rgw/admin: Key create and delete api support

rgw/admin/errors.go

@@ -94,6 +94,7 @@ var (
 	errMissingBucketID        = errors.New("missing bucket ID")
 	errMissingBucket          = errors.New("missing bucket")
 	errMissingUserBucket      = errors.New("missing bucket")
+	errUnsupportedKeyType     = errors.New("unsupported key type")
 )
 
 // errorReason is the reason of the error

rgw/admin/keys.go

@@ -0,0 +1,70 @@
+//go:build ceph_preview
+// +build ceph_preview
+
+package admin
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"net/http"
+)
+
+// CreateKey will generate new keys or add specified to keyring
+// https://docs.ceph.com/en/latest/radosgw/adminops/#create-key
+func (api *API) CreateKey(ctx context.Context, key UserKeySpec) (*[]UserKeySpec, error) {
+	switch key.KeyType {
+	case "swift":
+		if key.SubUser == "" {
+			return nil, errMissingSubuserID
+		}
+	case "s3", "": /* s3 key-type is regarded as default */
+		if key.UID == "" {
+			return nil, errMissingUserID
+		}
+	default:
+		return nil, errUnsupportedKeyType
+	}
+
+	body, err := api.call(ctx, http.MethodPut, "/user?key", valueToURLParams(key, []string{"uid", "subuser", "access-key", "secret-key", "key-type", "generate-key"}))
+	if err != nil {
+		return nil, err
+	}
+
+	ref := []UserKeySpec{}
+	err = json.Unmarshal(body, &ref)
+	if err != nil {
+		return nil, fmt.Errorf("%s. %s. %w", unmarshalError, string(body), err)
+	}
+
+	return &ref, nil
+}
+
+// RemoveKey will remove an existing key
+// https://docs.ceph.com/en/latest/radosgw/adminops/#remove-key
+// KeySpec.SecretKey parameter shouldn't be provided and will be ignored
+func (api *API) RemoveKey(ctx context.Context, key UserKeySpec) error {
+	switch key.KeyType {
+	case "swift":
+		if key.SubUser == "" {
+			return errMissingSubuserID
+		}
+	case "s3", "": /* s3 key-type is regarded as default */
+		if key.UID == "" {
+			return errMissingUserID
+		}
+
+		if key.AccessKey == "" {
+			return errMissingUserAccessKey
+		}
+	default:
+		return errUnsupportedKeyType
+	}
+
+	_, err := api.call(ctx, http.MethodDelete, "/user?key", valueToURLParams(key, []string{"uid", "subuser", "access-key", "key-type"}))
+	if err != nil {
+		return err
+	}
+
+	return nil
+}

rgw/admin/keys_test.go

@@ -0,0 +1,75 @@
+//go:build ceph_preview
+// +build ceph_preview
+
+package admin
+
+import (
+	"context"
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+const (
+	testAk = "HDNEZQXZAA6NIWOBOL0U"
+)
+
+func (suite *RadosGWTestSuite) TestKeys() {
+	suite.SetupConnection()
+	co, err := New(suite.endpoint, suite.accessKey, suite.secretKey, newDebugHTTPClient(http.DefaultClient))
+	assert.NoError(suite.T(), err)
+
+	var keys *[]UserKeySpec
+
+	suite.T().Run("create keys but user ID and SubUser is empty", func(t *testing.T) {
+		_, err := co.CreateKey(context.Background(), UserKeySpec{})
+		assert.Error(suite.T(), err)
+		assert.EqualError(suite.T(), err, errMissingUserID.Error())
+	})
+
+	suite.T().Run("create swift keys but SubUser is empty", func(t *testing.T) {
+		_, err := co.CreateKey(context.Background(), UserKeySpec{KeyType: "swift"})
+		assert.Error(suite.T(), err)
+		assert.EqualError(suite.T(), err, errMissingSubuserID.Error())
+	})
+
+	suite.T().Run("create some unknown key type", func(t *testing.T) {
+		_, err := co.CreateKey(context.Background(), UserKeySpec{KeyType: "some-key-type"})
+		assert.Error(suite.T(), err)
+		assert.EqualError(suite.T(), err, errUnsupportedKeyType.Error())
+	})
+
+	suite.T().Run("create keys without ak or sk provided", func(t *testing.T) {
+		keys, err = co.CreateKey(context.Background(), UserKeySpec{UID: "admin"})
+		assert.NoError(suite.T(), err)
+		assert.Equal(suite.T(), 2, len(*keys))
+	})
+
+	suite.T().Run("create keys with ak provided", func(t *testing.T) {
+		keys, err = co.CreateKey(context.Background(), UserKeySpec{UID: "admin", AccessKey: testAk})
+		assert.NoError(suite.T(), err)
+		assert.Equal(suite.T(), 3, len(*keys))
+	})
+
+	suite.T().Run("remove keys but user ID and SubUser is empty", func(t *testing.T) {
+		err := co.RemoveKey(context.Background(), UserKeySpec{})
+		assert.Error(suite.T(), err)
+		assert.EqualError(suite.T(), err, errMissingUserID.Error())
+	})
+
+	suite.T().Run("remove s3 keys but ak is empty", func(t *testing.T) {
+		err := co.RemoveKey(context.Background(), UserKeySpec{UID: "admin"})
+		assert.Error(suite.T(), err)
+		assert.EqualError(suite.T(), err, errMissingUserAccessKey.Error())
+	})
+
+	suite.T().Run("remove s3 key", func(t *testing.T) {
+		for _, key := range *keys {
+			if key.AccessKey != suite.accessKey {
+				err := co.RemoveKey(context.Background(), UserKeySpec{UID: "admin", AccessKey: key.AccessKey})
+				assert.NoError(suite.T(), err)
+			}
+		}
+	})
+}

rgw/admin/user.go

@@ -91,6 +91,11 @@ type UserKeySpec struct {
 	User      string `json:"user"`
 	AccessKey string `json:"access_key" url:"access-key"`
 	SecretKey string `json:"secret_key" url:"secret-key"`
+	// Request fields
+	UID         string `url:"uid"`     // The user ID to receive the new key
+	SubUser     string `url:"subuser"` // The subuser ID to receive the new key
+	KeyType     string `url:"key-type"`
+	GenerateKey *bool  `url:"generate-key"` // Generate a new key pair and add to the existing keyring
 }
 
 // UserStat contains information about storage consumption by the ceph user
@@ -183,7 +188,7 @@ func (api *API) RemoveUser(ctx context.Context, user User) error {
 	return nil
 }
 
-// ModifyUser - http://docs.ceph.com/docs/latest/radosgw/adminops/#modify-user
+// ModifyUser - http://docs.ceph.com/en/latest/radosgw/adminops/#modify-user
 func (api *API) ModifyUser(ctx context.Context, user User) (User, error) {
 	if user.ID == "" {
 		return User{}, errMissingUserID