloatingIp {\n permissions = [\n \"list_children\",\n \"modify\",\n \"read\",\n \"create_child\",\n ];\n\n relations = { containing_project: Project };\n \"list_children\" if \"viewer\" on \"containing_project\";\n \"read\" if \"viewer\" on \"containing_project\";\n \"modify\" if \"collaborator\" on \"containing_project\";\n \"create_child\" if \"collaborator\" on \"containing_project\";\n }\n\n has_relation(parent: Project, \"containing_project\", child: FloatingIp)\n if child.project = parent;\n \n\n resource Image {\n permissions = [\n \"list_children\",\n \"modify\",\n \"read\",\n \"create_child\",\n ];\n\n relations = { containing_silo: Silo };\n \"list_children\" if \"viewer\" on \"containing_silo\";\n \"read\" if \"viewer\" on \"containing_silo\";\n \"modify\" if \"collaborator\" on \"containing_silo\";\n \"create_child\" if \"collaborator\" on \"containing_silo\";\n }\n\n has_relation(parent: Silo, \"containing_silo\", child: Image)\n if child.silo = parent;\n \n\n resource SiloImage {\n permissions = [\n \"list_children\",\n \"modify\",\n \"read\",\n \"create_child\",\n ];\n\n relations = { containing_silo: Silo };\n \"list_children\" if \"viewer\" on \"containing_silo\";\n \"read\" if \"viewer\" on \"containing_silo\";\n \"modify\" if \"collaborator\" on \"containing_silo\";\n \"create_child\" if \"collaborator\" on \"containing_silo\";\n }\n\n has_relation(parent: Silo, \"containing_silo\", child: SiloImage)\n if child.silo = parent;\n \n\n resource AddressLot {\n permissions = [\n \"list_children\",\n \"modify\",\n \"read\",\n \"create_child\",\n ];\n \n relations = { parent_fleet: Fleet };\n \"list_children\" if \"viewer\" on \"parent_fleet\";\n \"read\" if \"viewer\" on \"parent_fleet\";\n \"modify\" if \"admin\" on \"parent_fleet\";\n \"create_child\" if \"admin\" on \"parent_fleet\";\n }\n has_relation(fleet: Fleet, \"parent_fleet\", child: AddressLot)\n if child.fleet = fleet;\n \n\n resource Blueprint {\n permissions = [\n \"list_children\",\n \"modify\",\n \"read\",\n \"create_child\",\n ];\n \n relations = { parent_fleet: Fleet };\n \"list_children\" if \"viewer\" on \"parent_fleet\";\n \"read\" if \"viewer\" on \"parent_fleet\";\n \"modify\" if \"admin\" on \"parent_fleet\";\n \"create_child\" if \"admin\" on \"parent_fleet\";\n }\n has_relation(fleet: Fleet, \"parent_fleet\", child: Blueprint)\n if child.fleet = fleet;\n \n\n resource LoopbackAddress {\n permissions = [\n \"list_children\",\n \"modify\",\n \"read\",\n \"create_child\",\n ];\n \n relations = { parent_fleet: Fleet };\n \"list_children\" if \"viewer\" on \"parent_fleet\";\n \"read\" if \"viewer\" on \"parent_fleet\";\n \"modify\" if \"admin\" on \"parent_fleet\";\n \"create_child\" if \"admin\" on \"parent_fleet\";\n }\n has_relation(fleet: Fleet, \"parent_fleet\", child: LoopbackAddress)\n if child.fleet = fleet;\n \n\n\n resource ConsoleSession {\n permissions = [\n \"list_children\",\n \"modify\",\n \"read\",\n \"create_child\",\n ];\n \n relations = { parent_fleet: Fleet };\n \"list_children\" if \"viewer\" on \"parent_fleet\";\n \"read\" if \"viewer\" on \"parent_fleet\";\n \"modify\" if \"admin\" on \"parent_fleet\";\n \"create_child\" if \"admin\" on \"parent_fleet\";\n }\n has_relation(fleet: Fleet, \"parent_fleet\", child: ConsoleSession)\n if child.fleet = fleet;\n \n\n resource DeviceAuthRequest {\n permissions = [\n \"list_children\",\n \"modify\",\n \"read\",\n \"create_child\",\n ];\n \n relations = { parent_fleet: Fleet };\n \"list_children\" if \"viewer\" on \"parent_fleet\";\n \"read\" if \"viewer\" on \"parent_fleet\";\n \"modify\" if \"admin\" on \"parent_fleet\";\n \"create_child\" if \"admin\" on \"parent_fleet\";\n }\n has_relation(fleet: Fleet, \"parent_fleet\", child: DeviceAuthRequest)\n if child.fleet = fleet;\n \n\n resource DeviceAccessToken {\n permissions = [\n \"list_children\",\n \"modify\",\n \"read\",\n \"create_child\",\n ];\n \n relations = { parent_fleet: Fleet };\n \"list_children\" if \"viewer\" on \"parent_fleet\";\n \"read\" if \"viewer\" on \"parent_fleet\";\n \"modify\" if \"admin\" on \"parent_fleet\";\n \"create_child\" if \"admin\" on \"parent_fleet\";\n }\n has_relation(fleet: Fleet, \"parent_fleet\", child: DeviceAccessToken)\n if child.fleet = fleet;\n \n\n resource PhysicalDisk {\n permissions = [\n \"list_children\",\n \"modify\",\n \"read\",\n \"create_child\",\n ];\n \n relations = { parent_fleet: Fleet };\n \"list_children\" if \"viewer\" on \"parent_fleet\";\n \"read\" if \"viewer\" on \"parent_fleet\";\n \"modify\" if \"admin\" on \"parent_fleet\";\n \"create_child\" if \"admin\" on \"parent_fleet\";\n }\n has_relation(fleet: Fleet, \"parent_fleet\", child: PhysicalDisk)\n if child.fleet = fleet;\n \n\n resource Rack {\n permissions = [\n \"list_children\",\n \"modify\",\n \"read\",\n \"create_child\",\n ];\n \n relations = { parent_fleet: Fleet };\n \"list_children\" if \"viewer\" on \"parent_fleet\";\n \"read\" if \"viewer\" on \"parent_fleet\";\n \"modify\" if \"admin\" on \"parent_fleet\";\n \"create_child\" if \"admin\" on \"parent_fleet\";\n }\n has_relation(fleet: Fleet, \"parent_fleet\", child: Rack)\n if child.fleet = fleet;\n \n\n resource RoleBuiltin {\n permissions = [\n \"list_children\",\n \"modify\",\n \"read\",\n \"create_child\",\n ];\n \n relations = { parent_fleet: Fleet };\n \"list_children\" if \"viewer\" on \"parent_fleet\";\n \"read\" if \"viewer\" on \"parent_fleet\";\n \"modify\" if \"admin\" on \"parent_fleet\";\n \"create_child\" if \"admin\" on \"parent_fleet\";\n }\n has_relation(fleet: Fleet, \"parent_fleet\", child: RoleBuiltin)\n if child.fleet = fleet;\n \n\n\n\n\n\n\n\n resource Sled {\n permissions = [\n \"list_children\",\n \"modify\",\n \"read\",\n \"create_child\",\n ];\n \n relations = { parent_fleet: Fleet };\n \"list_children\" if \"viewer\" on \"parent_fleet\";\n \"read\" if \"viewer\" on \"parent_fleet\";\n \"modify\" if \"admin\" on \"parent_fleet\";\n \"create_child\" if \"admin\" on \"parent_fleet\";\n }\n has_relation(fleet: Fleet, \"parent_fleet\", child: Sled)\n if child.fleet = fleet;\n \n\n resource TufRepo {\n permissions = [\n \"list_children\",\n \"modify\",\n \"read\",\n \"create_child\",\n ];\n \n relations = { parent_fleet: Fleet };\n \"list_children\" if \"viewer\" on \"parent_fleet\";\n \"read\" if \"viewer\" on \"parent_fleet\";\n \"modify\" if \"admin\" on \"parent_fleet\";\n \"create_child\" if \"admin\" on \"parent_fleet\";\n }\n has_relation(fleet: Fleet, \"parent_fleet\", child: TufRepo)\n if child.fleet = fleet;\n \n\n resource TufArtifact {\n permissions = [\n \"list_children\",\n \"modify\",\n \"read\",\n \"create_child\",\n ];\n \n relations = { parent_fleet: Fleet };\n \"list_children\" if \"viewer\" on \"parent_fleet\";\n \"read\" if \"viewer\" on \"parent_fleet\";\n \"modify\" if \"admin\" on \"parent_fleet\";\n \"create_child\" if \"admin\" on \"parent_fleet\";\n }\n has_relation(fleet: Fleet, \"parent_fleet\", child: TufArtifact)\n if child.fleet = fleet;\n \n\n resource Zpool {\n permissions = [\n \"list_children\",\n \"modify\",\n \"read\",\n \"create_child\",\n ];\n \n relations = { parent_fleet: Fleet };\n \"list_children\" if \"viewer\" on \"parent_fleet\";\n \"read\" if \"viewer\" on \"parent_fleet\";\n \"modify\" if \"admin\" on \"parent_fleet\";\n \"create_child\" if \"admin\" on \"parent_fleet\";\n }\n has_relation(fleet: Fleet, \"parent_fleet\", child: Zpool)\n if child.fleet = fleet;\n \n\n resource Service {\n permissions = [\n \"list_children\",\n \"modify\",\n \"read\",\n \"create_child\",\n ];\n \n relations = { parent_fleet: Fleet };\n \"list_children\" if \"viewer\" on \"parent_fleet\";\n \"read\" if \"viewer\" on \"parent_fleet\";\n \"modify\" if \"admin\" on \"parent_fleet\";\n \"create_child\" if \"admin\" on \"parent_fleet\";\n }\n has_relation(fleet: Fleet, \"parent_fleet\", child: Service)\n if child.fleet = fleet;\n \n\n resource UserBuiltin {\n permissions = [\n \"list_children\",\n \"modify\",\n \"read\",\n \"create_child\",\n ];\n \n relations = { parent_fleet: Fleet };\n \"list_children\" if \"viewer\" on \"parent_fleet\";\n \"read\" if \"viewer\" on \"parent_fleet\";\n \"modify\" if \"admin\" on \"parent_fleet\";\n \"create_child\" if \"admin\" on \"parent_fleet\";\n }\n has_relation(fleet: Fleet, \"parent_fleet\", child: UserBuiltin)\n if child.fleet = fleet;\n "} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.795336303Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Silo { parent: Fleet, key: 001de000-5110-4000-8000-000000000000, lookup_type: ById(001de000-5110-4000-8000-000000000000) }","action":"CreateChild","actor":"Some(Actor::SiloUser { silo_user_id: 001de000-05e4-4000-8000-000000004007, silo_id: 001de000-5110-4000-8000-000000000000, .. })"} {"msg":"loading roles","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.795406116Z","hostname":"ip-10-150-1-168","pid":22523,"resource_id":"001de000-5110-4000-8000-000000000000","resource_type":"Silo","actor":"Actor::SiloUser { silo_user_id: 001de000-05e4-4000-8000-000000004007, silo_id: 001de000-5110-4000-8000-000000000000, .. }"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.795434938Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::SiloUser { silo_user_id: 001de000-05e4-4000-8000-000000004007, silo_id: 001de000-5110-4000-8000-000000000000, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.795458849Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.79548087Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::SiloUser { silo_user_id: 001de000-05e4-4000-8000-000000004007, silo_id: 001de000-5110-4000-8000-000000000000, .. })"} {"msg":"loading roles","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.81800106Z","hostname":"ip-10-150-1-168","pid":22523,"resource_id":"001de000-1334-4000-8000-000000000000","resource_type":"Fleet","actor":"Actor::SiloUser { silo_user_id: 001de000-05e4-4000-8000-000000004007, silo_id: 001de000-5110-4000-8000-000000000000, .. }"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.818072774Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::SiloUser { silo_user_id: 001de000-05e4-4000-8000-000000004007, silo_id: 001de000-5110-4000-8000-000000000000, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.818115296Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.818155188Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::SiloUser { silo_user_id: 001de000-05e4-4000-8000-000000004007, silo_id: 001de000-5110-4000-8000-000000000000, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.820076351Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {(Fleet, 001de000-1334-4000-8000-000000000000, \"admin\"), (Silo, 001de000-5110-4000-8000-000000000000, \"admin\")} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.822918984Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Silo { parent: Fleet, key: 001de000-5110-4000-8000-000000000000, lookup_type: ById(001de000-5110-4000-8000-000000000000) }","action":"CreateChild","actor":"Some(Actor::SiloUser { silo_user_id: 001de000-05e4-4000-8000-000000004007, silo_id: 001de000-5110-4000-8000-000000000000, .. })"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.823057852Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::SiloUser { silo_user_id: 001de000-05e4-4000-8000-000000004007, silo_id: 001de000-5110-4000-8000-000000000000, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.823138766Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.823527817Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::SiloUser { silo_user_id: 001de000-05e4-4000-8000-000000004007, silo_id: 001de000-5110-4000-8000-000000000000, .. })"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.841499173Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::SiloUser { silo_user_id: 001de000-05e4-4000-8000-000000004007, silo_id: 001de000-5110-4000-8000-000000000000, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.841572087Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.842117316Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::SiloUser { silo_user_id: 001de000-05e4-4000-8000-000000004007, silo_id: 001de000-5110-4000-8000-000000000000, .. })"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.877024222Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::SiloUser { silo_user_id: 001de000-05e4-4000-8000-000000004007, silo_id: 001de000-5110-4000-8000-000000000000, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.877095036Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.877712679Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::SiloUser { silo_user_id: 001de000-05e4-4000-8000-000000004007, silo_id: 001de000-5110-4000-8000-000000000000, .. })"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.878997768Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::SiloUser { silo_user_id: 001de000-05e4-4000-8000-000000004007, silo_id: 001de000-5110-4000-8000-000000000000, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.879932648Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.879986521Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::SiloUser { silo_user_id: 001de000-05e4-4000-8000-000000004007, silo_id: 001de000-5110-4000-8000-000000000000, .. })"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.880436275Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Project { parent: Silo { parent: Fleet, key: 001de000-5110-4000-8000-000000000000, lookup_type: ById(001de000-5110-4000-8000-000000000000) }, key: 4761110d-15f6-46ed-bcd3-6f4efbed302f, lookup_type: ById(4761110d-15f6-46ed-bcd3-6f4efbed302f) }","action":"CreateChild","actor":"Some(Actor::SiloUser { silo_user_id: 001de000-05e4-4000-8000-000000004007, silo_id: 001de000-5110-4000-8000-000000000000, .. })"} {"msg":"loading roles","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.880512279Z","hostname":"ip-10-150-1-168","pid":22523,"resource_id":"4761110d-15f6-46ed-bcd3-6f4efbed302f","resource_type":"Project","actor":"Actor::SiloUser { silo_user_id: 001de000-05e4-4000-8000-000000004007, silo_id: 001de000-5110-4000-8000-000000000000, .. }"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.880555821Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::SiloUser { silo_user_id: 001de000-05e4-4000-8000-000000004007, silo_id: 001de000-5110-4000-8000-000000000000, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.880607014Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.881059719Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::SiloUser { silo_user_id: 001de000-05e4-4000-8000-000000004007, silo_id: 001de000-5110-4000-8000-000000000000, .. })"} {"msg":"loading roles","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.887726807Z","hostname":"ip-10-150-1-168","pid":22523,"resource_id":"001de000-5110-4000-8000-000000000000","resource_type":"Silo","actor":"Actor::SiloUser { silo_user_id: 001de000-05e4-4000-8000-000000004007, silo_id: 001de000-5110-4000-8000-000000000000, .. }"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.887800641Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::SiloUser { silo_user_id: 001de000-05e4-4000-8000-000000004007, silo_id: 001de000-5110-4000-8000-000000000000, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.887834972Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.888440005Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::SiloUser { silo_user_id: 001de000-05e4-4000-8000-000000004007, silo_id: 001de000-5110-4000-8000-000000000000, .. })"} {"msg":"loading roles","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.896586703Z","hostname":"ip-10-150-1-168","pid":22523,"resource_id":"001de000-1334-4000-8000-000000000000","resource_type":"Fleet","actor":"Actor::SiloUser { silo_user_id: 001de000-05e4-4000-8000-000000004007, silo_id: 001de000-5110-4000-8000-000000000000, .. }"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.896653806Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::SiloUser { silo_user_id: 001de000-05e4-4000-8000-000000004007, silo_id: 001de000-5110-4000-8000-000000000000, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.896688248Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.896715529Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::SiloUser { silo_user_id: 001de000-05e4-4000-8000-000000004007, silo_id: 001de000-5110-4000-8000-000000000000, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.898825673Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {(Fleet, 001de000-1334-4000-8000-000000000000, \"admin\"), (Silo, 001de000-5110-4000-8000-000000000000, \"admin\")} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.903512875Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Project { parent: Silo { parent: Fleet, key: 001de000-5110-4000-8000-000000000000, lookup_type: ById(001de000-5110-4000-8000-000000000000) }, key: 4761110d-15f6-46ed-bcd3-6f4efbed302f, lookup_type: ById(4761110d-15f6-46ed-bcd3-6f4efbed302f) }","action":"CreateChild","actor":"Some(Actor::SiloUser { silo_user_id: 001de000-05e4-4000-8000-000000004007, silo_id: 001de000-5110-4000-8000-000000000000, .. })"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.903670583Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Project { parent: Silo { parent: Fleet, key: 001de000-5110-4000-8000-000000000000, lookup_type: ById(001de000-5110-4000-8000-000000000000) }, key: 4761110d-15f6-46ed-bcd3-6f4efbed302f, lookup_type: ById(4761110d-15f6-46ed-bcd3-6f4efbed302f) }","action":"CreateChild","actor":"Some(Actor::SiloUser { silo_user_id: 001de000-05e4-4000-8000-000000004007, silo_id: 001de000-5110-4000-8000-000000000000, .. })"} {"msg":"loading roles","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.903760108Z","hostname":"ip-10-150-1-168","pid":22523,"resource_id":"4761110d-15f6-46ed-bcd3-6f4efbed302f","resource_type":"Project","actor":"Actor::SiloUser { silo_user_id: 001de000-05e4-4000-8000-000000004007, silo_id: 001de000-5110-4000-8000-000000000000, .. }"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.903812041Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::SiloUser { silo_user_id: 001de000-05e4-4000-8000-000000004007, silo_id: 001de000-5110-4000-8000-000000000000, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.903861513Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.90416723Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::SiloUser { silo_user_id: 001de000-05e4-4000-8000-000000004007, silo_id: 001de000-5110-4000-8000-000000000000, .. })"} {"msg":"loading roles","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.906492925Z","hostname":"ip-10-150-1-168","pid":22523,"resource_id":"001de000-5110-4000-8000-000000000000","resource_type":"Silo","actor":"Actor::SiloUser { silo_user_id: 001de000-05e4-4000-8000-000000004007, silo_id: 001de000-5110-4000-8000-000000000000, .. }"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.906551298Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::SiloUser { silo_user_id: 001de000-05e4-4000-8000-000000004007, silo_id: 001de000-5110-4000-8000-000000000000, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.906604441Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.907091667Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::SiloUser { silo_user_id: 001de000-05e4-4000-8000-000000004007, silo_id: 001de000-5110-4000-8000-000000000000, .. })"} {"msg":"loading roles","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.908798499Z","hostname":"ip-10-150-1-168","pid":22523,"resource_id":"001de000-1334-4000-8000-000000000000","resource_type":"Fleet","actor":"Actor::SiloUser { silo_user_id: 001de000-05e4-4000-8000-000000004007, silo_id: 001de000-5110-4000-8000-000000000000, .. }"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.909484886Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::SiloUser { silo_user_id: 001de000-05e4-4000-8000-000000004007, silo_id: 001de000-5110-4000-8000-000000000000, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.909585692Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.909653865Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::SiloUser { silo_user_id: 001de000-05e4-4000-8000-000000004007, silo_id: 001de000-5110-4000-8000-000000000000, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.911284913Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {(Fleet, 001de000-1334-4000-8000-000000000000, \"admin\"), (Silo, 001de000-5110-4000-8000-000000000000, \"admin\")} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.915630036Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Project { parent: Silo { parent: Fleet, key: 001de000-5110-4000-8000-000000000000, lookup_type: ById(001de000-5110-4000-8000-000000000000) }, key: 4761110d-15f6-46ed-bcd3-6f4efbed302f, lookup_type: ById(4761110d-15f6-46ed-bcd3-6f4efbed302f) }","action":"CreateChild","actor":"Some(Actor::SiloUser { silo_user_id: 001de000-05e4-4000-8000-000000004007, silo_id: 001de000-5110-4000-8000-000000000000, .. })"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.915732852Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::SiloUser { silo_user_id: 001de000-05e4-4000-8000-000000004007, silo_id: 001de000-5110-4000-8000-000000000000, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.915780144Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.91625734Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::SiloUser { silo_user_id: 001de000-05e4-4000-8000-000000004007, silo_id: 001de000-5110-4000-8000-000000000000, .. })"} {"msg":"authorize begin","v":0,"name":"test_insert_request_exact_ip","level":10,"time":"2024-02-14T20:43:11.985374354Z","hostname":"ip-10-150-1-168","pid":22523,"resource":"Database","action":"Query","actor":"Some(Actor::SiloUser { silo_user_id: 001de000-05e4-4000-8000-000000004007, silo_id: 001de000-5110-4000-8000-000000000000, .. })"} {"msg":"roles","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.985443628Z","hostname":"ip-10-150-1-168","pid":22523,"roles":"RoleSet { roles: {} }"} {"msg":"authorize result","v":0,"name":"test_insert_request_exact_ip","level":20,"time":"2024-02-14T20:43:11.985996237Z","hostname":"ip-10-150-1-168","pid":22523,"result":"Ok(())","resource":"Database","action":"Query","actor":"Some(Actor::SiloUser { silo_user_id: 001de000-05e4-4000-8000-000000004007, silo_id: 001de000-5110-4000-8000-000000000000, .. })"}