rgw: improve debugs around S3/Keystone auth mechanism.

Signed-off-by: Radoslaw Zarzynski <rzarzynski@mirantis.com>

diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc
index 105ad8711b8ba829eb2d4148027f3c255d1a46df..d59123bc174b22f709cc721c2ab7d8d7c0ba32fc 100644 (file)
--- a/src/rgw/rgw_rest_s3.cc
+++ b/src/rgw/rgw_rest_s3.cc
@@ -2798,7 +2798,7 @@ int RGW_Auth_S3_Keystone_ValidateToken::validate_s3token(
   int ret = process("POST", keystone_url.c_str());
   if (ret < 0) {
     dout(2) << "s3 keystone: token validation ERROR: " << rx_buffer.c_str()
-           << dendl;
+            << dendl;
     return -EPERM;
   }
 
@@ -2817,8 +2817,9 @@ int RGW_Auth_S3_Keystone_ValidateToken::validate_s3token(
   }
 
   if (!found) {
-    ldout(cct, 5) << "s3 keystone: user does not hold a matching role; required roles: "
-                 << cct->_conf->rgw_keystone_accepted_roles << dendl;
+    ldout(cct, 5) << "s3 keystone: user does not hold a matching role;"
+                     " required roles: "
+                  << cct->_conf->rgw_keystone_accepted_roles << dendl;
     return -EPERM;
   }
 
@@ -3481,14 +3482,17 @@ int RGW_Auth_S3::authorize_v2(RGWRados *store, struct req_state *s)
 
        if ((req_sec < now - RGW_AUTH_GRACE_MINS * 60 ||
             req_sec > now + RGW_AUTH_GRACE_MINS * 60) && !qsr) {
-         dout(10) << "req_sec=" << req_sec << " now=" << now
-                  << "; now - RGW_AUTH_GRACE_MINS="
-                  << now - RGW_AUTH_GRACE_MINS * 60
-                  << "; now + RGW_AUTH_GRACE_MINS="
-                  << now + RGW_AUTH_GRACE_MINS * 60 << dendl;
-         dout(0) << "NOTICE: request time skew too big now="
-                 << utime_t(now, 0) << " req_time="
-                 << s->header_time << dendl;
+         ldout(s->cct, 10) << "req_sec=" << req_sec << " now=" << now
+                            << "; now - RGW_AUTH_GRACE_MINS="
+                            << now - RGW_AUTH_GRACE_MINS * 60
+                            << "; now + RGW_AUTH_GRACE_MINS="
+                            << now + RGW_AUTH_GRACE_MINS * 60
+                            << dendl;
+
+         ldout(s->cct, 0)  << "NOTICE: request time skew too big now="
+                            << utime_t(now, 0)
+                            << " req_time=" << s->header_time
+                            << dendl;
          return -ERR_REQUEST_TIME_SKEWED;
        }
 
@@ -3520,7 +3524,7 @@ int RGW_Auth_S3::authorize_v2(RGWRados *store, struct req_state *s)
     /* get the user info */
     if (rgw_get_user_info_by_access_key(store, auth_id, *(s->user)) < 0) {
       dout(5) << "error reading user info, uid=" << auth_id
-             << " can't authenticate" << dendl;
+              << " can't authenticate" << dendl;
       return -ERR_INVALID_ACCESS_KEY;
     }
 
@@ -3535,14 +3539,14 @@ int RGW_Auth_S3::authorize_v2(RGWRados *store, struct req_state *s)
 
     time_t req_sec = s->header_time.sec();
     if ((req_sec < now - RGW_AUTH_GRACE_MINS * 60 ||
-        req_sec > now + RGW_AUTH_GRACE_MINS * 60) && !qsr) {
+        req_sec > now + RGW_AUTH_GRACE_MINS * 60) && !qsr) {
       dout(10) << "req_sec=" << req_sec << " now=" << now
-              << "; now - RGW_AUTH_GRACE_MINS="
-              << now - RGW_AUTH_GRACE_MINS * 60
-              << "; now + RGW_AUTH_GRACE_MINS="
-              << now + RGW_AUTH_GRACE_MINS * 60 << dendl;
-      dout(0) << "NOTICE: request time skew too big now=" << utime_t(now, 0)
-             << " req_time=" << s->header_time << dendl;
+               << "; now - RGW_AUTH_GRACE_MINS=" << now - RGW_AUTH_GRACE_MINS * 60
+               << "; now + RGW_AUTH_GRACE_MINS=" << now + RGW_AUTH_GRACE_MINS * 60
+               << dendl;
+      dout(0)  << "NOTICE: request time skew too big now=" << utime_t(now, 0)
+               << " req_time=" << s->header_time
+               << dendl;
       return -ERR_REQUEST_TIME_SKEWED;
     }