--- /dev/null
+:orphan:
+
+===================================================
+rgw-policy-check -- verify syntax of bucket policy
+===================================================
+
+.. program:: rgw-policy-check
+
+Synopsis
+========
+
+| **rgw-policy-check**
+ -t *tenant* [ *filename* ... ]
+
+
+Description
+===========
+
+This program reads one or more files containing bucket policy
+and determines if it is syntactically correct.
+It does not check to see if the policy makes sense;
+it only checks to see if the file would be accepted
+by the policy parsing logic inside
+:program:`radsogw`.
+
+More than one filename may be specified. If no files are
+given, the program will read from stdin.
+
+On success, the program will say nothing. On failure,
+the program will emit a error message indicating the
+problem. The program will terminate with non-zero exit
+status if one or more policies could not be read or parsed.
+
+Options
+=======
+
+.. option: -t *tenant*
+
+ Specify *tenant* as the tenant. This is required by the
+ policy parsing logic and is used to construct the internal
+ state representation of the policy.
+
+Availability
+============
+
+**rgw-policy-check** is part of Ceph, a massively scalable, open-source,
+distributed storage system. Please refer to the Ceph documentation at
+http://ceph.com/docs for more information.
+
+See also
+========
+
+:doc:`radosgw <radosgw>`\(8)
+
+.. _Bucket Policies: ../../radosgw/bucketpolicy.rst
--- /dev/null
+// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
+// vim: ts=8 sw=2 smarttab
+
+#include <cstdint>
+#include <cstdlib>
+#include <exception>
+#include <fstream>
+#include <iostream>
+#include <string>
+#include <string_view>
+
+#include "include/buffer.h"
+
+#include "common/ceph_argparse.h"
+#include "common/common_init.h"
+
+#include "global/global_init.h"
+
+#include "rgw/rgw_iam_policy.h"
+
+// Returns true on success
+bool parse(CephContext* cct, const std::string& tenant,
+ const std::string& fname, std::istream& in) noexcept
+{
+ bufferlist bl;
+ bl.append(in);
+ try {
+ auto p = rgw::IAM::Policy(
+ cct, tenant, bl,
+ cct->_conf.get_val<bool>("rgw_policy_reject_invalid_principals"));
+ } catch (const rgw::IAM::PolicyParseException& e) {
+ std::cerr << fname << ": " << e.what() << std::endl;
+ return false;
+ } catch (const std::exception& e) {
+ std::cerr << fname << ": caught exception: " << e.what() << std::endl;;
+ return false;
+ }
+ return true;
+}
+
+void helpful_exit(std::string_view cmdname)
+{
+ std::cerr << cmdname << "-h for usage" << std::endl;
+ exit(1);
+}
+
+void usage(std::string_view cmdname)
+{
+ std::cout << "usage: " << cmdname << " -t <tenant> [filename]"
+ << std::endl;
+}
+
+int main(int argc, const char** argv)
+{
+ std::string_view cmdname = argv[0];
+ std::string tenant;
+
+ auto args = argv_to_vec(argc, argv);
+ if (ceph_argparse_need_usage(args)) {
+ usage(cmdname);
+ exit(0);
+ }
+
+ auto cct = global_init(nullptr, args, CEPH_ENTITY_TYPE_CLIENT,
+ CODE_ENVIRONMENT_UTILITY,
+ CINIT_FLAG_NO_DAEMON_ACTIONS |
+ CINIT_FLAG_NO_MON_CONFIG);
+ common_init_finish(cct.get());
+ std::string val;
+ for (std::vector<const char*>::iterator i = args.begin(); i != args.end(); ) {
+ if (ceph_argparse_double_dash(args, i)) {
+ break;
+ } else if (ceph_argparse_witharg(args, i, &val, "--tenant", "-t",
+ (char*)nullptr)) {
+ tenant = std::move(val);
+ } else {
+ ++i;
+ }
+ }
+
+ if (tenant.empty()) {
+ std::cerr << cmdname << ": must specify tenant name" << std::endl;
+ helpful_exit(cmdname);
+ }
+
+ bool success = true;
+
+ if (args.empty()) {
+ success = parse(cct.get(), tenant, "(stdin)", std::cin);
+ } else {
+ for (const auto& file : args) {
+ std::ifstream in;
+ in.open(file, std::ifstream::in);
+ if (!in.is_open()) {
+ std::cerr << "Can't read " << file << std::endl;
+ success = false;
+ }
+ if (!parse(cct.get(), tenant, file, in)) {
+ success = false;
+ }
+ }
+ }
+
+ return success ? 0 : 1;
+}
projects / ceph.git / commitdiff