From 0b0fd44f42575c89ccce375b06c0db1d50c48ce6 Mon Sep 17 00:00:00 2001 From: "Adam C. Emerson" Date: Tue, 13 Dec 2022 16:15:24 -0500 Subject: [PATCH] rgw: Put useful policy error messages in error document This affects the various create/put operations that take a policy document. Signed-off-by: Adam C. Emerson --- src/rgw/rgw_op.cc | 3 ++- src/rgw/rgw_rest_role.cc | 4 +++- src/rgw/rgw_rest_sts.cc | 4 +++- src/rgw/rgw_rest_user_policy.cc | 3 ++- 4 files changed, 10 insertions(+), 4 deletions(-) diff --git a/src/rgw/rgw_op.cc b/src/rgw/rgw_op.cc index aa697e3d40d..fe57827a15a 100644 --- a/src/rgw/rgw_op.cc +++ b/src/rgw/rgw_op.cc @@ -8132,8 +8132,9 @@ void RGWPutBucketPolicy::execute(optional_yield y) return op_ret; }); } catch (rgw::IAM::PolicyParseException& e) { - ldpp_dout(this, 20) << "failed to parse policy: " << e.what() << dendl; + ldpp_dout(this, 5) << "failed to parse policy: " << e.what() << dendl; op_ret = -EINVAL; + s->err.message = e.what(); } } diff --git a/src/rgw/rgw_rest_role.cc b/src/rgw/rgw_rest_role.cc index 13f476ea991..e71dff5708f 100644 --- a/src/rgw/rgw_rest_role.cc +++ b/src/rgw/rgw_rest_role.cc @@ -169,7 +169,8 @@ int RGWCreateRole::get_params() s->cct->_conf.get_val("rgw_policy_reject_invalid_principals")); } catch (rgw::IAM::PolicyParseException& e) { - ldpp_dout(this, 20) << "failed to parse policy: " << e.what() << dendl; + ldpp_dout(this, 5) << "failed to parse policy: " << e.what() << dendl; + s->err.message = e.what(); return -ERR_MALFORMED_DOC; } @@ -576,6 +577,7 @@ int RGWPutRolePolicy::get_params() } catch (rgw::IAM::PolicyParseException& e) { ldpp_dout(this, 20) << "failed to parse policy: " << e.what() << dendl; + s->err.message = e.what(); return -ERR_MALFORMED_DOC; } return 0; diff --git a/src/rgw/rgw_rest_sts.cc b/src/rgw/rgw_rest_sts.cc index cc2922ef8c3..b77b78c9101 100644 --- a/src/rgw/rgw_rest_sts.cc +++ b/src/rgw/rgw_rest_sts.cc @@ -649,7 +649,8 @@ int RGWSTSAssumeRoleWithWebIdentity::get_params() s->cct->_conf.get_val("rgw_policy_reject_invalid_principals")); } catch (rgw::IAM::PolicyParseException& e) { - ldpp_dout(this, 20) << "failed to parse policy: " << e.what() << "policy" << policy << dendl; + ldpp_dout(this, 5) << "failed to parse policy: " << e.what() << "policy" << policy << dendl; + s->err.message = e.what(); return -ERR_MALFORMED_DOC; } } @@ -711,6 +712,7 @@ int RGWSTSAssumeRole::get_params() } catch (rgw::IAM::PolicyParseException& e) { ldpp_dout(this, 0) << "failed to parse policy: " << e.what() << "policy" << policy << dendl; + s->err.message = e.what(); return -ERR_MALFORMED_DOC; } } diff --git a/src/rgw/rgw_rest_user_policy.cc b/src/rgw/rgw_rest_user_policy.cc index ea56ddd94bb..1d693d9c0f5 100644 --- a/src/rgw/rgw_rest_user_policy.cc +++ b/src/rgw/rgw_rest_user_policy.cc @@ -162,7 +162,8 @@ void RGWPutUserPolicy::execute(optional_yield y) ldpp_dout(this, 0) << "ERROR: failed to decode user policies" << dendl; op_ret = -EIO; } catch (rgw::IAM::PolicyParseException& e) { - ldpp_dout(this, 20) << "failed to parse policy: " << e.what() << dendl; + ldpp_dout(this, 5) << "failed to parse policy: " << e.what() << dendl; + s->err.message = e.what(); op_ret = -ERR_MALFORMED_DOC; } -- 2.39.5