Add debug level logs for TempAuth.authorize.

The function authorize in tempauth.py and keysthoneauth.py is very
important and frequently called in swift. But authorize in tempauth
seems hard to debug with nearly no logs here.

Change-Id: I3300a5a8d02743ff76e2ff86c51338ca24ddddcb
Fixes: bug #1129769

swift/common/middleware/tempauth.py

@@ -245,38 +245,65 @@ class TempAuth(object):
         except ValueError:
             self.logger.increment('errors')
             return HTTPNotFound(request=req)
+
         if not account or not account.startswith(self.reseller_prefix):
+            self.logger.debug("Account name: %s doesn't start with "
+                              "reseller_prefix: %s."
+                              % (account, self.reseller_prefix))
             return self.denied_response(req)
+
         user_groups = (req.remote_user or '').split(',')
+        account_user = user_groups[1] if len(user_groups) > 1 else None
+
         if '.reseller_admin' in user_groups and \
                 account != self.reseller_prefix and \
                 account[len(self.reseller_prefix)] != '.':
             req.environ['swift_owner'] = True
+            self.logger.debug("User %s has reseller admin authorizing."
+                              % account_user)
             return None
+
         if account in user_groups and \
                 (req.method not in ('DELETE', 'PUT') or container):
             # If the user is admin for the account and is not trying to do an
             # account DELETE or PUT...
             req.environ['swift_owner'] = True
+            self.logger.debug("User %s has admin authorizing."
+                              % account_user)
             return None
+
         if (req.environ.get('swift_sync_key')
                 and (req.environ['swift_sync_key'] ==
                      req.headers.get('x-container-sync-key', None))
                 and 'x-timestamp' in req.headers):
+            self.logger.debug("Allow request with container sync-key: %s."
+                              % req.environ['swift_sync_key'])
             return None
+
         if req.method == 'OPTIONS':
             #allow OPTIONS requests to proceed as normal
+            self.logger.debug("Allow OPTIONS request.")
             return None
+
         referrers, groups = parse_acl(getattr(req, 'acl', None))
         if referrer_allowed(req.referer, referrers):
             if obj or '.rlistings' in groups:
+                self.logger.debug("Allow authorizing %s via referer ACL."
+                                  % req.referer)
                 return None
+            self.logger.debug("Disallow authorizing %s via referer ACL."
+                              % req.referer)
             return self.denied_response(req)
+
         if not req.remote_user:
             return self.denied_response(req)
+
         for user_group in user_groups:
             if user_group in groups:
+                self.logger.debug("User %s allowed in ACL: %s authorizing."
+                                  % (account_user, user_group))
                 return None
+
         return self.denied_response(req)
 
     def denied_response(self, req):