rgw/admin: Extend the User data to parse Subuser data

THIS POTENTIALLY BREAKY DOWNSTREAM CODE (as it changes the types of exported fields in an existing, exported struct). The fields of the User structure representing the Subuser information have been specified to parse this data strictly and typesafe. The fields SwiftKeys and Subusers need the url:"-" annotation, because otherwise url-keys in that substructure would clash with those in the User structure. Signed-off-by: Sebastian Riese <sebastian.riese@cloudandheat.com>
2022-02-11 14:29:19 +01:00 · 2022-02-11 14:29:19 +01:00 · 12d86cb849
parent f8830413c0
commit 12d86cb849
1 changed files with 69 additions and 25 deletions
--- a/rgw/admin/user.go
+++ b/rgw/admin/user.go
@ -9,31 +9,75 @@ import (

 // User is GO representation of the json output of a user creation
 type User struct {
-	ID                  string        `json:"user_id" url:"uid"`
-	DisplayName         string        `json:"display_name" url:"display-name"`
-	Email               string        `json:"email" url:"email"`
-	Suspended           *int          `json:"suspended" url:"suspended"`
-	MaxBuckets          *int          `json:"max_buckets" url:"max-buckets"`
-	Subusers            []interface{} `json:"subusers"`
-	Keys                []UserKeySpec `json:"keys"`
-	SwiftKeys           []interface{} `json:"swift_keys"`
-	Caps                []UserCapSpec `json:"caps"`
-	OpMask              string        `json:"op_mask"`
-	DefaultPlacement    string        `json:"default_placement"`
-	DefaultStorageClass string        `json:"default_storage_class"`
-	PlacementTags       []interface{} `json:"placement_tags"`
-	BucketQuota         QuotaSpec     `json:"bucket_quota"`
-	UserQuota           QuotaSpec     `json:"user_quota"`
-	TempURLKeys         []interface{} `json:"temp_url_keys"`
-	Type                string        `json:"type"`
-	MfaIds              []interface{} `json:"mfa_ids"`
-	KeyType             string        `url:"key-type"`
-	Tenant              string        `url:"tenant"`
-	GenerateKey         *bool         `url:"generate-key"`
-	PurgeData           *int          `url:"purge-data"`
-	GenerateStat        *bool         `url:"stats"`
-	Stat                UserStat      `json:"stats"`
-	UserCaps            string        `url:"user-caps"`
+	ID                  string         `json:"user_id" url:"uid"`
+	DisplayName         string         `json:"display_name" url:"display-name"`
+	Email               string         `json:"email" url:"email"`
+	Suspended           *int           `json:"suspended" url:"suspended"`
+	MaxBuckets          *int           `json:"max_buckets" url:"max-buckets"`
+	Subusers            []SubuserSpec  `json:"subusers" url:"-"`
+	Keys                []UserKeySpec  `json:"keys"`
+	SwiftKeys           []SwiftKeySpec `json:"swift_keys" url:"-"`
+	Caps                []UserCapSpec  `json:"caps"`
+	OpMask              string         `json:"op_mask"`
+	DefaultPlacement    string         `json:"default_placement"`
+	DefaultStorageClass string         `json:"default_storage_class"`
+	PlacementTags       []interface{}  `json:"placement_tags"`
+	BucketQuota         QuotaSpec      `json:"bucket_quota"`
+	UserQuota           QuotaSpec      `json:"user_quota"`
+	TempURLKeys         []interface{}  `json:"temp_url_keys"`
+	Type                string         `json:"type"`
+	MfaIds              []interface{}  `json:"mfa_ids"`
+	KeyType             string         `url:"key-type"`
+	Tenant              string         `url:"tenant"`
+	GenerateKey         *bool          `url:"generate-key"`
+	PurgeData           *int           `url:"purge-data"`
+	GenerateStat        *bool          `url:"stats"`
+	Stat                UserStat       `json:"stats"`
+	UserCaps            string         `url:"user-caps"`
+}
+
+// SubuserSpec represents a subusers of a ceph-rgw user
+type SubuserSpec struct {
+	Name   string        `json:"id" url:"subuser"`
+	Access SubuserAccess `json:"permissions" url:"access"`
+
+	// these are always nil in answers, they are only relevant in requests
+	GenerateKey *bool   `json:"-" url:"generate-key"`
+	SecretKey   *string `json:"-" url:"secret-key"`
+	Secret      *string `json:"-" url:"secret"`
+	PurgeKeys   *bool   `json:"-" url:"purge-keys"`
+	KeyType     *string `json:"-" url:"key-type"`
+}
+
+// SubuserAccess represents an access level for a subuser
+type SubuserAccess string
+
+// The possible values of SubuserAccess
+//
+// There are two sets of constants as the API parameters and the
+// values returned by the API do not match.  The SubuserAccess* values
+// must be used when setting access level, the SubuserAccessReply*
+// values are the ones that may be returned. This is a design problem
+// of the upstream API. We do not feel confident to do the mapping in
+// the library.
+const (
+	SubuserAccessNone      SubuserAccess = ""
+	SubuserAccessRead      SubuserAccess = "read"
+	SubuserAccessWrite     SubuserAccess = "write"
+	SubuserAccessReadWrite SubuserAccess = "readwrite"
+	SubuserAccessFull      SubuserAccess = "full"
+
+	SubuserAccessReplyNone      SubuserAccess = "<none>"
+	SubuserAccessReplyRead      SubuserAccess = "read"
+	SubuserAccessReplyWrite     SubuserAccess = "write"
+	SubuserAccessReplyReadWrite SubuserAccess = "read-write"
+	SubuserAccessReplyFull      SubuserAccess = "full-control"
+)
+
+// SwiftKeySpec represents the secret key associated to a subuser
+type SwiftKeySpec struct {
+	User      string `json:"user"`
+	SecretKey string `json:"secret_key"`
 }

 // UserCapSpec represents a user capability which gives access to certain ressources