From: Adam C. Emerson Date: Tue, 9 Dec 2025 08:04:34 +0000 (-0500) Subject: rgw/policy: Get rid of indent stuff in policy logging X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=1590293215df5281566381421b083642806eb522;p=ceph-ci.git rgw/policy: Get rid of indent stuff in policy logging Signed-off-by: Adam C. Emerson --- diff --git a/src/rgw/rgw_iam_policy.cc b/src/rgw/rgw_iam_policy.cc index 2eaca4e5572..e43c94c8770 100644 --- a/src/rgw/rgw_iam_policy.cc +++ b/src/rgw/rgw_iam_policy.cc @@ -340,23 +340,6 @@ operator<<(std::ostream& out, const boost::optional& t) return out; } -void -maybeout::lendl_() const -{ - *this << lendl; -} - -void -maybeout::bracket::close() -{ - if (m && !closer.empty()) { - *m.m << closer; - m.lendl_(); - closer = std::string_view{}; - } -} - - struct PolicyParser; const Keyword top[1]{{"", TokenKind::pseudo, TokenID::Top, 0, false, @@ -1012,7 +995,7 @@ static bool arn_like(const std::string& input, const std::string& pattern) } bool Condition::eval(const Environment& env, const maybeout& eval_log) const { - eval_log << "Evaluating condition " << *this << lendl; + eval_log << "Evaluating condition " << *this << "\n"; std::vector runtime_vals; auto i = env.find(key); if (op == TokenID::Null) { @@ -1020,7 +1003,7 @@ bool Condition::eval(const Environment& env, const maybeout& eval_log) const { eval_log << "Null check. key `" << key << (ret ? "`. Is not present, returning true." : - "`. Is present, returning false.") << lendl; + "`. Is present, returning false."); return ret; } @@ -1030,12 +1013,12 @@ bool Condition::eval(const Environment& env, const maybeout& eval_log) const { op == TokenID::ForAllValuesStringLike) { eval_log << "Evaluating " << condop_string(op) << " When key " - << " is not present. Vacuously true." << lendl; + << " is not present. Vacuously true.\n"; return true; } else { eval_log << "Evaluating " << condop_string(op) << " When key `" << key << "` is not present. Returning " - << (ifexists ? "true" : "false") << lendl; + << (ifexists ? "true" : "false") << "\n"; return ifexists; } } @@ -1054,7 +1037,7 @@ bool Condition::eval(const Environment& env, const maybeout& eval_log) const { const auto& itr = env.equal_range(key); eval_log << "Evaluating " << condop_string(op) << "for " << itr << " against " - << (isruntime ? runtime_vals : vals) << lendl; + << (isruntime ? runtime_vals : vals) << "\n"; switch (op) { // String! case TokenID::ForAnyValueStringEquals: @@ -1173,7 +1156,7 @@ bool Condition::eval(const Environment& env, const maybeout& eval_log) const { eval_log); default: - eval_log << "Unknown operation: Returning false" << lendl; + eval_log << "Unknown operation: Returning false\n"; return false; } } @@ -1280,79 +1263,76 @@ Statement::eval( boost::optional princ_type) const { if (eval_principal(e, ida, eval_log, princ_type) == Effect::Deny) { - eval_log << "Passing." << lendl; + eval_log << "Passing.\n"; return Effect::Pass; } if (res && resource.empty() && notresource.empty()) { eval_log << "A resource was specified but both Resource and NotResource " - "were empty. Passing." << lendl; + "were empty. Passing.\n"; return Effect::Pass; } if (!res && (!resource.empty() || !notresource.empty())) { eval_log << "No resource was specified yet neither " - "Resource nor NotResource were empty. Passing." << lendl; + "Resource nor NotResource were empty. Passing.\n"; return Effect::Pass; } if (!resource.empty() && res) { - eval_log << "Checking Resource for " << res << lendl; + eval_log << "Checking Resource for " << res << "\n"; if (!std::any_of( resource.begin(), resource.end(), [&res, &eval_log](const ARN& pattern) { if (pattern.match(*res)) { - eval_log << "Matched " << pattern << lendl; + eval_log << "Matched " << pattern << "\n"; return true; } return false; })) { - eval_log << "No match in Resource. Passing." << lendl; + eval_log << "No match in Resource. Passing.\n"; return Effect::Pass; } } else if (!notresource.empty() && res) { - eval_log << "Checking NotResource for " << res << lendl; + eval_log << "Checking NotResource for " << res << "\n"; if (std::any_of( notresource.begin(), notresource.end(), [&res, &eval_log](const ARN& pattern) { if (pattern.match(*res)) { - eval_log << "Matched " << pattern << lendl; + eval_log << "Matched " << pattern << "\n"; return true; } return false; })) { - eval_log << "Match found in NotResource. Passing." << lendl; + eval_log << "Match found in NotResource. Passing.\n"; return Effect::Pass; } } if (!(action[act] == 1)) { eval_log << action_bit_string(action_t(act)) - << "not found in Action. Passing." << lendl; + << "not found in Action. Passing.\n"; return Effect::Pass; } if (notaction[act] == 1) { eval_log << action_bit_string(action_t(act)) - << "found in NotAction. Passing." << lendl; + << "found in NotAction. Passing.\n"; return Effect::Pass; } { - eval_log << "Evaluating conditions:" << lendl; - auto b = eval_log.open("{", "}"); - auto indent = eval_log.indent(); + eval_log << "Evaluating conditions:\n"; if (std::all_of( conditions.begin(), conditions.end(), - [&e, &indent](const Condition& c) { - indent << "Evaluating condition: " << c << lendl; - return c.eval(e, indent); + [&e, &eval_log](const Condition& c) { + eval_log << "Evaluating condition: " << c << "\n"; + return c.eval(e, eval_log); })) { - b.close(); - eval_log << "Returning " << effect; + eval_log << "Returning " << effect << "\n"; return effect; } } - eval_log << "Passing." << lendl; + eval_log << "Passing.\n"; return Effect::Pass; } @@ -1374,19 +1354,19 @@ Statement::eval_principal( if (princ_type) { *princ_type = PolicyPrincipal::Other; } - eval_log << "Evaluating identity: " << ida << lendl; + eval_log << "Evaluating identity: " << ida << "\n"; if (ida) { if (princ.empty() && noprinc.empty()) { - eval_log << "Principal empty and NotPrincipal empty: Denying." << lendl; + eval_log << "Principal empty and NotPrincipal empty: Denying.\n"; return Effect::Deny; } if (ida->get_identity_type() != TYPE_ROLE && !princ.empty() && !is_identity(*ida, princ)) { eval_log << "Identity is not role, Principal is not empty, and " - "the identity is not in Principal." << lendl; + "the identity is not in Principal.\n"; return Effect::Deny; } - eval_log << "Checking type of Principal match." << lendl; + eval_log << "Checking type of Principal match.\n"; if (ida->get_identity_type() == TYPE_ROLE && !princ.empty()) { bool princ_matched = false; // Check each principal to determine the type of the one that has matched @@ -1394,12 +1374,12 @@ Statement::eval_principal( if (ida->is_identity(p)) { if (p.is_assumed_role() || p.is_user()) { if (princ_type) { - eval_log << "Setting principal type to Session" << lendl; + eval_log << "Setting principal type to Session\n"; *princ_type = PolicyPrincipal::Session; } } else { if (princ_type) { - eval_log << "Setting principal type to Session" << lendl; + eval_log << "Setting principal type to Session\n"; *princ_type = PolicyPrincipal::Role; } } @@ -1421,14 +1401,14 @@ Effect Statement::eval_conditions(const Environment& e, if (std::all_of( conditions.begin(), conditions.end(), [&e, &eval_log](const Condition& c) { - eval_log << "Evaluating condition: " << c << lendl; + eval_log << "Evaluating condition: " << c << "\n"; return c.eval(e, eval_log); })) { - eval_log << "Returning Allow." << lendl; - return Effect::Allow; - } + eval_log << "Returning Allow.\n"; + return Effect::Allow; + } - eval_log << "Returning Deny." << lendl; + eval_log << "Returning Deny.\n"; return Effect::Deny; } @@ -2046,19 +2026,16 @@ Effect Policy::eval(const Environment& e, { auto allowed = false; eval_log - << "Evaluating policy: ```" << lendl << text << lendl << "'''" << lendl - << "Environment: " << e << lendl - << "Principal: " << ida << lendl - << "Action: " << action_bit_string(action_t(action)) << lendl - << "Resource: " << resource << lendl; + << "Evaluating policy: ```\n" << text << "\n'''\n" + << "Environment: " << e << "\n" + << "Principal: " << ida << "\n" + << "Action: " << action_bit_string(action_t(action)) << "\n" + << "Resource: " << resource << "\n"; { for (auto& s : statements) { - eval_log << "Evaluating statement: " << s << lendl; - auto b = eval_log.open("{", "}"); - auto indent = eval_log.indent(); - auto g = s.eval(e, ida, action, resource, indent, princ_type); - b.close(); + eval_log << "Evaluating statement: " << s << "\n"; + auto g = s.eval(e, ida, action, resource, eval_log, princ_type); if (g == Effect::Deny) { eval_log << "Denying.\n"; return g; @@ -2079,16 +2056,16 @@ Policy::eval_principal( boost::optional princ_type) const { auto allowed = false; for (auto& s : statements) { - eval_log << "Evaluating identity " << ida << " in statement " << s << lendl; - auto g = s.eval_principal(e, ida, eval_log.indent(), princ_type); + eval_log << "Evaluating identity " << ida << " in statement " << s << "\n"; + auto g = s.eval_principal(e, ida, eval_log, princ_type); if (g == Effect::Deny) { - eval_log << "Denying." << lendl; + eval_log << "Denying.\n"; return g; } else if (g == Effect::Allow) { allowed = true; } } - eval_log << (allowed ? "Allowing." : "Denying.") << lendl; + eval_log << (allowed ? "Allowing." : "Denying.") << "\n"; return allowed ? Effect::Allow : Effect::Deny; } @@ -2096,18 +2073,16 @@ Effect Policy::eval_conditions(const Environment& e, maybeout eval_log) const { auto allowed = false; for (auto& s : statements) { - eval_log << "Evaluating conditions in statement:" << lendl; - auto b = eval_log.open("{", "}"); - auto indent = eval_log.indent(); - auto g = s.eval_conditions(e, indent); + eval_log << "Evaluating conditions in statement:\n"; + auto g = s.eval_conditions(e, eval_log); if (g == Effect::Deny) { - eval_log << "Denying." << lendl; + eval_log << "Denying.\n"; return g; } else if (g == Effect::Allow) { allowed = true; } } - eval_log << (allowed ? "Allowing." : "Denying.") << lendl; + eval_log << (allowed ? "Allowing." : "Denying.") << "\n"; return allowed ? Effect::Allow : Effect::Deny; } @@ -2152,10 +2127,8 @@ struct IsPublicStatement if (s.effect == Effect::Allow) { for (const auto& p : s.princ) { if (p.is_wildcard()) { - eval_log << "Evaluating conditions in statement:" << lendl; - auto b = eval_log.open("{", "}"); - auto indent = eval_log.indent(); - return s.eval_conditions(iam_all_env, indent) == Effect::Allow; + eval_log << "Evaluating conditions in statement:\n"; + return s.eval_conditions(iam_all_env, eval_log) == Effect::Allow; } } } diff --git a/src/rgw/rgw_iam_policy.h b/src/rgw/rgw_iam_policy.h index 67ed8daa2b6..a07ca0d8d1b 100644 --- a/src/rgw/rgw_iam_policy.h +++ b/src/rgw/rgw_iam_policy.h @@ -219,17 +219,8 @@ enum action_t { struct maybeout { mutable std::ostream* m; - std::string prefix; - maybeout(std::ostream* m, - std::string&& prefix_ = "") : - m(m) - { - if (m) { - prefix = std::move(prefix_); - lendl_(); - } - } + maybeout(std::ostream* m) : m(m) {} ~maybeout() { @@ -246,53 +237,10 @@ struct maybeout { operator=(std::nullptr_t) { m = nullptr; - prefix.clear(); return *this; } - maybeout - indent(std::string&& prefix2 = " ", - std::string_view closer_ = "") const - { - if (m) { - return maybeout(m, (prefix + std::move(prefix2))); - } else { - return nullptr; - } - } - - void lendl_() const; - - struct bracket { - const maybeout& m; - std::string_view closer; - - bracket(const maybeout& m, std::string_view closer) : - m(m), closer(closer) - {} - - void close(); - - ~bracket() { close(); } - }; - - bracket - open(std::string_view opener, std::string_view closer_) const - { - if (m) { - *m << opener; - lendl_(); - return { *this, closer_ }; - } - return { *this, "" }; - } operator bool() const { return !!m; } - - const maybeout& - operator<<(const maybeout& (*func)(const maybeout&)) const - { - return func(*this); - } }; const maybeout& @@ -304,15 +252,6 @@ operator<<(const maybeout& m, const auto& datum) return m; } -inline const maybeout& lendl(const maybeout& m) -{ - if (m.m) { - m.m->put(m.m->widen('\n')); - *m.m << m.prefix; - } - return m; -} - boost::optional parse_principal(std::string&& s, std::string* errmsg); @@ -603,9 +542,9 @@ struct Condition { } if (!matched) { if (failmatch.empty()) { - eval_log << "Values matched against were empty." << lendl; + eval_log << "Values matched against were empty.\n"; } else { - eval_log << "Predicate false for " << failmatch << lendl; + eval_log << "Predicate false for " << failmatch << "\n"; } return false; } @@ -623,7 +562,7 @@ struct Condition { for (const auto& d : v) { if (f(itr->second, d)) { eval_log << "Predicate true for (" << itr->second - << ", " << d << ")" << lendl; + << ", " << d << ")\n"; return true; } } @@ -639,7 +578,7 @@ struct Condition { for (const auto& d : v) { if (f(itr->second, d)) { eval_log << "Predicate true for (" << itr->second << ", " - << d << ")" << lendl; + << d << ")\n"; return false; } } @@ -653,22 +592,19 @@ struct Condition { const maybeout& eval_log) { auto xc = std::forward(x)(c); if (!xc) { - eval_log << "Failed to convert `" << c << "`. Returning false." - << lendl; + eval_log << "Failed to convert `" << c << "`. Returning false.\n"; return false; } for (const auto& d : v) { auto xd = x(d); if (!xd) { - eval_log << "Failed to convert `" << d << "`. Skipping." - << lendl; + eval_log << "Failed to convert `" << d << "`. Skipping.\n"; continue; } if (f(*xc, *xd)) { - eval_log << "Predicate true for (" << *xc << ", " << *xd << ")" - << lendl; + eval_log << "Predicate true for (" << *xc << ", " << *xd << ")\n"; return true; } } @@ -681,22 +617,19 @@ struct Condition { const maybeout& eval_log) { auto xc = std::forward(x)(c); if (!xc) { - eval_log << "Failed to convert `" << c << "`. Returning false." - << lendl; + eval_log << "Failed to convert `" << c << "`. Returning false.\n"; return false; } for (const auto& d : v) { auto xd = x(d); if (!xd) { - eval_log << "Failed to convert `" << d << "`. Skipping." - << lendl; + eval_log << "Failed to convert `" << d << "`. Skipping.\n"; continue; } if (f(*xc, *xd)) { - eval_log << "Predicate true for (" << *xc << ", " << *xd << ")" - << lendl; + eval_log << "Predicate true for (" << *xc << ", " << *xd << ")\n"; return false; } }