rgw: Refactored code for Create/Get/Modify/Delete/List Role(s) REST APIs.

Signed-off-by: Pritha Srivastava <prsrivas@redhat.com>

src/rgw/CMakeLists.txt

@@ -87,6 +87,7 @@ set(rgw_a_srcs
   rgw_rest_opstate.cc
   rgw_rest_realm.cc
   rgw_rest_replica_log.cc
+  rgw_rest_role.cc
   rgw_rest_s3.cc
   rgw_rest_swift.cc
   rgw_rest_usage.cc

src/rgw/rgw_op.cc

@@ -5571,188 +5571,6 @@ int RGWHandler::error_handler(int err_no, string *error_content) {
   return err_no;
 }
 
-int RGWCreateRole::verify_permission()
-{
-  if (s->auth_identity->is_anonymous()) {
-    return -EACCES;
-  }
-
-  if (!verify_user_permission(s, RGW_PERM_WRITE)) {
-    return -EACCES;
-  }
-
-  return 0;
-}
-
-void RGWCreateRole::pre_exec()
-{
-  rgw_bucket_object_pre_exec(s);
-}
-
-void RGWCreateRole::execute()
-{
-  op_ret = get_params();
-  if (op_ret < 0) {
-    return;
-  }
-  RGWRole role(s->cct, store, role_name, role_path, trust_policy);
-  op_ret = role.create(true);
-
-  if (op_ret == -EEXIST) {
-    op_ret = -ERR_ROLE_EXISTS;
-  }
-
-  if (op_ret == 0) {
-    s->formatter->open_object_section("role");
-    role.dump(s->formatter);
-    s->formatter->close_section();
-  }
-}
-
-int RGWDeleteRole::verify_permission()
-{
-  if (s->auth_identity->is_anonymous()) {
-    return -EACCES;
-  }
-
-  if (!verify_user_permission(s, RGW_PERM_WRITE)) {
-    return -EACCES;
-  }
-
-  return 0;
-}
-
-void RGWDeleteRole::pre_exec()
-{
-  rgw_bucket_object_pre_exec(s);
-}
-
-void RGWDeleteRole::execute()
-{
-  op_ret = get_params();
-  if (op_ret < 0) {
-    return;
-  }
-  RGWRole role(s->cct, store, role_name);
-  op_ret = role.delete_obj();
-
-  if (op_ret == -ENOENT) {
-    op_ret = -ERR_NO_ROLE_FOUND;
-  }
-}
-
-int RGWGetRole::verify_permission()
-{
-  if (s->auth_identity->is_anonymous()) {
-    return -EACCES;
-  }
-
-  if (!verify_user_permission(s, RGW_PERM_READ)) {
-    return -EACCES;
-  }
-
-  return 0;
-}
-
-void RGWGetRole::pre_exec()
-{
-  rgw_bucket_object_pre_exec(s);
-}
-
-void RGWGetRole::execute()
-{
-  op_ret = get_params();
-  if (op_ret < 0) {
-    return;
-  }
-  RGWRole role(s->cct, store, role_name);
-  op_ret = role.get();
-
-  if (op_ret == -ENOENT) {
-    op_ret = -ERR_NO_ROLE_FOUND;
-  }
-
-  if (op_ret == 0) {
-    s->formatter->open_object_section("role");
-    role.dump(s->formatter);
-    s->formatter->close_section();
-  }
-}
-
-int RGWModifyRole::verify_permission()
-{
-  if (s->auth_identity->is_anonymous()) {
-    return -EACCES;
-  }
-
-  if (!verify_user_permission(s, RGW_PERM_WRITE)) {
-    return -EACCES;
-  }
-
-  return 0;
-}
-
-void RGWModifyRole::pre_exec()
-{
-  rgw_bucket_object_pre_exec(s);
-}
-
-void RGWModifyRole::execute()
-{
-  op_ret = get_params();
-  if (op_ret < 0) {
-    return;
-  }
-  RGWRole role(s->cct, store, role_name);
-  op_ret = role.get();
-  if (op_ret == -ENOENT) {
-    op_ret = -ERR_NO_ROLE_FOUND;
-  }
-
-  if (op_ret == 0) {
-    role.update_trust_policy(trust_policy);
-    op_ret = role.update();
-  }
-}
-
-int RGWListRoles::verify_permission()
-{
-  if (s->auth_identity->is_anonymous()) {
-    return -EACCES;
-  }
-
-  if (!verify_user_permission(s, RGW_PERM_READ)) {
-    return -EACCES;
-  }
-
-  return 0;
-}
-
-void RGWListRoles::pre_exec()
-{
-  rgw_bucket_object_pre_exec(s);
-}
-
-void RGWListRoles::execute()
-{
-  op_ret = get_params();
-  if (op_ret < 0) {
-    return;
-  }
-  vector<RGWRole> result;
-  op_ret = RGWRole::get_roles_by_path_prefix(store, s->cct, path_prefix, result);
-
-  if (op_ret == 0) {
-    s->formatter->open_array_section("Roles");
-    for (const auto& it : result) {
-      s->formatter->open_object_section("role");
-      it.dump(s->formatter);
-      s->formatter->close_section();
-    }
-    s->formatter->close_section();
-  }
-}
-
 int RGWPutRolePolicy::verify_permission()
 {
   if (s->auth_identity->is_anonymous()) {

src/rgw/rgw_op.h

@@ -633,104 +633,6 @@ public:
   virtual uint32_t op_mask() { return RGW_OP_TYPE_DELETE; }
 };
 
-class RGWCreateRole : public RGWOp {
-protected:
-  string role_name;
-  string role_path;
-  string trust_policy;
-
-public:
-  RGWCreateRole() = default;
-  int verify_permission() override;
-  void pre_exec() override;
-  void execute() override;
-  virtual void init(RGWRados *store, struct req_state *s, RGWHandler *h) {
-    RGWOp::init(store, s, h);
-  }
-  virtual int get_params() { return 0; }
-  virtual void send_response() override = 0;
-  virtual const string name() override { return "create_role"; }
-  virtual RGWOpType get_type() override { return RGW_OP_CREATE_ROLE; }
-  virtual uint32_t op_mask() override { return RGW_OP_TYPE_WRITE; }
-};
-
-class RGWDeleteRole : public RGWOp {
-protected:
-  string role_name;
-
-public:
-  RGWDeleteRole() = default;
-  int verify_permission() override;
-  void pre_exec() override;
-  void execute() override;
-  virtual void init(RGWRados *store, struct req_state *s, RGWHandler *h) {
-    RGWOp::init(store, s, h);
-  }
-  virtual int get_params() { return 0; }
-  virtual void send_response() override = 0;
-  virtual const string name() override { return "delete_role"; }
-  virtual RGWOpType get_type() override { return RGW_OP_DELETE_ROLE; }
-  virtual uint32_t op_mask() override { return RGW_OP_TYPE_WRITE; }
-};
-
-class RGWGetRole : public RGWOp {
-protected:
-  string role_name;
-
-public:
-  RGWGetRole() = default;
-  int verify_permission() override;
-  void pre_exec() override;
-  void execute() override;
-  virtual void init(RGWRados *store, struct req_state *s, RGWHandler *h) {
-    RGWOp::init(store, s, h);
-  }
-  virtual int get_params() { return 0; }
-  virtual void send_response() override = 0;
-  virtual const string name() override { return "get_role"; }
-  virtual RGWOpType get_type() override { return RGW_OP_GET_ROLE; }
-  virtual uint32_t op_mask() override { return RGW_OP_TYPE_READ; }
-};
-
-class RGWModifyRole : public RGWOp {
-protected:
-  string role_name;
-  string trust_policy;
-
-public:
-  RGWModifyRole() = default;
-  int verify_permission() override;
-  void pre_exec() override;
-  void execute() override;
-  virtual void init(RGWRados *store, struct req_state *s, RGWHandler *h) {
-    RGWOp::init(store, s, h);
-  }
-  virtual int get_params() { return 0; }
-  virtual void send_response() override = 0;
-  virtual const string name() override { return "modify_role"; }
-  virtual RGWOpType get_type() override { return RGW_OP_MODIFY_ROLE; }
-  virtual uint32_t op_mask() override { return RGW_OP_TYPE_WRITE; }
-};
-
-class RGWListRoles : public RGWOp {
-protected:
-  string path_prefix;
-
-public:
-  RGWListRoles() = default;
-  int verify_permission() override;
-  void pre_exec() override;
-  void execute() override;
-  virtual void init(RGWRados *store, struct req_state *s, RGWHandler *h) {
-    RGWOp::init(store, s, h);
-  }
-  virtual int get_params() { return 0; }
-  virtual void send_response() override = 0;
-  virtual const string name() override { return "list_roles"; }
-  virtual RGWOpType get_type() override { return RGW_OP_LIST_ROLES; }
-  virtual uint32_t op_mask() override { return RGW_OP_TYPE_READ; }
-};
-
 class RGWPutRolePolicy : public RGWOp {
 protected:
   string role_name;

src/rgw/rgw_rest.h

@@ -385,36 +385,6 @@ public:
     ~RGWInfo_ObjStore() = default;
 };
 
-class RGWCreateRole_ObjStore : public RGWCreateRole {
-public:
-  RGWCreateRole_ObjStore() = default;
-  ~RGWCreateRole_ObjStore() = default;
-};
-
-class RGWDeleteRole_ObjStore : public RGWDeleteRole {
-public:
-  RGWDeleteRole_ObjStore() = default;
-  ~RGWDeleteRole_ObjStore() = default;
-};
-
-class RGWGetRole_ObjStore : public RGWGetRole {
-public:
-  RGWGetRole_ObjStore() = default;
-  ~RGWGetRole_ObjStore() = default;
-};
-
-class RGWModifyRole_ObjStore : public RGWModifyRole {
-public:
-  RGWModifyRole_ObjStore() = default;
-  ~RGWModifyRole_ObjStore() = default;
-};
-
-class RGWListRoles_ObjStore : public RGWListRoles {
-public:
-  RGWListRoles_ObjStore() = default;
-  ~RGWListRoles_ObjStore() = default;
-};
-
 class RGWPutRolePolicy_ObjStore : public RGWPutRolePolicy {
 public:
   RGWPutRolePolicy_ObjStore() = default;

src/rgw/rgw_rest_role.cc

@@ -0,0 +1,213 @@
+#include <errno.h>
+
+#include "common/errno.h"
+#include "common/Formatter.h"
+#include "common/ceph_json.h"
+
+#include "include/types.h"
+#include "rgw_string.h"
+
+#include "rgw_common.h"
+#include "rgw_op.h"
+#include "rgw_rest.h"
+#include "rgw_role.h"
+#include "rgw_rest_role.h"
+
+#define dout_subsys ceph_subsys_rgw
+
+using namespace std;
+
+void RGWRestRole::send_response()
+{
+  if (op_ret) {
+    set_req_state_err(s, op_ret);
+  }
+  dump_errno(s);
+  end_header(s);
+}
+
+int RGWRoleRead::verify_permission()
+{
+  if (s->auth_identity->is_anonymous()) {
+    return -EACCES;
+  }
+
+  if (!verify_user_permission(s, RGW_PERM_READ)) {
+    return -EACCES;
+  }
+
+  return 0;
+}
+
+int RGWRoleWrite::verify_permission()
+{
+  if (s->auth_identity->is_anonymous()) {
+    return -EACCES;
+  }
+
+  if (!verify_user_permission(s, RGW_PERM_WRITE)) {
+    return -EACCES;
+  }
+
+  return 0;
+}
+
+int RGWCreateRole::get_params()
+{
+  role_name = s->info.args.get("RoleName");
+  role_path = s->info.args.get("Path");
+  trust_policy = s->info.args.get("AssumeRolePolicyDocument");
+
+  if (role_name.empty() || trust_policy.empty()) {
+    ldout(s->cct, 20) << "ERROR: one of role name or assume role policy document is empty"
+    << dendl;
+    return -EINVAL;
+  }
+  JSONParser p;
+  if (!p.parse(trust_policy.c_str(), trust_policy.length())) {
+    ldout(s->cct, 20) << "ERROR: failed to parse assume role policy doc" << dendl;
+    return -ERR_MALFORMED_DOC;
+  }
+  return 0;
+}
+
+void RGWCreateRole::execute()
+{
+  op_ret = get_params();
+  if (op_ret < 0) {
+    return;
+  }
+  RGWRole role(s->cct, store, role_name, role_path, trust_policy);
+  op_ret = role.create(true);
+
+  if (op_ret == -EEXIST) {
+    op_ret = -ERR_ROLE_EXISTS;
+  }
+
+  if (op_ret == 0) {
+    s->formatter->open_object_section("role");
+    role.dump(s->formatter);
+    s->formatter->close_section();
+  }
+}
+
+int RGWDeleteRole::get_params()
+{
+  role_name = s->info.args.get("RoleName");
+
+  if (role_name.empty()) {
+    ldout(s->cct, 20) << "ERROR: Role name is empty"<< dendl;
+    return -EINVAL;
+  }
+
+  return 0;
+}
+
+void RGWDeleteRole::execute()
+{
+  op_ret = get_params();
+  if (op_ret < 0) {
+    return;
+  }
+  RGWRole role(s->cct, store, role_name);
+  op_ret = role.delete_obj();
+
+  if (op_ret == -ENOENT) {
+    op_ret = -ERR_NO_ROLE_FOUND;
+  }
+}
+
+int RGWGetRole::get_params()
+{
+  role_name = s->info.args.get("RoleName");
+
+  if (role_name.empty()) {
+    ldout(s->cct, 20) << "ERROR: Role name is empty"<< dendl;
+    return -EINVAL;
+  }
+
+  return 0;
+}
+
+void RGWGetRole::execute()
+{
+  op_ret = get_params();
+  if (op_ret < 0) {
+    return;
+  }
+  RGWRole role(s->cct, store, role_name);
+  op_ret = role.get();
+
+  if (op_ret == -ENOENT) {
+    op_ret = -ERR_NO_ROLE_FOUND;
+  }
+
+  if (op_ret == 0) {
+    s->formatter->open_object_section("role");
+    role.dump(s->formatter);
+    s->formatter->close_section();
+  }
+}
+
+int RGWModifyRole::get_params()
+{
+  role_name = s->info.args.get("RoleName");
+  trust_policy = s->info.args.get("PolicyDocument");
+
+  if (role_name.empty() || trust_policy.empty()) {
+    ldout(s->cct, 20) << "ERROR: One of role name or trust policy is empty"<< dendl;
+    return -EINVAL;
+  }
+  JSONParser p;
+  if (!p.parse(trust_policy.c_str(), trust_policy.length())) {
+    ldout(s->cct, 20) << "ERROR: failed to parse assume role policy doc" << dendl;
+    return -ERR_MALFORMED_DOC;
+  }
+
+  return 0;
+}
+
+void RGWModifyRole::execute()
+{
+  op_ret = get_params();
+  if (op_ret < 0) {
+    return;
+  }
+  RGWRole role(s->cct, store, role_name);
+  op_ret = role.get();
+  if (op_ret == -ENOENT) {
+    op_ret = -ERR_NO_ROLE_FOUND;
+  }
+
+  if (op_ret == 0) {
+    role.update_trust_policy(trust_policy);
+    op_ret = role.update();
+  }
+}
+
+int RGWListRoles::get_params()
+{
+  path_prefix = s->info.args.get("PathPrefix");
+
+  return 0;
+}
+
+void RGWListRoles::execute()
+{
+  op_ret = get_params();
+  if (op_ret < 0) {
+    return;
+  }
+  vector<RGWRole> result;
+  op_ret = RGWRole::get_roles_by_path_prefix(store, s->cct, path_prefix, result);
+
+  if (op_ret == 0) {
+    s->formatter->open_array_section("Roles");
+    for (const auto& it : result) {
+      s->formatter->open_object_section("role");
+      it.dump(s->formatter);
+      s->formatter->close_section();
+    }
+    s->formatter->close_section();
+  }
+}

src/rgw/rgw_rest_role.h

@@ -0,0 +1,76 @@
+#ifndef CEPH_RGW_REST_ROLE_H
+#define CEPH_RGW_REST_ROLE_H
+
+class RGWRestRole : public RGWOp {
+protected:
+  string role_name;
+  string role_path;
+  string trust_policy;
+  string policy_name;
+  string perm_policy;
+  string path_prefix;
+
+public:
+  virtual void send_response() override;
+};
+
+class RGWRoleRead : public RGWRestRole {
+public:
+  RGWRoleRead() = default;
+  virtual int verify_permission() override;
+  virtual uint32_t op_mask() override { return RGW_OP_TYPE_READ; }
+};
+
+class RGWRoleWrite : public RGWRestRole {
+public:
+  RGWRoleWrite() = default;
+  virtual int verify_permission() override;
+  virtual uint32_t op_mask() override { return RGW_OP_TYPE_WRITE; }
+};
+
+class RGWCreateRole : public RGWRoleWrite {
+public:
+  RGWCreateRole() = default;
+  void execute() override;
+  int get_params();
+  const string name() override { return "create_role"; }
+  RGWOpType get_type() override { return RGW_OP_CREATE_ROLE; }
+};
+
+class RGWDeleteRole : public RGWRoleWrite {
+public:
+  RGWDeleteRole() = default;
+  void execute() override;
+  int get_params();
+  const string name() override { return "delete_role"; }
+  RGWOpType get_type() override { return RGW_OP_DELETE_ROLE; }
+};
+
+class RGWGetRole : public RGWRoleRead {
+public:
+  RGWGetRole() = default;
+  void execute() override;
+  int get_params();
+  const string name() override { return "get_role"; }
+  RGWOpType get_type() override { return RGW_OP_GET_ROLE; }
+};
+
+class RGWModifyRole : public RGWRoleWrite {
+public:
+  RGWModifyRole() = default;
+  void execute() override;
+  int get_params();
+  const string name() override { return "modify_role"; }
+  RGWOpType get_type() override { return RGW_OP_MODIFY_ROLE; }
+};
+
+class RGWListRoles : public RGWRoleRead {
+public:
+  RGWListRoles() = default;
+  void execute() override;
+  int get_params();
+  const string name() override { return "list_roles"; }
+  RGWOpType get_type() override { return RGW_OP_LIST_ROLES; }
+};
+#endif /* CEPH_RGW_REST_ROLE_H */
+

src/rgw/rgw_rest_s3.cc

@@ -31,6 +31,7 @@
 
 #include "rgw_ldap.h"
 #include "rgw_token.h"
+#include "rgw_rest_role.h"
 #include "include/assert.h"
 
 #define dout_context g_ceph_context
@@ -1303,119 +1304,6 @@ int RGWPutObj_ObjStore_S3::get_data(bufferlist& bl)
   return ret;
 }
 
-int RGWCreateRole_ObjStore_S3::get_params()
-{
-  role_name = s->info.args.get("RoleName");
-  role_path = s->info.args.get("Path");
-  trust_policy = s->info.args.get("AssumeRolePolicyDocument");
-
-  if (role_name.empty() || trust_policy.empty()) {
-    ldout(s->cct, 20) << "ERROR: one of role name or assume role policy document is empty"
-    << dendl;
-    return -EINVAL;
-  }
-  JSONParser p;
-  if (!p.parse(trust_policy.c_str(), trust_policy.length())) {
-    ldout(s->cct, 20) << "ERROR: failed to parse assume role policy doc" << dendl;
-    return -ERR_MALFORMED_DOC;
-  }
-  return 0;
-}
-
-void RGWCreateRole_ObjStore_S3::send_response()
-{
-  if (op_ret) {
-    set_req_state_err(s, op_ret);
-  }
-  dump_errno(s);
-  end_header(s);
-}
-
-int RGWDeleteRole_ObjStore_S3::get_params()
-{
-  role_name = s->info.args.get("RoleName");
-
-  if (role_name.empty()) {
-    ldout(s->cct, 20) << "ERROR: Role name is empty"<< dendl;
-    return -EINVAL;
-  }
-
-  return 0;
-}
-
-void RGWDeleteRole_ObjStore_S3::send_response()
-{
-  if (op_ret) {
-    set_req_state_err(s, op_ret);
-  }
-  dump_errno(s);
-  end_header(s);
-}
-
-int RGWGetRole_ObjStore_S3::get_params()
-{
-  role_name = s->info.args.get("RoleName");
-
-  if (role_name.empty()) {
-    ldout(s->cct, 20) << "ERROR: Role name is empty"<< dendl;
-    return -EINVAL;
-  }
-
-  return 0;
-}
-
-void RGWGetRole_ObjStore_S3::send_response()
-{
-  if (op_ret) {
-    set_req_state_err(s, op_ret);
-  }
-  dump_errno(s);
-  end_header(s);
-}
-
-int RGWModifyRole_ObjStore_S3::get_params()
-{
-  role_name = s->info.args.get("RoleName");
-  trust_policy = s->info.args.get("PolicyDocument");
-
-  if (role_name.empty() || trust_policy.empty()) {
-    ldout(s->cct, 20) << "ERROR: One of role name or trust policy is empty"<< dendl;
-    return -EINVAL;
-  }
-  JSONParser p;
-  if (!p.parse(trust_policy.c_str(), trust_policy.length())) {
-    ldout(s->cct, 20) << "ERROR: failed to parse assume role policy doc" << dendl;
-    return -ERR_MALFORMED_DOC;
-  }
-
-  return 0;
-}
-
-void RGWModifyRole_ObjStore_S3::send_response()
-{
-  if (op_ret) {
-    set_req_state_err(s, op_ret);
-  }
-  dump_errno(s);
-  end_header(s);
-}
-
-int RGWListRoles_ObjStore_S3::get_params()
-{
-  path_prefix = s->info.args.get("PathPrefix");
-
-  return 0;
-}
-
-void RGWListRoles_ObjStore_S3::send_response()
-{
-  if (op_ret) {
-    set_req_state_err(s, op_ret);
-  }
-  dump_errno(s);
-  end_header(s);
-}
-
 int RGWPutRolePolicy_ObjStore_S3::get_params()
 {
   role_name = s->info.args.get("RoleName");
@@ -3121,15 +3009,15 @@ RGWOp *RGWHandler_REST_Service_S3::op_post()
   if (s->info.args.exists("Action")) {
     string action = s->info.args.get("Action");
     if (action.compare("CreateRole") == 0)
-      return new RGWCreateRole_ObjStore_S3;
+      return new RGWCreateRole;
     if (action.compare("DeleteRole") == 0)
-      return new RGWDeleteRole_ObjStore_S3;
+      return new RGWDeleteRole;
     if (action.compare("GetRole") == 0)
-      return new RGWGetRole_ObjStore_S3;
+      return new RGWGetRole;
     if (action.compare("UpdateAssumeRolePolicy") == 0)
-      return new RGWModifyRole_ObjStore_S3;
+      return new RGWModifyRole;
     if (action.compare("ListRoles") == 0)
-      return new RGWListRoles_ObjStore_S3;
+      return new RGWListRoles;
     if (action.compare("PutRolePolicy") == 0)
       return new RGWPutRolePolicy_ObjStore_S3;
     if (action.compare("GetRolePolicy") == 0)

src/rgw/rgw_rest_s3.h

@@ -178,51 +178,6 @@ public:
                                                       bufferlist& bl_out);
 };
 
-class RGWCreateRole_ObjStore_S3 : public RGWCreateRole_ObjStore {
-public:
-  RGWCreateRole_ObjStore_S3() = default;
-  ~RGWCreateRole_ObjStore_S3() = default;
-
-  int get_params() override;
-  void send_response() override;
-};
-
-class RGWDeleteRole_ObjStore_S3 : public RGWDeleteRole_ObjStore {
-public:
-  RGWDeleteRole_ObjStore_S3() = default;
-  ~RGWDeleteRole_ObjStore_S3() = default;
-
-  int get_params() override;
-  void send_response() override;
-};
-
-class RGWGetRole_ObjStore_S3 : public RGWGetRole_ObjStore {
-public:
-  RGWGetRole_ObjStore_S3() = default;
-  ~RGWGetRole_ObjStore_S3() = default;
-
-  int get_params() override;
-  void send_response() override;
-};
-
-class RGWModifyRole_ObjStore_S3 : public RGWModifyRole_ObjStore {
-public:
-  RGWModifyRole_ObjStore_S3() = default;
-  ~RGWModifyRole_ObjStore_S3() = default;
-
-  int get_params() override;
-  void send_response() override;
-};
-
-class RGWListRoles_ObjStore_S3 : public RGWListRoles_ObjStore {
-public:
-  RGWListRoles_ObjStore_S3() = default;
-  ~RGWListRoles_ObjStore_S3() = default;
-
-  int get_params() override;
-  void send_response() override;
-};
-
 class RGWPutRolePolicy_ObjStore_S3 : public RGWPutRolePolicy_ObjStore {
 public:
   RGWPutRolePolicy_ObjStore_S3() = default;