rgw/acl/s3: create_policy_from_headers() as free function

Signed-off-by: Casey Bodley <cbodley@redhat.com>
2025-01-19 17:41:39 +00:00 · 2023-11-16 16:38:31 -05:00 · 2023-11-16 16:38:31 -05:00 · 3353abb549
commit 3353abb549
parent bce77ab23b
5 changed files with 48 additions and 72 deletions
--- a/src/rgw/rgw_acl_s3.cc
+++ b/src/rgw/rgw_acl_s3.cc
@ -7,6 +7,7 @@
 #include <map>

 #include "include/types.h"
+#include "common/split.h"

 #include "rgw_acl_s3.h"
 #include "rgw_user.h"
@ -285,16 +286,11 @@ struct s3_acl_header {
  const char *http_header;
 };

-static const char *get_acl_header(const RGWEnv *env,
-        const struct s3_acl_header *perm)
-{
-  const char *header = perm->http_header;
-
-  return env->get(header, NULL);
-}
-
-static int parse_grantee_str(const DoutPrefixProvider *dpp, rgw::sal::Driver* driver, string& grantee_str,
-        const struct s3_acl_header *perm, ACLGrant& grant)
+static int parse_grantee_str(const DoutPrefixProvider* dpp,
+                             rgw::sal::Driver* driver,
+                             const std::string& grantee_str,
+                             const s3_acl_header* perm,
+                             ACLGrant& grant)
 {
  string id_type, id_val_quoted;
  int rgw_perm = perm->rgw_perm;
@ -333,27 +329,22 @@ static int parse_grantee_str(const DoutPrefixProvider *dpp, rgw::sal::Driver* dr
  return 0;
 }

-static int parse_acl_header(const DoutPrefixProvider *dpp, rgw::sal::Driver* driver,
-			    const RGWEnv *env, const struct s3_acl_header *perm,
-			    std::list<ACLGrant>& _grants)
+static int parse_acl_header(const DoutPrefixProvider* dpp, rgw::sal::Driver* driver,
+                            const RGWEnv& env, const s3_acl_header* perm,
+                            RGWAccessControlList& acl)
 {
-  std::list<string> grantees;
-  std::string hacl_str;
-
-  const char *hacl = get_acl_header(env, perm);
-  if (hacl == NULL)
+  const char* hacl = env.get(perm->http_header, nullptr);
+  if (hacl == nullptr) {
    return 0;
+  }

-  hacl_str = hacl;
-  get_str_list(hacl_str, ",", grantees);
-
-  for (list<string>::iterator it = grantees.begin(); it != grantees.end(); ++it) {
+  for (std::string_view grantee : ceph::split(hacl, ",")) {
    ACLGrant grant;
-    int ret = parse_grantee_str(dpp, driver, *it, perm, grant);
+    int ret = parse_grantee_str(dpp, driver, std::string{grantee}, perm, grant);
    if (ret < 0)
      return ret;

-    _grants.push_back(grant);
+    acl.add_grant(grant);
  }

  return 0;
@ -409,21 +400,6 @@ static int create_canned(const ACLOwner& owner, const ACLOwner& bucket_owner,
  return 0;
 }

-int RGWAccessControlList_S3::create_from_grants(std::list<ACLGrant>& grants)
-{
-  if (grants.empty())
-    return -EINVAL;
-
-  acl_user_map.clear();
-  grant_map.clear();
-
-  for (const auto& g : grants) {
-    add_grant(g);
-  }
-
-  return 0;
-}
-
 bool RGWAccessControlPolicy_S3::xml_end(const char *el) {
  RGWAccessControlList_S3 *s3acl =
      static_cast<RGWAccessControlList_S3 *>(find_first("AccessControlList"));
@ -457,28 +433,6 @@ static const s3_acl_header acl_header_perms[] = {
  {0, NULL}
 };

-int RGWAccessControlPolicy_S3::create_from_headers(const DoutPrefixProvider *dpp,
-						   rgw::sal::Driver* driver,
-						   const RGWEnv *env, ACLOwner& _owner)
-{
-  std::list<ACLGrant> grants;
-  int r = 0;
-
-  for (const struct s3_acl_header *p = acl_header_perms; p->rgw_perm; p++) {
-    r = parse_acl_header(dpp, driver, env, p, grants);
-    if (r < 0) {
-      return r;
-    }
-  }
-
-  RGWAccessControlList_S3& _acl = static_cast<RGWAccessControlList_S3 &>(acl);
-  r = _acl.create_from_grants(grants);
-
-  owner = _owner;
-
-  return r;
-}
-
 /*
  can only be called on object that was parsed
 */
@ -644,4 +598,23 @@ int create_canned_acl(const ACLOwner& owner,
  return create_canned(owner, bucket_owner, canned_acl, policy.get_acl());
 }

+int create_policy_from_headers(const DoutPrefixProvider* dpp,
+                               rgw::sal::Driver* driver,
+                               const ACLOwner& owner,
+                               const RGWEnv& env,
+                               RGWAccessControlPolicy& policy)
+{
+  policy.set_owner(owner);
+  auto& acl = policy.get_acl();
+
+  for (const s3_acl_header* p = acl_header_perms; p->rgw_perm; p++) {
+    int r = parse_acl_header(dpp, driver, env, p, acl);
+    if (r < 0) {
+      return r;
+    }
+  }
+
+  return 0;
+}
+
 } // namespace rgw::s3
--- a/src/rgw/rgw_acl_s3.h
+++ b/src/rgw/rgw_acl_s3.h
@ -54,8 +54,6 @@ class RGWAccessControlList_S3 : public RGWAccessControlList, public XMLObj
 public:
  bool xml_end(const char *el) override;
  void to_xml(const DoutPrefixProvider* dpp, std::ostream& out);
-
-  int create_from_grants(std::list<ACLGrant>& grants);
 };

 class ACLOwner_S3 : public ACLOwner, public XMLObj
@ -78,9 +76,6 @@ public:
  void to_xml(const DoutPrefixProvider* dpp, std::ostream& out);
  int rebuild(const DoutPrefixProvider *dpp, rgw::sal::Driver* driver, ACLOwner *owner,
 	      RGWAccessControlPolicy& dest, std::string &err_msg);
-
-  int create_from_headers(const DoutPrefixProvider *dpp, rgw::sal::Driver* driver,
-			  const RGWEnv *env, ACLOwner& _owner);
 };

 /**
@ -104,4 +99,11 @@ int create_canned_acl(const ACLOwner& owner,
                      const std::string& canned_acl,
                      RGWAccessControlPolicy& policy);

+/// Construct a policy from x-amz-grant-* request headers.
+int create_policy_from_headers(const DoutPrefixProvider* dpp,
+                               rgw::sal::Driver* driver,
+                               const ACLOwner& owner,
+                               const RGWEnv& env,
+                               RGWAccessControlPolicy& policy);
+
 } // namespace rgw::s3
--- a/src/rgw/rgw_common.cc
+++ b/src/rgw/rgw_common.cc
@ -639,7 +639,7 @@ bool parse_iso8601(const char *s, struct tm *t, uint32_t *pns, bool extended_for
  return true;
 }

-int parse_key_value(string& in_str, const char *delim, string& key, string& val)
+int parse_key_value(const string& in_str, const char *delim, string& key, string& val)
 {
  if (delim == NULL)
    return -EINVAL;
@ -654,7 +654,7 @@ int parse_key_value(string& in_str, const char *delim, string& key, string& val)
  return 0;
 }

-int parse_key_value(string& in_str, string& key, string& val)
+int parse_key_value(const string& in_str, string& key, string& val)
 {
  return parse_key_value(in_str, "=", key,val);
 }
--- a/src/rgw/rgw_common.h
+++ b/src/rgw/rgw_common.h
@ -1490,8 +1490,8 @@ bool rgw_set_amz_meta_header(

 extern std::string rgw_string_unquote(const std::string& s);
 extern void parse_csv_string(const std::string& ival, std::vector<std::string>& ovals);
-extern int parse_key_value(std::string& in_str, std::string& key, std::string& val);
-extern int parse_key_value(std::string& in_str, const char *delim, std::string& key, std::string& val);
+extern int parse_key_value(const std::string& in_str, std::string& key, std::string& val);
+extern int parse_key_value(const std::string& in_str, const char *delim, std::string& key, std::string& val);

 extern boost::optional<std::pair<std::string_view,std::string_view>>
 parse_key_value(const std::string_view& in_str,
--- a/src/rgw/rgw_rest_s3.cc
+++ b/src/rgw/rgw_rest_s3.cc
@ -2384,13 +2384,14 @@ void RGWStatBucket_ObjStore_S3::send_response()

 static int create_s3_policy(req_state *s, rgw::sal::Driver* driver,
 			    RGWAccessControlPolicy_S3& s3policy,
-			    ACLOwner& owner)
+			    const ACLOwner& owner)
 {
  if (s->has_acl_header) {
    if (!s->canned_acl.empty())
      return -ERR_INVALID_REQUEST;

-    return s3policy.create_from_headers(s, driver, s->info.env, owner);
+    return rgw::s3::create_policy_from_headers(s, driver, owner,
+                                               *s->info.env, s3policy);
  }

  return rgw::s3::create_canned_acl(owner, s->bucket_owner,