From 652f3441dcb4b49e693df03613b1506041ac8054 Mon Sep 17 00:00:00 2001 From: Ali Maredia Date: Fri, 5 Oct 2018 14:47:10 -0400 Subject: [PATCH] rgw: changing logging in auth helper functions Functions that aren't auth engine related were did not have their logging changed Signed-off-by: Ali Maredia --- src/rgw/rgw_auth_keystone.cc | 28 ++++++++++++++-------------- src/rgw/rgw_auth_keystone.h | 6 +++--- src/rgw/rgw_swift_auth.cc | 6 +++--- src/rgw/rgw_swift_auth.h | 3 ++- 4 files changed, 22 insertions(+), 21 deletions(-) diff --git a/src/rgw/rgw_auth_keystone.cc b/src/rgw/rgw_auth_keystone.cc index ac62d85fe26..5a325425ea1 100644 --- a/src/rgw/rgw_auth_keystone.cc +++ b/src/rgw/rgw_auth_keystone.cc @@ -38,15 +38,15 @@ TokenEngine::is_applicable(const std::string& token) const noexcept } TokenEngine::token_envelope_t -TokenEngine::decode_pki_token(const std::string& token) const +TokenEngine::decode_pki_token(const DoutPrefixProvider* dpp, const std::string& token) const { ceph::buffer::list token_body_bl; int ret = rgw_decode_b64_cms(cct, token, token_body_bl); if (ret < 0) { - ldout(cct, 20) << "cannot decode pki token" << dendl; + ldpp_dout(dpp, 20) << "cannot decode pki token" << dendl; throw ret; } else { - ldout(cct, 20) << "successfully decoded pki token" << dendl; + ldpp_dout(dpp, 20) << "successfully decoded pki token" << dendl; } TokenEngine::token_envelope_t token_body; @@ -59,7 +59,7 @@ TokenEngine::decode_pki_token(const std::string& token) const } boost::optional -TokenEngine::get_from_keystone(const std::string& token) const +TokenEngine::get_from_keystone(const DoutPrefixProvider* dpp, const std::string& token) const { /* Unfortunately, we can't use the short form of "using" here. It's because * we're aliasing a class' member, not namespace. */ @@ -113,12 +113,12 @@ TokenEngine::get_from_keystone(const std::string& token) const validate.get_http_status() == /* Most likely: non-existent token supplied by the client. */ RGWValidateKeystoneToken::HTTP_STATUS_NOTFOUND) { - ldout(cct, 5) << "Failed keystone auth from " << url << " with " + ldpp_dout(dpp, 5) << "Failed keystone auth from " << url << " with " << validate.get_http_status() << dendl; return boost::none; } - ldout(cct, 20) << "received response status=" << validate.get_http_status() + ldpp_dout(dpp, 20) << "received response status=" << validate.get_http_status() << ", body=" << token_body_bl.c_str() << dendl; TokenEngine::token_envelope_t token_body; @@ -248,14 +248,14 @@ TokenEngine::authenticate(const DoutPrefixProvider* dpp, /* Retrieve token. */ if (rgw_is_pki_token(token)) { try { - t = decode_pki_token(token); + t = decode_pki_token(dpp, token); } catch (...) { /* Last resort. */ - t = get_from_keystone(token); + t = get_from_keystone(dpp, token); } } else { /* Can't decode, just go to the Keystone server for validation. */ - t = get_from_keystone(token); + t = get_from_keystone(dpp, token); } if (! t) { @@ -294,7 +294,7 @@ TokenEngine::authenticate(const DoutPrefixProvider* dpp, * Try to validate S3 auth against keystone s3token interface */ std::pair, int> -EC2Engine::get_from_keystone(const boost::string_view& access_key_id, +EC2Engine::get_from_keystone(const DoutPrefixProvider* dpp, const boost::string_view& access_key_id, const std::string& string_to_sign, const boost::string_view& signature) const { @@ -316,7 +316,7 @@ EC2Engine::get_from_keystone(const boost::string_view& access_key_id, int ret = rgw::keystone::Service::get_admin_token(cct, token_cache, config, admin_token); if (ret < 0) { - ldout(cct, 2) << "s3 keystone: cannot get token for keystone access" + ldpp_dout(dpp, 2) << "s3 keystone: cannot get token for keystone access" << dendl; throw ret; } @@ -354,7 +354,7 @@ EC2Engine::get_from_keystone(const boost::string_view& access_key_id, /* send request */ ret = validate.process(); if (ret < 0) { - ldout(cct, 2) << "s3 keystone: token validation ERROR: " + ldpp_dout(dpp, 2) << "s3 keystone: token validation ERROR: " << token_body_bl.c_str() << dendl; throw ret; } @@ -372,7 +372,7 @@ EC2Engine::get_from_keystone(const boost::string_view& access_key_id, rgw::keystone::TokenEnvelope token_envelope; ret = token_envelope.parse(cct, std::string(), token_body_bl, api_version); if (ret < 0) { - ldout(cct, 2) << "s3 keystone: token parsing failed, ret=0" << ret + ldpp_dout(dpp, 2) << "s3 keystone: token parsing failed, ret=0" << ret << dendl; throw ret; } @@ -447,7 +447,7 @@ rgw::auth::Engine::result_t EC2Engine::authenticate( boost::optional t; int failure_reason; std::tie(t, failure_reason) = \ - get_from_keystone(access_key_id, string_to_sign, signature); + get_from_keystone(dpp, access_key_id, string_to_sign, signature); if (! t) { return result_t::deny(failure_reason); } diff --git a/src/rgw/rgw_auth_keystone.h b/src/rgw/rgw_auth_keystone.h index 0861cc74fb3..e63ba1e3fb3 100644 --- a/src/rgw/rgw_auth_keystone.h +++ b/src/rgw/rgw_auth_keystone.h @@ -37,10 +37,10 @@ class TokenEngine : public rgw::auth::Engine { /* Helper methods. */ bool is_applicable(const std::string& token) const noexcept; - token_envelope_t decode_pki_token(const std::string& token) const; + token_envelope_t decode_pki_token(const DoutPrefixProvider* dpp, const std::string& token) const; boost::optional - get_from_keystone(const std::string& token) const; + get_from_keystone(const DoutPrefixProvider* dpp, const std::string& token) const; acl_strategy_t get_acl_strategy(const token_envelope_t& token) const; auth_info_t get_creds_info(const token_envelope_t& token, @@ -89,7 +89,7 @@ class EC2Engine : public rgw::auth::s3::AWSEngine { const std::vector& admin_roles ) const noexcept; std::pair, int> - get_from_keystone(const boost::string_view& access_key_id, + get_from_keystone(const DoutPrefixProvider* dpp, const boost::string_view& access_key_id, const std::string& string_to_sign, const boost::string_view& signature) const; result_t authenticate(const DoutPrefixProvider* dpp, diff --git a/src/rgw/rgw_swift_auth.cc b/src/rgw/rgw_swift_auth.cc index 61a447c6181..47c06e18c65 100644 --- a/src/rgw/rgw_swift_auth.cc +++ b/src/rgw/rgw_swift_auth.cc @@ -65,7 +65,7 @@ bool TempURLEngine::is_applicable(const req_state* const s) const noexcept s->info.args.exists("temp_url_expires"); } -void TempURLEngine::get_owner_info(const req_state* const s, +void TempURLEngine::get_owner_info(const DoutPrefixProvider* dpp, const req_state* const s, RGWUserInfo& owner_info) const { /* We cannot use req_state::bucket_name because it isn't available @@ -113,7 +113,7 @@ void TempURLEngine::get_owner_info(const req_state* const s, throw ret; } - ldout(cct, 20) << "temp url user (bucket owner): " << bucket_info.owner + ldpp_dout(dpp, 20) << "temp url user (bucket owner): " << bucket_info.owner << dendl; if (rgw_get_user_info_by_uid(store, bucket_info.owner, owner_info) < 0) { @@ -268,7 +268,7 @@ TempURLEngine::authenticate(const DoutPrefixProvider* dpp, const req_state* cons RGWUserInfo owner_info; try { - get_owner_info(s, owner_info); + get_owner_info(dpp, s, owner_info); } catch (...) { ldpp_dout(dpp, 5) << "cannot get user_info of account's owner" << dendl; return result_t::reject(); diff --git a/src/rgw/rgw_swift_auth.h b/src/rgw/rgw_swift_auth.h index 394d9b2bab4..39fdc842221 100644 --- a/src/rgw/rgw_swift_auth.h +++ b/src/rgw/rgw_swift_auth.h @@ -43,7 +43,8 @@ class TempURLEngine : public rgw::auth::Engine { const TempURLApplier::Factory* const apl_factory; /* Helper methods. */ - void get_owner_info(const req_state* s, + void get_owner_info(const DoutPrefixProvider* dpp, + const req_state* s, RGWUserInfo& owner_info) const; bool is_applicable(const req_state* s) const noexcept; bool is_expired(const std::string& expires) const; -- 2.39.5