From 7186d1cbbbb77e03a756b231ff5e097d52c3581c Mon Sep 17 00:00:00 2001
From: Radoslaw Zarzynski <rzarzynski@mirantis.com>
Date: Wed, 10 Feb 2016 15:32:12 +0100
Subject: [PATCH] rgw: improve debugs around S3/Keystone auth mechanism.

Signed-off-by: Radoslaw Zarzynski <rzarzynski@mirantis.com>
---
 src/rgw/rgw_rest_s3.cc | 42 +++++++++++++++++++++++-------------------
 1 file changed, 23 insertions(+), 19 deletions(-)

diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc
index 105ad8711b8ba..d59123bc174b2 100644
--- a/src/rgw/rgw_rest_s3.cc
+++ b/src/rgw/rgw_rest_s3.cc
@@ -2798,7 +2798,7 @@ int RGW_Auth_S3_Keystone_ValidateToken::validate_s3token(
   int ret = process("POST", keystone_url.c_str());
   if (ret < 0) {
     dout(2) << "s3 keystone: token validation ERROR: " << rx_buffer.c_str()
-	    << dendl;
+            << dendl;
     return -EPERM;
   }
 
@@ -2817,8 +2817,9 @@ int RGW_Auth_S3_Keystone_ValidateToken::validate_s3token(
   }
 
   if (!found) {
-    ldout(cct, 5) << "s3 keystone: user does not hold a matching role; required roles: "
-		  << cct->_conf->rgw_keystone_accepted_roles << dendl;
+    ldout(cct, 5) << "s3 keystone: user does not hold a matching role;"
+                     " required roles: "
+                  << cct->_conf->rgw_keystone_accepted_roles << dendl;
     return -EPERM;
   }
 
@@ -3481,14 +3482,17 @@ int RGW_Auth_S3::authorize_v2(RGWRados *store, struct req_state *s)
 
 	if ((req_sec < now - RGW_AUTH_GRACE_MINS * 60 ||
 	     req_sec > now + RGW_AUTH_GRACE_MINS * 60) && !qsr) {
-	  dout(10) << "req_sec=" << req_sec << " now=" << now
-		   << "; now - RGW_AUTH_GRACE_MINS="
-		   << now - RGW_AUTH_GRACE_MINS * 60
-		   << "; now + RGW_AUTH_GRACE_MINS="
-		   << now + RGW_AUTH_GRACE_MINS * 60 << dendl;
-	  dout(0) << "NOTICE: request time skew too big now="
-		  << utime_t(now, 0) << " req_time="
-		  << s->header_time << dendl;
+	  ldout(s->cct, 10) << "req_sec=" << req_sec << " now=" << now
+                            << "; now - RGW_AUTH_GRACE_MINS="
+                            << now - RGW_AUTH_GRACE_MINS * 60
+                            << "; now + RGW_AUTH_GRACE_MINS="
+                            << now + RGW_AUTH_GRACE_MINS * 60
+                            << dendl;
+
+	  ldout(s->cct, 0)  << "NOTICE: request time skew too big now="
+                            << utime_t(now, 0)
+                            << " req_time=" << s->header_time
+                            << dendl;
 	  return -ERR_REQUEST_TIME_SKEWED;
 	}
 
@@ -3520,7 +3524,7 @@ int RGW_Auth_S3::authorize_v2(RGWRados *store, struct req_state *s)
     /* get the user info */
     if (rgw_get_user_info_by_access_key(store, auth_id, *(s->user)) < 0) {
       dout(5) << "error reading user info, uid=" << auth_id
-	      << " can't authenticate" << dendl;
+              << " can't authenticate" << dendl;
       return -ERR_INVALID_ACCESS_KEY;
     }
 
@@ -3535,14 +3539,14 @@ int RGW_Auth_S3::authorize_v2(RGWRados *store, struct req_state *s)
 
     time_t req_sec = s->header_time.sec();
     if ((req_sec < now - RGW_AUTH_GRACE_MINS * 60 ||
-	 req_sec > now + RGW_AUTH_GRACE_MINS * 60) && !qsr) {
+        req_sec > now + RGW_AUTH_GRACE_MINS * 60) && !qsr) {
       dout(10) << "req_sec=" << req_sec << " now=" << now
-	       << "; now - RGW_AUTH_GRACE_MINS="
-	       << now - RGW_AUTH_GRACE_MINS * 60
-	       << "; now + RGW_AUTH_GRACE_MINS="
-	       << now + RGW_AUTH_GRACE_MINS * 60 << dendl;
-      dout(0) << "NOTICE: request time skew too big now=" << utime_t(now, 0)
-	      << " req_time=" << s->header_time << dendl;
+               << "; now - RGW_AUTH_GRACE_MINS=" << now - RGW_AUTH_GRACE_MINS * 60
+               << "; now + RGW_AUTH_GRACE_MINS=" << now + RGW_AUTH_GRACE_MINS * 60
+               << dendl;
+      dout(0)  << "NOTICE: request time skew too big now=" << utime_t(now, 0)
+               << " req_time=" << s->header_time
+               << dendl;
       return -ERR_REQUEST_TIME_SKEWED;
     }
 
-- 
2.39.5