RepoMirrors/ceph
1
0
Fork 0
mirror of https://github.com/ceph/ceph synced 2025-02-23 11:07:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

rgw: Refactored code for Create/Get/Modify/Delete/List Role(s) REST APIs.

Browse Source 
Signed-off-by: Pritha Srivastava <prsrivas@redhat.com>
This commit is contained in:
Pritha Srivastava 2016-11-23 12:31:09 +05:30
parent ce46be9878
commit d91c0b2788
8 changed files with 296 additions and 473 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/rgw/CMakeLists.txt
View File

@ -87,6 +87,7 @@ set(rgw_a_srcs
rgw_rest_opstate.cc
rgw_rest_realm.cc
rgw_rest_replica_log.cc
rgw_rest_role.cc
rgw_rest_s3.cc
rgw_rest_swift.cc
rgw_rest_usage.cc

182
src/rgw/rgw_op.cc
View File

@ -5571,188 +5571,6 @@ int RGWHandler::error_handler(int err_no, string *error_content) {
return err_no;
}
int RGWCreateRole::verify_permission()
{
if (s->auth_identity->is_anonymous()) {
return -EACCES;
}
if (!verify_user_permission(s, RGW_PERM_WRITE)) {
return -EACCES;
}
return 0;
}
void RGWCreateRole::pre_exec()
{
rgw_bucket_object_pre_exec(s);
}
void RGWCreateRole::execute()
{
op_ret = get_params();
if (op_ret < 0) {
return;
}
RGWRole role(s->cct, store, role_name, role_path, trust_policy);
op_ret = role.create(true);
if (op_ret == -EEXIST) {
op_ret = -ERR_ROLE_EXISTS;
}
if (op_ret == 0) {
s->formatter->open_object_section("role");
role.dump(s->formatter);
s->formatter->close_section();
}
}
int RGWDeleteRole::verify_permission()
{
if (s->auth_identity->is_anonymous()) {
return -EACCES;
}
if (!verify_user_permission(s, RGW_PERM_WRITE)) {
return -EACCES;
}
return 0;
}
void RGWDeleteRole::pre_exec()
{
rgw_bucket_object_pre_exec(s);
}
void RGWDeleteRole::execute()
{
op_ret = get_params();
if (op_ret < 0) {
return;
}
RGWRole role(s->cct, store, role_name);
op_ret = role.delete_obj();
if (op_ret == -ENOENT) {
op_ret = -ERR_NO_ROLE_FOUND;
}
}
int RGWGetRole::verify_permission()
{
if (s->auth_identity->is_anonymous()) {
return -EACCES;
}
if (!verify_user_permission(s, RGW_PERM_READ)) {
return -EACCES;
}
return 0;
}
void RGWGetRole::pre_exec()
{
rgw_bucket_object_pre_exec(s);
}
void RGWGetRole::execute()
{
op_ret = get_params();
if (op_ret < 0) {
return;
}
RGWRole role(s->cct, store, role_name);
op_ret = role.get();
if (op_ret == -ENOENT) {
op_ret = -ERR_NO_ROLE_FOUND;
}
if (op_ret == 0) {
s->formatter->open_object_section("role");
role.dump(s->formatter);
s->formatter->close_section();
}
}
int RGWModifyRole::verify_permission()
{
if (s->auth_identity->is_anonymous()) {
return -EACCES;
}
if (!verify_user_permission(s, RGW_PERM_WRITE)) {
return -EACCES;
}
return 0;
}
void RGWModifyRole::pre_exec()
{
rgw_bucket_object_pre_exec(s);
}
void RGWModifyRole::execute()
{
op_ret = get_params();
if (op_ret < 0) {
return;
}
RGWRole role(s->cct, store, role_name);
op_ret = role.get();
if (op_ret == -ENOENT) {
op_ret = -ERR_NO_ROLE_FOUND;
}
if (op_ret == 0) {
role.update_trust_policy(trust_policy);
op_ret = role.update();
}
}
int RGWListRoles::verify_permission()
{
if (s->auth_identity->is_anonymous()) {
return -EACCES;
}
if (!verify_user_permission(s, RGW_PERM_READ)) {
return -EACCES;
}
return 0;
}
void RGWListRoles::pre_exec()
{
rgw_bucket_object_pre_exec(s);
}
void RGWListRoles::execute()
{
op_ret = get_params();
if (op_ret < 0) {
return;
}
vector<RGWRole> result;
op_ret = RGWRole::get_roles_by_path_prefix(store, s->cct, path_prefix, result);
if (op_ret == 0) {
s->formatter->open_array_section("Roles");
for (const auto& it : result) {
s->formatter->open_object_section("role");
it.dump(s->formatter);
s->formatter->close_section();
}
s->formatter->close_section();
}
}
int RGWPutRolePolicy::verify_permission()
{
if (s->auth_identity->is_anonymous()) {

98
src/rgw/rgw_op.h
View File

@ -633,104 +633,6 @@ public:
virtual uint32_t op_mask() { return RGW_OP_TYPE_DELETE; }
};
class RGWCreateRole : public RGWOp {
protected:
string role_name;
string role_path;
string trust_policy;
public:
RGWCreateRole() = default;
int verify_permission() override;
void pre_exec() override;
void execute() override;
virtual void init(RGWRados *store, struct req_state *s, RGWHandler *h) {
RGWOp::init(store, s, h);
}
virtual int get_params() { return 0; }
virtual void send_response() override = 0;
virtual const string name() override { return "create_role"; }
virtual RGWOpType get_type() override { return RGW_OP_CREATE_ROLE; }
virtual uint32_t op_mask() override { return RGW_OP_TYPE_WRITE; }
};
class RGWDeleteRole : public RGWOp {
protected:
string role_name;
public:
RGWDeleteRole() = default;
int verify_permission() override;
void pre_exec() override;
void execute() override;
virtual void init(RGWRados *store, struct req_state *s, RGWHandler *h) {
RGWOp::init(store, s, h);
}
virtual int get_params() { return 0; }
virtual void send_response() override = 0;
virtual const string name() override { return "delete_role"; }
virtual RGWOpType get_type() override { return RGW_OP_DELETE_ROLE; }
virtual uint32_t op_mask() override { return RGW_OP_TYPE_WRITE; }
};
class RGWGetRole : public RGWOp {
protected:
string role_name;
public:
RGWGetRole() = default;
int verify_permission() override;
void pre_exec() override;
void execute() override;
virtual void init(RGWRados *store, struct req_state *s, RGWHandler *h) {
RGWOp::init(store, s, h);
}
virtual int get_params() { return 0; }
virtual void send_response() override = 0;
virtual const string name() override { return "get_role"; }
virtual RGWOpType get_type() override { return RGW_OP_GET_ROLE; }
virtual uint32_t op_mask() override { return RGW_OP_TYPE_READ; }
};
class RGWModifyRole : public RGWOp {
protected:
string role_name;
string trust_policy;
public:
RGWModifyRole() = default;
int verify_permission() override;
void pre_exec() override;
void execute() override;
virtual void init(RGWRados *store, struct req_state *s, RGWHandler *h) {
RGWOp::init(store, s, h);
}
virtual int get_params() { return 0; }
virtual void send_response() override = 0;
virtual const string name() override { return "modify_role"; }
virtual RGWOpType get_type() override { return RGW_OP_MODIFY_ROLE; }
virtual uint32_t op_mask() override { return RGW_OP_TYPE_WRITE; }
};
class RGWListRoles : public RGWOp {
protected:
string path_prefix;
public:
RGWListRoles() = default;
int verify_permission() override;
void pre_exec() override;
void execute() override;
virtual void init(RGWRados *store, struct req_state *s, RGWHandler *h) {
RGWOp::init(store, s, h);
}
virtual int get_params() { return 0; }
virtual void send_response() override = 0;
virtual const string name() override { return "list_roles"; }
virtual RGWOpType get_type() override { return RGW_OP_LIST_ROLES; }
virtual uint32_t op_mask() override { return RGW_OP_TYPE_READ; }
};
class RGWPutRolePolicy : public RGWOp {
protected:
string role_name;

30
src/rgw/rgw_rest.h
View File

@ -385,36 +385,6 @@ public:
~RGWInfo_ObjStore() = default;
};
class RGWCreateRole_ObjStore : public RGWCreateRole {
public:
RGWCreateRole_ObjStore() = default;
~RGWCreateRole_ObjStore() = default;
};
class RGWDeleteRole_ObjStore : public RGWDeleteRole {
public:
RGWDeleteRole_ObjStore() = default;
~RGWDeleteRole_ObjStore() = default;
};
class RGWGetRole_ObjStore : public RGWGetRole {
public:
RGWGetRole_ObjStore() = default;
~RGWGetRole_ObjStore() = default;
};
class RGWModifyRole_ObjStore : public RGWModifyRole {
public:
RGWModifyRole_ObjStore() = default;
~RGWModifyRole_ObjStore() = default;
};
class RGWListRoles_ObjStore : public RGWListRoles {
public:
RGWListRoles_ObjStore() = default;
~RGWListRoles_ObjStore() = default;
};
class RGWPutRolePolicy_ObjStore : public RGWPutRolePolicy {
public:
RGWPutRolePolicy_ObjStore() = default;

213
src/rgw/rgw_rest_role.cc Normal file
View File

@ -0,0 +1,213 @@
#include <errno.h>
#include "common/errno.h"
#include "common/Formatter.h"
#include "common/ceph_json.h"
#include "include/types.h"
#include "rgw_string.h"
#include "rgw_common.h"
#include "rgw_op.h"
#include "rgw_rest.h"
#include "rgw_role.h"
#include "rgw_rest_role.h"
#define dout_subsys ceph_subsys_rgw
using namespace std;
void RGWRestRole::send_response()
{
if (op_ret) {
set_req_state_err(s, op_ret);
}
dump_errno(s);
end_header(s);
}
int RGWRoleRead::verify_permission()
{
if (s->auth_identity->is_anonymous()) {
return -EACCES;
}
if (!verify_user_permission(s, RGW_PERM_READ)) {
return -EACCES;
}
return 0;
}
int RGWRoleWrite::verify_permission()
{
if (s->auth_identity->is_anonymous()) {
return -EACCES;
}
if (!verify_user_permission(s, RGW_PERM_WRITE)) {
return -EACCES;
}
return 0;
}
int RGWCreateRole::get_params()
{
role_name = s->info.args.get("RoleName");
role_path = s->info.args.get("Path");
trust_policy = s->info.args.get("AssumeRolePolicyDocument");
if (role_name.empty() || trust_policy.empty()) {
ldout(s->cct, 20) << "ERROR: one of role name or assume role policy document is empty"
<< dendl;
return -EINVAL;
}
JSONParser p;
if (!p.parse(trust_policy.c_str(), trust_policy.length())) {
ldout(s->cct, 20) << "ERROR: failed to parse assume role policy doc" << dendl;
return -ERR_MALFORMED_DOC;
}
return 0;
}
void RGWCreateRole::execute()
{
op_ret = get_params();
if (op_ret < 0) {
return;
}
RGWRole role(s->cct, store, role_name, role_path, trust_policy);
op_ret = role.create(true);
if (op_ret == -EEXIST) {
op_ret = -ERR_ROLE_EXISTS;
}
if (op_ret == 0) {
s->formatter->open_object_section("role");
role.dump(s->formatter);
s->formatter->close_section();
}
}
int RGWDeleteRole::get_params()
{
role_name = s->info.args.get("RoleName");
if (role_name.empty()) {
ldout(s->cct, 20) << "ERROR: Role name is empty"<< dendl;
return -EINVAL;
}
return 0;
}
void RGWDeleteRole::execute()
{
op_ret = get_params();
if (op_ret < 0) {
return;
}
RGWRole role(s->cct, store, role_name);
op_ret = role.delete_obj();
if (op_ret == -ENOENT) {
op_ret = -ERR_NO_ROLE_FOUND;
}
}
int RGWGetRole::get_params()
{
role_name = s->info.args.get("RoleName");
if (role_name.empty()) {
ldout(s->cct, 20) << "ERROR: Role name is empty"<< dendl;
return -EINVAL;
}
return 0;
}
void RGWGetRole::execute()
{
op_ret = get_params();
if (op_ret < 0) {
return;
}
RGWRole role(s->cct, store, role_name);
op_ret = role.get();
if (op_ret == -ENOENT) {
op_ret = -ERR_NO_ROLE_FOUND;
}
if (op_ret == 0) {
s->formatter->open_object_section("role");
role.dump(s->formatter);
s->formatter->close_section();
}
}
int RGWModifyRole::get_params()
{
role_name = s->info.args.get("RoleName");
trust_policy = s->info.args.get("PolicyDocument");
if (role_name.empty() || trust_policy.empty()) {
ldout(s->cct, 20) << "ERROR: One of role name or trust policy is empty"<< dendl;
return -EINVAL;
}
JSONParser p;
if (!p.parse(trust_policy.c_str(), trust_policy.length())) {
ldout(s->cct, 20) << "ERROR: failed to parse assume role policy doc" << dendl;
return -ERR_MALFORMED_DOC;
}
return 0;
}
void RGWModifyRole::execute()
{
op_ret = get_params();
if (op_ret < 0) {
return;
}
RGWRole role(s->cct, store, role_name);
op_ret = role.get();
if (op_ret == -ENOENT) {
op_ret = -ERR_NO_ROLE_FOUND;
}
if (op_ret == 0) {
role.update_trust_policy(trust_policy);
op_ret = role.update();
}
}
int RGWListRoles::get_params()
{
path_prefix = s->info.args.get("PathPrefix");
return 0;
}
void RGWListRoles::execute()
{
op_ret = get_params();
if (op_ret < 0) {
return;
}
vector<RGWRole> result;
op_ret = RGWRole::get_roles_by_path_prefix(store, s->cct, path_prefix, result);
if (op_ret == 0) {
s->formatter->open_array_section("Roles");
for (const auto& it : result) {
s->formatter->open_object_section("role");
it.dump(s->formatter);
s->formatter->close_section();
}
s->formatter->close_section();
}
}

76
src/rgw/rgw_rest_role.h Normal file
View File

@ -0,0 +1,76 @@
#ifndef CEPH_RGW_REST_ROLE_H
#define CEPH_RGW_REST_ROLE_H
class RGWRestRole : public RGWOp {
protected:
string role_name;
string role_path;
string trust_policy;
string policy_name;
string perm_policy;
string path_prefix;
public:
virtual void send_response() override;
};
class RGWRoleRead : public RGWRestRole {
public:
RGWRoleRead() = default;
virtual int verify_permission() override;
virtual uint32_t op_mask() override { return RGW_OP_TYPE_READ; }
};
class RGWRoleWrite : public RGWRestRole {
public:
RGWRoleWrite() = default;
virtual int verify_permission() override;
virtual uint32_t op_mask() override { return RGW_OP_TYPE_WRITE; }
};
class RGWCreateRole : public RGWRoleWrite {
public:
RGWCreateRole() = default;
void execute() override;
int get_params();
const string name() override { return "create_role"; }
RGWOpType get_type() override { return RGW_OP_CREATE_ROLE; }
};
class RGWDeleteRole : public RGWRoleWrite {
public:
RGWDeleteRole() = default;
void execute() override;
int get_params();
const string name() override { return "delete_role"; }
RGWOpType get_type() override { return RGW_OP_DELETE_ROLE; }
};
class RGWGetRole : public RGWRoleRead {
public:
RGWGetRole() = default;
void execute() override;
int get_params();
const string name() override { return "get_role"; }
RGWOpType get_type() override { return RGW_OP_GET_ROLE; }
};
class RGWModifyRole : public RGWRoleWrite {
public:
RGWModifyRole() = default;
void execute() override;
int get_params();
const string name() override { return "modify_role"; }
RGWOpType get_type() override { return RGW_OP_MODIFY_ROLE; }
};
class RGWListRoles : public RGWRoleRead {
public:
RGWListRoles() = default;
void execute() override;
int get_params();
const string name() override { return "list_roles"; }
RGWOpType get_type() override { return RGW_OP_LIST_ROLES; }
};
#endif /* CEPH_RGW_REST_ROLE_H */

124
src/rgw/rgw_rest_s3.cc
View File

@ -31,6 +31,7 @@
#include "rgw_ldap.h"
#include "rgw_token.h"
#include "rgw_rest_role.h"
#include "include/assert.h"
#define dout_context g_ceph_context
@ -1303,119 +1304,6 @@ int RGWPutObj_ObjStore_S3::get_data(bufferlist& bl)
return ret;
}
int RGWCreateRole_ObjStore_S3::get_params()
{
role_name = s->info.args.get("RoleName");
role_path = s->info.args.get("Path");
trust_policy = s->info.args.get("AssumeRolePolicyDocument");
if (role_name.empty() || trust_policy.empty()) {
ldout(s->cct, 20) << "ERROR: one of role name or assume role policy document is empty"
<< dendl;
return -EINVAL;
}
JSONParser p;
if (!p.parse(trust_policy.c_str(), trust_policy.length())) {
ldout(s->cct, 20) << "ERROR: failed to parse assume role policy doc" << dendl;
return -ERR_MALFORMED_DOC;
}
return 0;
}
void RGWCreateRole_ObjStore_S3::send_response()
{
if (op_ret) {
set_req_state_err(s, op_ret);
}
dump_errno(s);
end_header(s);
}
int RGWDeleteRole_ObjStore_S3::get_params()
{
role_name = s->info.args.get("RoleName");
if (role_name.empty()) {
ldout(s->cct, 20) << "ERROR: Role name is empty"<< dendl;
return -EINVAL;
}
return 0;
}
void RGWDeleteRole_ObjStore_S3::send_response()
{
if (op_ret) {
set_req_state_err(s, op_ret);
}
dump_errno(s);
end_header(s);
}
int RGWGetRole_ObjStore_S3::get_params()
{
role_name = s->info.args.get("RoleName");
if (role_name.empty()) {
ldout(s->cct, 20) << "ERROR: Role name is empty"<< dendl;
return -EINVAL;
}
return 0;
}
void RGWGetRole_ObjStore_S3::send_response()
{
if (op_ret) {
set_req_state_err(s, op_ret);
}
dump_errno(s);
end_header(s);
}
int RGWModifyRole_ObjStore_S3::get_params()
{
role_name = s->info.args.get("RoleName");
trust_policy = s->info.args.get("PolicyDocument");
if (role_name.empty() || trust_policy.empty()) {
ldout(s->cct, 20) << "ERROR: One of role name or trust policy is empty"<< dendl;
return -EINVAL;
}
JSONParser p;
if (!p.parse(trust_policy.c_str(), trust_policy.length())) {
ldout(s->cct, 20) << "ERROR: failed to parse assume role policy doc" << dendl;
return -ERR_MALFORMED_DOC;
}
return 0;
}
void RGWModifyRole_ObjStore_S3::send_response()
{
if (op_ret) {
set_req_state_err(s, op_ret);
}
dump_errno(s);
end_header(s);
}
int RGWListRoles_ObjStore_S3::get_params()
{
path_prefix = s->info.args.get("PathPrefix");
return 0;
}
void RGWListRoles_ObjStore_S3::send_response()
{
if (op_ret) {
set_req_state_err(s, op_ret);
}
dump_errno(s);
end_header(s);
}
int RGWPutRolePolicy_ObjStore_S3::get_params()
{
role_name = s->info.args.get("RoleName");
@ -3121,15 +3009,15 @@ RGWOp *RGWHandler_REST_Service_S3::op_post()
if (s->info.args.exists("Action")) {
string action = s->info.args.get("Action");
if (action.compare("CreateRole") == 0)
return new RGWCreateRole_ObjStore_S3;
return new RGWCreateRole;
if (action.compare("DeleteRole") == 0)
return new RGWDeleteRole_ObjStore_S3;
return new RGWDeleteRole;
if (action.compare("GetRole") == 0)
return new RGWGetRole_ObjStore_S3;
return new RGWGetRole;
if (action.compare("UpdateAssumeRolePolicy") == 0)
return new RGWModifyRole_ObjStore_S3;
return new RGWModifyRole;
if (action.compare("ListRoles") == 0)
return new RGWListRoles_ObjStore_S3;
return new RGWListRoles;
if (action.compare("PutRolePolicy") == 0)
return new RGWPutRolePolicy_ObjStore_S3;
if (action.compare("GetRolePolicy") == 0)

45
src/rgw/rgw_rest_s3.h
View File

@ -178,51 +178,6 @@ public:
bufferlist& bl_out);
};
class RGWCreateRole_ObjStore_S3 : public RGWCreateRole_ObjStore {
public:
RGWCreateRole_ObjStore_S3() = default;
~RGWCreateRole_ObjStore_S3() = default;
int get_params() override;
void send_response() override;
};
class RGWDeleteRole_ObjStore_S3 : public RGWDeleteRole_ObjStore {
public:
RGWDeleteRole_ObjStore_S3() = default;
~RGWDeleteRole_ObjStore_S3() = default;
int get_params() override;
void send_response() override;
};
class RGWGetRole_ObjStore_S3 : public RGWGetRole_ObjStore {
public:
RGWGetRole_ObjStore_S3() = default;
~RGWGetRole_ObjStore_S3() = default;
int get_params() override;
void send_response() override;
};
class RGWModifyRole_ObjStore_S3 : public RGWModifyRole_ObjStore {
public:
RGWModifyRole_ObjStore_S3() = default;
~RGWModifyRole_ObjStore_S3() = default;
int get_params() override;
void send_response() override;
};
class RGWListRoles_ObjStore_S3 : public RGWListRoles_ObjStore {
public:
RGWListRoles_ObjStore_S3() = default;
~RGWListRoles_ObjStore_S3() = default;
int get_params() override;
void send_response() override;
};
class RGWPutRolePolicy_ObjStore_S3 : public RGWPutRolePolicy_ObjStore {
public:
RGWPutRolePolicy_ObjStore_S3() = default;