go-ceph/rgw/admin/subuser.go
Sebastian Riese 71d9de36f8 rgw/admin: Add the subuser API calls
Signed-off-by: Sebastian Riese <sebastian.riese@cloudandheat.com>
2022-03-17 17:47:25 +00:00

108 lines
3.1 KiB
Go

//go:build ceph_preview
// +build ceph_preview
package admin
import (
"context"
"fmt"
"net/http"
)
// validateSubuserAcess - Return whether the given subuser access value is valid as input parameter
func (s SubuserSpec) validateSubuserAccess() bool {
a := s.Access
return a == "" ||
a == SubuserAccessRead ||
a == SubuserAccessWrite ||
a == SubuserAccessReadWrite ||
a == SubuserAccessFull
}
func makeInvalidSubuserAccessLevelError(spec SubuserSpec) error {
return fmt.Errorf("invalid subuser access level %q", spec.Access)
}
// The following are the subuser API functions.
//
// We need to explain the omission of ?subuser in the API path common
// to all three functions.
//
// According to the docs, this has to be included to select the
// subuser operation, but we already have subuser as a parameter with
// a value (and make sure it's not empty and thus included by
// validating the SubuserSpec). The presence of this parameter
// triggers the subuser operation.
//
// If we add the subuser with the empty value the API call fails as
// having an invalid signature (and it is semantically wrong as we
// then have *two* values for the subuser name, an empty one an the
// relevant one, the upstream code does not seem to handle that case
// gracefully).
// CreateSubuser - https://docs.ceph.com/en/latest/radosgw/adminops/#create-subuser
// PREVIEW
func (api *API) CreateSubuser(ctx context.Context, user User, subuser SubuserSpec) error {
if user.ID == "" {
return errMissingUserID
}
if subuser.Name == "" {
return errMissingSubuserID
}
if !subuser.validateSubuserAccess() {
return makeInvalidSubuserAccessLevelError(subuser)
}
// valid parameters not supported by go-ceph: access-key, gen-access-key
v := valueToURLParams(user, []string{"uid"})
addToURLParams(&v, subuser, []string{"subuser", "access", "secret-key", "generate-secret", "key-type"})
_, err := api.call(ctx, http.MethodPut, "/user", v)
if err != nil {
return err
}
return nil
}
// RemoveSubuser - https://docs.ceph.com/en/latest/radosgw/adminops/#remove-subuser
// PREVIEW
func (api *API) RemoveSubuser(ctx context.Context, user User, subuser SubuserSpec) error {
if user.ID == "" {
return errMissingUserID
}
if subuser.Name == "" {
return errMissingSubuserID
}
v := valueToURLParams(user, []string{"uid"})
addToURLParams(&v, subuser, []string{"subuser", "purge-keys"})
_, err := api.call(ctx, http.MethodDelete, "/user", v)
if err != nil {
return err
}
return nil
}
// ModifySubuser - https://docs.ceph.com/en/latest/radosgw/adminops/#modify-subuser
// PREVIEW
func (api *API) ModifySubuser(ctx context.Context, user User, subuser SubuserSpec) error {
if user.ID == "" {
return errMissingUserID
}
if subuser.Name == "" {
return errMissingSubuserID
}
if !subuser.validateSubuserAccess() {
return makeInvalidSubuserAccessLevelError(subuser)
}
v := valueToURLParams(user, []string{"uid"})
addToURLParams(&v, subuser, []string{"subuser", "access", "secret", "generate-secret", "key-type"})
_, err := api.call(ctx, http.MethodPost, "/user", v)
if err != nil {
return err
}
return nil
}