OPTION(rgw_sts_key, OPT_STR)
OPTION(rgw_s3_auth_use_sts, OPT_BOOL) // should we try to use sts for s3?
OPTION(rgw_sts_max_session_duration, OPT_U64) // Max duration in seconds for which the session token is valid.
+OPTION(rgw_sts_min_session_duration, OPT_U64) // Min duration in seconds for which the session token is valid.
OPTION(fake_statfs_for_testing, OPT_INT) // Set a value for kb and compute kb_used from total of num_bytes
OPTION(rgw_sts_token_introspection_url, OPT_STR) // url for introspecting web tokens
OPTION(rgw_sts_client_id, OPT_STR) // Client Id
return;
}
- STS::AssumeRoleWithWebIdentityRequest req(duration, providerId, policy, roleArn,
+ STS::AssumeRoleWithWebIdentityRequest req(s->cct, duration, providerId, policy, roleArn,
roleSessionName, iss, sub, aud);
STS::AssumeRoleWithWebIdentityResponse response = sts.assumeRoleWithWebIdentity(req);
op_ret = std::move(response.assumeRoleResp.retCode);
return;
}
- STS::AssumeRoleRequest req(duration, externalId, policy, roleArn,
+ STS::AssumeRoleRequest req(s->cct, duration, externalId, policy, roleArn,
roleSessionName, serialNumber, tokenCode);
STS::AssumeRoleResponse response = sts.assumeRole(req);
op_ret = std::move(response.retCode);
return 0;
}
-AssumeRoleRequestBase::AssumeRoleRequestBase( const string& duration,
+AssumeRoleRequestBase::AssumeRoleRequestBase( CephContext* cct,
+ const string& duration,
const string& iamPolicy,
const string& roleArn,
const string& roleSessionName)
: iamPolicy(iamPolicy), roleArn(roleArn), roleSessionName(roleSessionName)
{
+ MIN_DURATION_IN_SECS = cct->_conf->rgw_sts_min_session_duration;
if (duration.empty()) {
this->duration = DEFAULT_DURATION_IN_SECS;
} else {
static constexpr uint64_t MIN_POLICY_SIZE = 1;
static constexpr uint64_t MAX_POLICY_SIZE = 2048;
static constexpr uint64_t DEFAULT_DURATION_IN_SECS = 3600;
- static constexpr uint64_t MIN_DURATION_IN_SECS = 900;
static constexpr uint64_t MIN_ROLE_ARN_SIZE = 2;
static constexpr uint64_t MAX_ROLE_ARN_SIZE = 2048;
static constexpr uint64_t MIN_ROLE_SESSION_SIZE = 2;
static constexpr uint64_t MAX_ROLE_SESSION_SIZE = 64;
+ uint64_t MIN_DURATION_IN_SECS;
uint64_t MAX_DURATION_IN_SECS;
uint64_t duration;
string err_msg;
string roleArn;
string roleSessionName;
public:
- AssumeRoleRequestBase(const string& duration,
+ AssumeRoleRequestBase(CephContext* cct,
+ const string& duration,
const string& iamPolicy,
const string& roleArn,
const string& roleSessionName);
string sub;
string aud;
public:
- AssumeRoleWithWebIdentityRequest( const string& duration,
+ AssumeRoleWithWebIdentityRequest( CephContext* cct,
+ const string& duration,
const string& providerId,
const string& iamPolicy,
const string& roleArn,
const string& iss,
const string& sub,
const string& aud)
- : AssumeRoleRequestBase(duration, iamPolicy, roleArn, roleSessionName),
+ : AssumeRoleRequestBase(cct, duration, iamPolicy, roleArn, roleSessionName),
providerId(providerId), iss(iss), sub(sub), aud(aud) {}
const string& getProviderId() const { return providerId; }
const string& getIss() const { return iss; }
string serialNumber;
string tokenCode;
public:
- AssumeRoleRequest(const string& duration,
+ AssumeRoleRequest(CephContext* cct,
+ const string& duration,
const string& externalId,
const string& iamPolicy,
const string& roleArn,
const string& roleSessionName,
const string& serialNumber,
const string& tokenCode)
- : AssumeRoleRequestBase(duration, iamPolicy, roleArn, roleSessionName),
+ : AssumeRoleRequestBase(cct, duration, iamPolicy, roleArn, roleSessionName),
externalId(externalId), serialNumber(serialNumber), tokenCode(tokenCode){}
int validate_input() const;
};
projects / ceph.git / commitdiff