if (tenant.empty()) {
tenant = user_id.tenant;
} else {
- if (user_id.empty() && opt_cmd != OPT_ROLE_CREATE) {
+ if (user_id.empty() && opt_cmd != OPT_ROLE_CREATE
+ && opt_cmd != OPT_ROLE_DELETE
+ && opt_cmd != OPT_ROLE_GET
+ && opt_cmd != OPT_ROLE_MODIFY
+ && opt_cmd != OPT_ROLE_LIST
+ && opt_cmd != OPT_ROLE_POLICY_PUT
+ && opt_cmd != OPT_ROLE_POLICY_LIST
+ && opt_cmd != OPT_ROLE_POLICY_GET
+ && opt_cmd != OPT_ROLE_POLICY_DELETE) {
cerr << "ERROR: --tenant is set, but there's no user ID" << std::endl;
return EINVAL;
}
cerr << "ERROR: empty role name" << std::endl;
return -EINVAL;
}
- RGWRole role(g_ceph_context, store, role_name);
+ RGWRole role(g_ceph_context, store, role_name, tenant);
ret = role.delete_obj();
if (ret < 0) {
return -ret;
cerr << "ERROR: empty role name" << std::endl;
return -EINVAL;
}
- RGWRole role(g_ceph_context, store, role_name);
+ RGWRole role(g_ceph_context, store, role_name, tenant);
ret = role.get();
if (ret < 0) {
return -ret;
return -EINVAL;
}
string trust_policy = bl.to_str();
- RGWRole role(g_ceph_context, store, role_name);
+ RGWRole role(g_ceph_context, store, role_name, tenant);
ret = role.get();
if (ret < 0) {
return -ret;
case OPT_ROLE_LIST:
{
vector<RGWRole> result;
- ret = RGWRole::get_roles_by_path_prefix(store, g_ceph_context, path_prefix, result);
+ ret = RGWRole::get_roles_by_path_prefix(store, g_ceph_context, path_prefix, tenant, result);
if (ret < 0) {
return -ret;
}
string perm_policy;
perm_policy = bl.c_str();
- RGWRole role(g_ceph_context, store, role_name);
+ RGWRole role(g_ceph_context, store, role_name, tenant);
ret = role.get();
if (ret < 0) {
return -ret;
cerr << "ERROR: Role name is empty" << std::endl;
return -EINVAL;
}
- RGWRole role(g_ceph_context, store, role_name);
+ RGWRole role(g_ceph_context, store, role_name, tenant);
ret = role.get();
if (ret < 0) {
return -ret;
cerr << "ERROR: One of role name or policy name is empty" << std::endl;
return -EINVAL;
}
- RGWRole role(g_ceph_context, store, role_name);
+ RGWRole role(g_ceph_context, store, role_name, tenant);
int ret = role.get();
if (ret < 0) {
return -ret;
cerr << "ERROR: One of role name or policy name is empty" << std::endl;
return -EINVAL;
}
- RGWRole role(g_ceph_context, store, role_name);
+ RGWRole role(g_ceph_context, store, role_name, tenant);
ret = role.get();
if (ret < 0) {
return -ret;
if (op_ret < 0) {
return;
}
- RGWRole role(s->cct, store, role_name);
+ RGWRole role(s->cct, store, role_name, s->user->user_id.tenant);
op_ret = role.delete_obj();
if (op_ret == -ENOENT) {
if (op_ret < 0) {
return;
}
- RGWRole role(s->cct, store, role_name);
+ RGWRole role(s->cct, store, role_name, s->user->user_id.tenant);
op_ret = role.get();
if (op_ret == -ENOENT) {
if (op_ret < 0) {
return;
}
- RGWRole role(s->cct, store, role_name);
+ RGWRole role(s->cct, store, role_name, s->user->user_id.tenant);
op_ret = role.get();
if (op_ret == -ENOENT) {
op_ret = -ERR_NO_ROLE_FOUND;
return;
}
vector<RGWRole> result;
- op_ret = RGWRole::get_roles_by_path_prefix(store, s->cct, path_prefix, result);
+ op_ret = RGWRole::get_roles_by_path_prefix(store, s->cct, path_prefix, s->user->user_id.tenant, result);
if (op_ret == 0) {
s->formatter->open_array_section("Roles");
return;
}
- RGWRole role(s->cct, store, role_name);
+ RGWRole role(s->cct, store, role_name, s->user->user_id.tenant);
op_ret = role.get();
if (op_ret == 0) {
role.set_perm_policy(policy_name, perm_policy);
return;
}
- RGWRole role(g_ceph_context, store, role_name);
+ RGWRole role(g_ceph_context, store, role_name, s->user->user_id.tenant);
op_ret = role.get();
if (op_ret == -ENOENT) {
return;
}
- RGWRole role(g_ceph_context, store, role_name);
+ RGWRole role(g_ceph_context, store, role_name, s->user->user_id.tenant);
op_ret = role.get();
if (op_ret == -ENOENT) {
return;
}
- RGWRole role(g_ceph_context, store, role_name);
+ RGWRole role(g_ceph_context, store, role_name, s->user->user_id.tenant);
op_ret = role.get();
if (op_ret == -ENOENT) {
RGWNameToId nameToId;
nameToId.obj_id = id;
- string oid = get_names_oid_prefix() + name;
+ string oid = tenant + get_names_oid_prefix() + name;
bufferlist bl;
::encode(nameToId, bl);
int RGWRole::store_path(bool exclusive)
{
- string oid = get_path_oid_prefix() + path + get_info_oid_prefix() + id;
+ string oid = tenant + get_path_oid_prefix() + path + get_info_oid_prefix() + id;
return rgw_put_system_obj(store, store->get_zone_params().roles_pool, oid,
NULL, 0, exclusive, NULL, real_time(), NULL);
int ret;
/* check to see the name is not used */
- ret = read_id(name, id);
+ ret = read_id(name, tenant, id);
if (exclusive && ret == 0) {
ldout(cct, 0) << "ERROR: name " << name << " already in use for role id "
<< id << dendl;
<< id << ": " << cpp_strerror(-info_ret) << dendl;
}
//Delete role name that was stored in previous call
- oid = get_names_oid_prefix() + name;
+ oid = tenant + get_names_oid_prefix() + name;
int name_ret = rgw_delete_system_obj(store, pool, oid, NULL);
if (name_ret < 0) {
ldout(cct, 0) << "ERROR: cleanup of role name from pool: " << pool.name << ": "
}
// Delete name
- oid = get_names_oid_prefix() + name;
+ oid = tenant + get_names_oid_prefix() + name;
ret = rgw_delete_system_obj(store, pool, oid, NULL);
if (ret < 0) {
ldout(cct, 0) << "ERROR: deleting role name from pool: " << pool.name << ": "
}
// Delete path
- oid = get_path_oid_prefix() + path + get_info_oid_prefix() + id;
+ oid = tenant + get_path_oid_prefix() + path + get_info_oid_prefix() + id;
ret = rgw_delete_system_obj(store, pool, oid, NULL);
if (ret < 0) {
ldout(cct, 0) << "ERROR: deleting role path from pool: " << pool.name << ": "
JSONDecoder::decode_json("assume_role_policy_document", trust_policy, obj);
}
-int RGWRole::read_id(const string& role_name, string& role_id)
+int RGWRole::read_id(const string& role_name, const string& tenant, string& role_id)
{
auto& pool = store->get_zone_params().roles_pool;
- string oid = get_names_oid_prefix() + role_name;
+ string oid = tenant + get_names_oid_prefix() + role_name;
bufferlist bl;
RGWObjectCtx obj_ctx(store);
int RGWRole::read_name()
{
auto& pool = store->get_zone_params().roles_pool;
- string oid = get_names_oid_prefix() + name;
+ string oid = tenant + get_names_oid_prefix() + name;
bufferlist bl;
RGWObjectCtx obj_ctx(store);
this->trust_policy = trust_policy;
}
-int RGWRole::get_roles_by_path_prefix(RGWRados *store, CephContext *cct, const string& path_prefix, vector<RGWRole>& roles)
+int RGWRole::get_roles_by_path_prefix(RGWRados *store,
+ CephContext *cct,
+ const string& path_prefix,
+ const string& tenant,
+ vector<RGWRole>& roles)
{
auto pool = store->get_zone_params().roles_pool;
string prefix;
// List all roles if path prefix is empty
if (! path_prefix.empty()) {
- prefix = role_path_oid_prefix + path_prefix;
+ prefix = tenant + role_path_oid_prefix + path_prefix;
} else {
- prefix = role_path_oid_prefix;
+ prefix = tenant + role_path_oid_prefix;
}
//Get the filtered objects
int store_info(bool exclusive);
int store_name(bool exclusive);
int store_path(bool exclusive);
- int read_id(const string& role_name, string& role_id);
+ int read_id(const string& role_name, const string& tenant, string& role_id);
int read_name();
int read_info();
void set_id(const string& id) { this->id = id; }
RGWRole(CephContext *cct,
RGWRados *store,
- string name)
+ string name,
+ string tenant)
: cct(cct),
store(store),
- name(std::move(name)) {}
+ name(std::move(name)),
+ tenant(std::move(tenant)) {}
RGWRole(CephContext *cct,
RGWRados *store)
~RGWRole() = default;
void encode(bufferlist& bl) const {
- ENCODE_START(1, 1, bl);
+ ENCODE_START(2, 1, bl);
::encode(id, bl);
::encode(name, bl);
::encode(path, bl);
::encode(creation_date, bl);
::encode(trust_policy, bl);
::encode(perm_policy_map, bl);
+ ::encode(tenant, bl);
ENCODE_FINISH(bl);
}
void decode(bufferlist::iterator& bl) {
- DECODE_START(1, bl);
+ DECODE_START(2, bl);
::decode(id, bl);
::decode(name, bl);
::decode(path, bl);
::decode(creation_date, bl);
::decode(trust_policy, bl);
::decode(perm_policy_map, bl);
+ if (struct_v >= 2) {
+ ::decode(tenant, bl);
+ }
DECODE_FINISH(bl);
}
static const string& get_names_oid_prefix();
static const string& get_info_oid_prefix();
static const string& get_path_oid_prefix();
- static int get_roles_by_path_prefix(RGWRados *store, CephContext *cct, const string& path_prefix, vector<RGWRole>& roles);
+ static int get_roles_by_path_prefix(RGWRados *store,
+ CephContext *cct,
+ const string& path_prefix,
+ const string& tenant,
+ vector<RGWRole>& roles);
};
WRITE_CLASS_ENCODER(RGWRole)
#endif /* CEPH_RGW_ROLE_H */
projects / ceph.git / commitdiff