From 3f6b8ea57d673eee8de1221397403e912a3a89c2 Mon Sep 17 00:00:00 2001 From: Ravind Kumar Date: Thu, 11 May 2023 16:57:03 -0400 Subject: [PATCH] DOCS-780: Bug Stomping (#844) A few big things here: - Updated to Sphinx 6.2.1 successfully. I'm using Python 3.10.10 - Upgraded to docutils 0.19, which is latest - Upgrade myst-parser and sphinx-design to latest stable - Fixed a bunch of warning outputs --- requirements.txt | 12 ++-- source/_static/scss/includes/_toc.scss | 1 + .../identity-access-management.rst | 2 +- .../ad-ldap-access-management.rst | 2 +- .../minio-user-management.rst | 14 ++--- .../policy-based-access-control.rst | 2 +- source/default-conf.py | 55 ++++++++++--------- ...configure-keycloak-identity-management.rst | 2 +- ...e-ad-ldap-external-identity-management.rst | 6 +- ...re-openid-external-identity-management.rst | 2 +- source/operations/external-iam.rst | 2 +- ...configure-keycloak-identity-management.rst | 2 +- source/operations/troubleshooting.rst | 2 +- .../minio-mc-admin/mc-admin-user-disable.rst | 2 +- .../minio-mc-admin/mc-admin-user-remove.rst | 2 +- .../mc-admin-user-svcacct-info.rst | 23 +++++--- source/url-excludes.yaml | 1 + sphinxext/cond.py | 5 +- 18 files changed, 75 insertions(+), 62 deletions(-) diff --git a/requirements.txt b/requirements.txt index eea413a8..5cc79ce8 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,13 +1,13 @@ -docutils == 0.17 -sphinx == 4.3.2 -sphinx-copybutton == 0.5.0 -sphinx-design == 0.2.0 +docutils == 0.19 +sphinx == 6.2.1 +sphinx-copybutton == 0.5.2 +sphinx-design == 0.4.1 sphinx-markdown-tables == 0.0.15 Sphinx-Substitution-Extensions == 2020.9.30.0 -sphinx-sitemap == 2.2.0 +sphinx-sitemap == 2.5.0 sphinx-togglebutton === 0.3.2 sphinxcontrib-images === 0.9.4 -myst-parser === 0.18.0 +myst-parser === 1.0.0 linkify === 1.4 linkify-it-py === 2.0.0 pyyaml === 6.0 \ No newline at end of file diff --git a/source/_static/scss/includes/_toc.scss b/source/_static/scss/includes/_toc.scss index a354bb6e..1185f308 100644 --- a/source/_static/scss/includes/_toc.scss +++ b/source/_static/scss/includes/_toc.scss @@ -73,6 +73,7 @@ div.topic { #table-of-contents { flex: 1; position: relative; + border: none; .topic-title { @include breakpoint-max(breakpoints(lg)) { diff --git a/source/administration/identity-access-management.rst b/source/administration/identity-access-management.rst index 871ef3f2..8e6f9cbb 100644 --- a/source/administration/identity-access-management.rst +++ b/source/administration/identity-access-management.rst @@ -72,7 +72,7 @@ assigning a policy to a user or group depends on the configured MinIO deployments using the :ref:`MinIO Internal IDP ` require explicitly associating a user to a policy or policies using the -:mc-cmd:`mc admin policy attach` command. A user can also inherit the policies +:mc:`mc admin policy attach` command. A user can also inherit the policies attached to the :ref:`groups ` in which they have membership. By default, MinIO *denies* access to actions or resources not explicitly allowed diff --git a/source/administration/identity-access-management/ad-ldap-access-management.rst b/source/administration/identity-access-management/ad-ldap-access-management.rst index 0381ee1e..7cd5081d 100644 --- a/source/administration/identity-access-management/ad-ldap-access-management.rst +++ b/source/administration/identity-access-management/ad-ldap-access-management.rst @@ -59,7 +59,7 @@ Use either of the following methods to create a new access keys: - Log into the :ref:`MinIO Console ` using the AD/LDAP-managed user credentials. From the :guilabel:`Identity` section of the left navigation, select :guilabel:`Access Keys` followed by the :guilabel:`Create access keys +` button. -- Use the :mc-cmd:`mc admin user svcacct add` command to create the access keys. Specify the user Distinguished Name as the username to which to associate the access keys. +- Use the :mc:`mc admin user svcacct add` command to create the access keys. Specify the user Distinguished Name as the username to which to associate the access keys. Mapping Policies to User DN diff --git a/source/administration/identity-access-management/minio-user-management.rst b/source/administration/identity-access-management/minio-user-management.rst index 7eb2a46d..5e9036b3 100644 --- a/source/administration/identity-access-management/minio-user-management.rst +++ b/source/administration/identity-access-management/minio-user-management.rst @@ -56,7 +56,7 @@ A MinIO user can generate any number of access keys. This allows application owners to generate arbitrary access keys for their applications without requiring action from the MinIO administrators. Since the generated access keys have the same or fewer permissions as the parents, administrators can focus on managing the top-level parent users without micro-managing generated access keys. -You can create access keys using either the :ref:`MinIO Console ` *or* by using the :mc-cmd:`mc admin user svcacct add` command. +You can create access keys using either the :ref:`MinIO Console ` *or* by using the :mc:`mc admin user svcacct add` command. Identities created by these methods do not expire until you remove the access key or the parent account. You can also create :ref:`security token service ` accounts programmatically with the ``AssumeRole`` STS API endpoint. @@ -119,7 +119,7 @@ User Management Create a User ~~~~~~~~~~~~~ -Use the :mc-cmd:`mc admin user add` command to create a new user on the +Use the :mc:`mc admin user add` command to create a new user on the MinIO deployment: .. code-block:: shell @@ -127,12 +127,12 @@ MinIO deployment: mc admin user add ALIAS ACCESSKEY SECRETKEY -- Replace :mc-cmd:`ALIAS ` with the +- Replace :mc-cmd:`ALIAS ` with the :mc:`alias ` of the MinIO deployment. - Replace :mc-cmd:`ACCESSKEY ` with the access key for the user. MinIO allows retrieving the access key after - user creation through the :mc-cmd:`mc admin user info` command. + user creation through the :mc:`mc admin user info` command. - Replace :mc-cmd:`SECRETKEY ` with the secret key for the user. MinIO *does not* provide any method for retrieving @@ -142,7 +142,7 @@ Specify a unique, random, and long string for both the ``ACCESSKEY`` and ``SECRETKEY``. Your organization may have specific internal or regulatory requirements around generating values for use with access or secret keys. -After creating the user, use :mc-cmd:`mc admin policy attach` to associate a +After creating the user, use :mc:`mc admin policy attach` to associate a :ref:`MinIO Policy Based Access Control ` to the new user. The following command assigns the built-in :userpolicy:`readwrite` policy: @@ -156,7 +156,7 @@ Replace ``USERNAME`` with the ``ACCESSKEY`` created in the previous step. Delete a User ~~~~~~~~~~~~~ -Use the :mc-cmd:`mc admin user remove` command to remove a user on a +Use the :mc:`mc admin user remove` command to remove a user on a MinIO deployment: .. code-block:: shell @@ -164,7 +164,7 @@ MinIO deployment: mc admin user remove ALIAS USERNAME -- Replace :mc-cmd:`ALIAS ` with the +- Replace :mc-cmd:`ALIAS ` with the :mc:`alias ` of the MinIO deployment. - Replace :mc-cmd:`USERNAME ` with the name of diff --git a/source/administration/identity-access-management/policy-based-access-control.rst b/source/administration/identity-access-management/policy-based-access-control.rst index dd4ba4c9..53f0f5df 100644 --- a/source/administration/identity-access-management/policy-based-access-control.rst +++ b/source/administration/identity-access-management/policy-based-access-control.rst @@ -97,7 +97,7 @@ MinIO provides the following built-in policies for assigning to location without requiring any listing. Equivalent to the :policy-action:`s3:PutObject` action. -Use :mc-cmd:`mc admin policy attach` to associate a policy to a +Use :mc:`mc admin policy attach` to associate a policy to a user or group on a MinIO deployment. For example, consider the following table of users. Each user is assigned diff --git a/source/default-conf.py b/source/default-conf.py index 7914ea98..7c878b04 100644 --- a/source/default-conf.py +++ b/source/default-conf.py @@ -51,36 +51,37 @@ extensions = [ # Helpful for sites we tend to make lots of references to. extlinks = { - 'kube-docs' : ('https://kubernetes.io/docs/%s', ''), - 'minio-git' : ('https://github.com/minio/%s',''), - 'github' : ('https://github.com/%s',''), - 'kube-api' : ('https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/%s',''), - 'aws-docs' : ('https://docs.aws.amazon.com/%s',''), - 's3-docs' : ('https://docs.aws.amazon.com/AmazonS3/latest/userguide/%s',''), - 's3-api' : ('https://docs.aws.amazon.com/AmazonS3/latest/API/%s',''), - 'iam-docs' : ('https://docs.aws.amazon.com/IAM/latest/UserGuide/%s',''), - 'minio-release' : ('https://github.com/minio/minio/releases/tag/%s',''), - 'mc-release' : ('https://github.com/minio/mc/releases/tag/%s',''), - 'prometheus-docs' : ('https://prometheus.io/docs/%s',''), - 'podman-docs' : ('https://docs.podman.io/en/latest/%s',''), - 'podman-git' : ('https://github.com/containers/podman/%s',''), - 'docker-docs' : ('https://docs.docker.com/%s', ''), - 'openshift-docs' : ('https://docs.openshift.com/container-platform/4.11/%s', ''), - 'influxdb-docs' : ('https://docs.influxdata.com/influxdb/v2.4/%s',''), - 'eks-docs' : ('https://docs.aws.amazon.com/eks/latest/userguide/%s',''), - 'minio-web' : ('https://min.io/%s?ref=docs',''), - 'minio-docs' : ('https://min.io/docs/%s?ref=docs-internal',''), - 'gke-docs' : ('https://cloud.google.com/kubernetes-engine/docs/%s',''), - 'gcp-docs' : ('https://cloud.google.com/compute/docs/%s',''), - 'gcs-docs' : ('https://cloud.google.com/storage/docs/%s',''), - 'aks-docs' : ('https://learn.microsoft.com/en-us/azure/aks/%s',''), - 'azure-docs' : ('https://learn.microsoft.com/en-us/azure/%s',''), + 'kube-docs' : ('https://kubernetes.io/docs/%s', None), + 'minio-git' : ('https://github.com/minio/%s', None), + 'github' : ('https://github.com/%s', None), + 'kube-api' : ('https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/%s', None), + 'aws-docs' : ('https://docs.aws.amazon.com/%s', None), + 's3-docs' : ('https://docs.aws.amazon.com/AmazonS3/latest/userguide/%s', None), + 's3-api' : ('https://docs.aws.amazon.com/AmazonS3/latest/API/%s', None), + 'iam-docs' : ('https://docs.aws.amazon.com/IAM/latest/UserGuide/%s', None), + 'minio-release' : ('https://github.com/minio/minio/releases/tag/%s', None), + 'mc-release' : ('https://github.com/minio/mc/releases/tag/%s', None), + 'prometheus-docs' : ('https://prometheus.io/docs/%s', None), + 'podman-docs' : ('https://docs.podman.io/en/latest/%s', None), + 'podman-git' : ('https://github.com/containers/podman/%s', None), + 'docker-docs' : ('https://docs.docker.com/%s', None), + 'openshift-docs' : ('https://docs.openshift.com/container-platform/4.11/%s', None), + 'influxdb-docs' : ('https://docs.influxdata.com/influxdb/v2.4/%s', None), + 'eks-docs' : ('https://docs.aws.amazon.com/eks/latest/userguide/%s', None), + 'minio-web' : ('https://min.io/%s?ref=docs', None), + 'minio-docs' : ('https://min.io/docs/%s?ref=docs-internal', None), + 'gke-docs' : ('https://cloud.google.com/kubernetes-engine/docs/%s', None), + 'gcp-docs' : ('https://cloud.google.com/compute/docs/%s', None), + 'gcs-docs' : ('https://cloud.google.com/storage/docs/%s', None), + 'aks-docs' : ('https://learn.microsoft.com/en-us/azure/aks/%s', None), + 'azure-docs' : ('https://learn.microsoft.com/en-us/azure/%s', None), } suppress_warnings = [ 'toc.excluded', 'myst.header', + 'myst.xref_missing', 'ref.myst' ] @@ -99,6 +100,8 @@ exclude_patterns = ['includes/*', '*-template.rst'] # html_baseurl is used by sphinx_sitemap extension to generate a sitemap.xml for each platform. # The sitemaps are combined in a sitemapindex.xml file at the root level. +sitemap_url_scheme = "{link}" + excludes = [] if tags.has("linux"): @@ -177,8 +180,10 @@ elif tags.has("aks"): exclude_patterns.extend(excludes) # MyST Parser Customization -myst_gfm_only = True +#myst_gfm_only = True myst_heading_anchors = 2 +myst_all_links_external=False +myst_url_schemes={'http': None, 'https': None, 'mailto': None, 'ftp': None} # Copy-Button Customization diff --git a/source/includes/common/common-configure-keycloak-identity-management.rst b/source/includes/common/common-configure-keycloak-identity-management.rst index ef22f14a..3abbe320 100644 --- a/source/includes/common/common-configure-keycloak-identity-management.rst +++ b/source/includes/common/common-configure-keycloak-identity-management.rst @@ -266,7 +266,7 @@ Select :guilabel:`Save` to apply the configuration. .. start-configure-keycloak-minio-cli -You can use the :mc:`mc admin idp openid add` command to create a new configuration for the Keycloak service. +You can use the :mc-cmd:`mc admin idp openid add` command to create a new configuration for the Keycloak service. The command takes all supported :ref:`OpenID Configuration Settings `: .. code-block:: shell diff --git a/source/includes/k8s/steps-configure-ad-ldap-external-identity-management.rst b/source/includes/k8s/steps-configure-ad-ldap-external-identity-management.rst index 02c374c3..c102d7f0 100644 --- a/source/includes/k8s/steps-configure-ad-ldap-external-identity-management.rst +++ b/source/includes/k8s/steps-configure-ad-ldap-external-identity-management.rst @@ -81,13 +81,13 @@ You must explicitly assign MinIO policies to a given user or group Distinguished The following example assumes an existing :ref:`alias ` configured for the MinIO Tenant. -Use the :mc-cmd:`mc admin policy set` command to assign a user or group DN to an existing MinIO Policy: +Use the :mc:`mc admin policy attach` command to assign a user or group DN to an existing MinIO Policy: .. code-block:: shell :class: copyable - mc admin policy set minio-tenant POLICY user='uid=primary,cn=applications,dc=domain,dc=com' - mc admin policy set minio-tenant policy group='cn=applications,ou=groups,dc=domain,dc=com' + mc admin policy attach minio-tenant POLICY user='uid=primary,cn=applications,dc=domain,dc=com' + mc admin policy attach minio-tenant POLICY group='cn=applications,ou=groups,dc=domain,dc=com' Replace ``POLICY`` with the name of the MinIO policy to assign to the user or group DN. diff --git a/source/includes/k8s/steps-configure-openid-external-identity-management.rst b/source/includes/k8s/steps-configure-openid-external-identity-management.rst index f2de2651..6c057f0a 100644 --- a/source/includes/k8s/steps-configure-openid-external-identity-management.rst +++ b/source/includes/k8s/steps-configure-openid-external-identity-management.rst @@ -100,7 +100,7 @@ Consider the following example policy that grants general S3 API access on only ] } -Use the :mc-cmd:`mc admin policy add` command to create a policy for use by an OIDC user: +Use the :mc:`mc admin policy attach` command to create a policy for use by an OIDC user: .. code-block:: shell :class: copyable diff --git a/source/operations/external-iam.rst b/source/operations/external-iam.rst index 2734656f..c4b205a9 100644 --- a/source/operations/external-iam.rst +++ b/source/operations/external-iam.rst @@ -176,7 +176,7 @@ MinIO uses :ref:`Policy Based Access Control (PBAC) ` t When using an Active Directory/LDAP server for identity management (authentication), MinIO maintains control over access (authorization) through PBAC. When a user successfully authenticates to MinIO using their AD/LDAP credentials, MinIO searches for all :ref:`policies ` which are explicitly associated to that user's Distinguished Name (DN). -Specifically, the policy must be assigned to a user with a matching DN using the :mc-cmd:`mc admin policy attach` command. +Specifically, the policy must be assigned to a user with a matching DN using the :mc:`mc admin policy attach` command. MinIO also supports querying for the user's AD/LDAP group membership. MinIO attempts to match existing policies to the DN for each of the user's groups. diff --git a/source/operations/external-iam/configure-keycloak-identity-management.rst b/source/operations/external-iam/configure-keycloak-identity-management.rst index a0aaf6d1..1940ed4e 100644 --- a/source/operations/external-iam/configure-keycloak-identity-management.rst +++ b/source/operations/external-iam/configure-keycloak-identity-management.rst @@ -221,7 +221,7 @@ You can validate the functionality by using the Admin REST API with the MinIO cl MinIO supports multiple methods for configuring Keycloak Admin API Support: -- Using a terminal/shell and the :mc-cmd:`mc admin idp openid` command +- Using a terminal/shell and the :mc:`mc admin idp openid` command - Using environment variables set prior to starting MinIO .. tab-set:: diff --git a/source/operations/troubleshooting.rst b/source/operations/troubleshooting.rst index 25ec9327..377e876e 100644 --- a/source/operations/troubleshooting.rst +++ b/source/operations/troubleshooting.rst @@ -229,7 +229,7 @@ Enabling or Disabling Call Home ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Call Home is **disabled** by default. -You can :mc-cmd:`~mc support callhome enable` and :mc-cmd:`~mc support callhome disable` Call Home functionality at any time using the MinIO Client's :mc-cmd:`mc support callhome` commands. +You can :mc-cmd:`~mc support callhome enable` and :mc-cmd:`~mc support callhome disable` Call Home functionality at any time using the MinIO Client's :mc:`mc support callhome` commands. The command and its subcommands allow you to enable Call Home uploads for only the diagnostics, only the error logs, or both. Refer to the documentation on the commands for more details. diff --git a/source/reference/minio-mc-admin/mc-admin-user-disable.rst b/source/reference/minio-mc-admin/mc-admin-user-disable.rst index 5f8335a4..2d65d932 100644 --- a/source/reference/minio-mc-admin/mc-admin-user-disable.rst +++ b/source/reference/minio-mc-admin/mc-admin-user-disable.rst @@ -89,7 +89,7 @@ Use :mc-cmd:`mc admin user disable` to disable a user on a MinIO deployment. mc admin user disable ALIAS USERNAME -- Replace :mc-cmd:`ALIAS ` with the :mc-cmd:`alias ` of the MinIO deployment. +- Replace :mc-cmd:`ALIAS ` with the :mc-cmd:`alias ` of the MinIO deployment. - Replace :mc-cmd:`USERNAME ` with the username of the user to disable. diff --git a/source/reference/minio-mc-admin/mc-admin-user-remove.rst b/source/reference/minio-mc-admin/mc-admin-user-remove.rst index 89ce9263..83aa4c2c 100644 --- a/source/reference/minio-mc-admin/mc-admin-user-remove.rst +++ b/source/reference/minio-mc-admin/mc-admin-user-remove.rst @@ -85,7 +85,7 @@ Use :mc-cmd:`mc admin user remove` to remove a user from a MinIO deployment: mc admin user remove ALIAS USERNAME -- Replace :mc-cmd:`ALIAS ` with the :mc-cmd:`alias ` of the MinIO deployment. +- Replace :mc-cmd:`ALIAS ` with the :mc-cmd:`alias ` of the MinIO deployment. - Replace :mc-cmd:`USERNAME ` with the username of the user to remove. diff --git a/source/reference/minio-mc-admin/mc-admin-user-svcacct-info.rst b/source/reference/minio-mc-admin/mc-admin-user-svcacct-info.rst index 745d3aa0..f9b68d0a 100644 --- a/source/reference/minio-mc-admin/mc-admin-user-svcacct-info.rst +++ b/source/reference/minio-mc-admin/mc-admin-user-svcacct-info.rst @@ -18,10 +18,12 @@ Syntax .. start-mc-admin-svcacct-info-desc -The :mc-cmd:`mc admin user svcacct info` command returns a description of the specified access key. +The :mc-cmd:`mc admin user svcacct info` command returns a description of the specified :ref:`access key `. .. end-mc-admin-svcacct-info-desc +"Access Keys" have equivalent functionality to and replace the concept of "Service Accounts" in MinIO. + The description output includes the following details, as available: - Access Key @@ -42,7 +44,7 @@ Use :mc-cmd:`~mc admin user svcacct info --policy` to view the attached policies .. code-block:: shell :class: copyable - mc admin user svcacct info myminio myuserserviceaccount + mc admin user svcacct info myminio myuseraccesskey .. tab-item:: SYNTAX @@ -54,7 +56,7 @@ Use :mc-cmd:`~mc admin user svcacct info --policy` to view the attached policies mc [GLOBALFLAGS] admin user svcacct info \ [--policy] \ ALIAS \ - SERVICEACCOUNT + ACCESSKEY .. include:: /includes/common-minio-mc.rst :start-after: start-minio-syntax @@ -69,11 +71,16 @@ Parameters The :mc-cmd:`alias ` of the MinIO deployment. -.. mc-cmd:: SERVICEACCOUNT +.. mc-cmd:: ACCESSKEY :required: The service account access key to display. +.. mc-cmd:: --policy + :optional: + + Displays policies attached to the specified service account. + Global Flags ~~~~~~~~~~~~ @@ -93,11 +100,11 @@ Use :mc-cmd:`mc admin user svcacct info` to display details of a service account .. code-block:: shell :class: copyable - mc admin user svcacct info ALIAS SERVICEACCOUNT + mc admin user svcacct info ALIAS ACCESSKEY - Replace :mc-cmd:`ALIAS ` with the :mc-cmd:`alias ` of the MinIO deployment. -- Replace :mc-cmd:`SERVICEACCOUNT ` with the service account access key. +- Replace :mc-cmd:`ACCESSKEY ` with the service account access key. The output resembles the following: @@ -120,11 +127,11 @@ Use :mc-cmd:`mc admin user svcacct info` to display the policies attached to ser .. code-block:: shell :class: copyable - mc admin user svcacct info --policy ALIAS SERVICEACCOUNT + mc admin user svcacct info --policy ALIAS ACCESSKEY - Replace :mc-cmd:`ALIAS ` with the :mc-cmd:`alias ` of the MinIO deployment. -- Replace :mc-cmd:`SERVICEACCOUNT ` with the service account access key. +- Replace :mc-cmd:`ACCESSKEY ` with the service account access key. The output resembles the following: diff --git a/source/url-excludes.yaml b/source/url-excludes.yaml index 70aea572..c89db14c 100644 --- a/source/url-excludes.yaml +++ b/source/url-excludes.yaml @@ -8,6 +8,7 @@ excludes: - 'operations/install-deploy-manage/delete-minio-tenant.rst' - 'operations/install-deploy-manage/minio-operator-console.rst' - 'operations/deploy-manage-tenants.rst' +- 'developers/sts-for-operator.rst' - 'reference/kubectl-minio-plugin.rst' - 'reference/kubectl-minio-plugin/kubectl-minio-delete.rst' - 'reference/kubectl-minio-plugin/kubectl-minio-init.rst' diff --git a/sphinxext/cond.py b/sphinxext/cond.py index 9f73dd19..b5d6792a 100644 --- a/sphinxext/cond.py +++ b/sphinxext/cond.py @@ -12,7 +12,6 @@ from docutils import nodes from docutils.nodes import Element, Node from docutils.parsers.rst import Directive, directives from sphinx.util.docutils import SphinxDirective -from docutils.utils import SafeString from sphinx.util.nodes import nested_parse_with_titles, set_source_info, Node from typing import TYPE_CHECKING, Any, Dict, List, cast @@ -33,7 +32,7 @@ class Cond(Directive): try: result = config._raw_config['tags'].eval_condition(self.arguments[0]) except ValueError as err: - raise self.severe(u'Error parsing conditional parsing expression: {}'.format(SafeString(str(err)))) + raise self.severe(u'Error parsing conditional parsing expression: {}'.format(str(err))) if result: node = nodes.Element() @@ -58,7 +57,7 @@ class CondPlus(SphinxDirective): try: result = config._raw_config['tags'].eval_condition(self.arguments[0]) except ValueError as err: - raise self.severe(u'Error parsing conditional parsing expression: {}'.format(SafeString(str(err)))) + raise self.severe(u'Error parsing conditional parsing expression: {}'.format(str(err))) if not result: # early exit if we know there's no match