rgw/acl/s3: create_policy_from_headers() as free function

author Casey Bodley <cbodley@redhat.com>

Thu, 16 Nov 2023 21:38:31 +0000 (16:38 -0500)

committer Casey Bodley <cbodley@redhat.com>

Thu, 30 Nov 2023 15:58:49 +0000 (10:58 -0500)
author Casey Bodley <cbodley@redhat.com>
Thu, 16 Nov 2023 21:38:31 +0000 (16:38 -0500)
committer Casey Bodley <cbodley@redhat.com>
Thu, 30 Nov 2023 15:58:49 +0000 (10:58 -0500)
diff --git a/src/rgw/rgw_acl_s3.cc b/src/rgw/rgw_acl_s3.cc

index f593b5cee5289f009eedd1f93adeaa9f5144e462..f2150dda79bd74547b5cd57f8ea3a206dd998f1e 100644 (file)
--- a/src/rgw/rgw_acl_s3.cc
+++ b/src/rgw/rgw_acl_s3.cc
@@ -7,6 +7,7 @@
  #include <map>
  
  #include "include/types.h"
+#include "common/split.h"
  
  #include "rgw_acl_s3.h"
  #include "rgw_user.h"
@@ -285,16 +286,11 @@ struct s3_acl_header {
    const char *http_header;
  };
  
-static const char *get_acl_header(const RGWEnv *env,
-        const struct s3_acl_header *perm)
-{
-  const char *header = perm->http_header;
-
-  return env->get(header, NULL);
-}
-
-static int parse_grantee_str(const DoutPrefixProvider *dpp, rgw::sal::Driver* driver, string& grantee_str,
-        const struct s3_acl_header *perm, ACLGrant& grant)
+static int parse_grantee_str(const DoutPrefixProvider* dpp,
+                             rgw::sal::Driver* driver,
+                             const std::string& grantee_str,
+                             const s3_acl_header* perm,
+                             ACLGrant& grant)
  {
    string id_type, id_val_quoted;
    int rgw_perm = perm->rgw_perm;
@@ -333,27 +329,22 @@ static int parse_grantee_str(const DoutPrefixProvider *dpp, rgw::sal::Driver* dr
    return 0;
  }
  
-static int parse_acl_header(const DoutPrefixProvider *dpp, rgw::sal::Driver* driver,
-                           const RGWEnv *env, const struct s3_acl_header *perm,
-                           std::list<ACLGrant>& _grants)
+static int parse_acl_header(const DoutPrefixProvider* dpp, rgw::sal::Driver* driver,
+                            const RGWEnv& env, const s3_acl_header* perm,
+                            RGWAccessControlList& acl)
  {
-  std::list<string> grantees;
-  std::string hacl_str;
-
-  const char *hacl = get_acl_header(env, perm);
-  if (hacl == NULL)
+  const char* hacl = env.get(perm->http_header, nullptr);
+  if (hacl == nullptr) {
      return 0;
+  }
  
-  hacl_str = hacl;
-  get_str_list(hacl_str, ",", grantees);
-
-  for (list<string>::iterator it = grantees.begin(); it != grantees.end(); ++it) {
+  for (std::string_view grantee : ceph::split(hacl, ",")) {
      ACLGrant grant;
-    int ret = parse_grantee_str(dpp, driver, *it, perm, grant);
+    int ret = parse_grantee_str(dpp, driver, std::string{grantee}, perm, grant);
      if (ret < 0)
        return ret;
  
-    _grants.push_back(grant);
+    acl.add_grant(grant);
    }
  
    return 0;
@@ -409,21 +400,6 @@ static int create_canned(const ACLOwner& owner, const ACLOwner& bucket_owner,
    return 0;
  }
  
-int RGWAccessControlList_S3::create_from_grants(std::list<ACLGrant>& grants)
-{
-  if (grants.empty())
-    return -EINVAL;
-
-  acl_user_map.clear();
-  grant_map.clear();
-
-  for (const auto& g : grants) {
-    add_grant(g);
-  }
-
-  return 0;
-}
-
  bool RGWAccessControlPolicy_S3::xml_end(const char *el) {
    RGWAccessControlList_S3 *s3acl =
        static_cast<RGWAccessControlList_S3 *>(find_first("AccessControlList"));
@@ -457,28 +433,6 @@ static const s3_acl_header acl_header_perms[] = {
    {0, NULL}
  };
  
-int RGWAccessControlPolicy_S3::create_from_headers(const DoutPrefixProvider *dpp,
-                                                  rgw::sal::Driver* driver,
-                                                  const RGWEnv *env, ACLOwner& _owner)
-{
-  std::list<ACLGrant> grants;
-  int r = 0;
-
-  for (const struct s3_acl_header *p = acl_header_perms; p->rgw_perm; p++) {
-    r = parse_acl_header(dpp, driver, env, p, grants);
-    if (r < 0) {
-      return r;
-    }
-  }
-
-  RGWAccessControlList_S3& _acl = static_cast<RGWAccessControlList_S3 &>(acl);
-  r = _acl.create_from_grants(grants);
-
-  owner = _owner;
-
-  return r;
-}
-
  /*
    can only be called on object that was parsed
   */
@@ -644,4 +598,23 @@ int create_canned_acl(const ACLOwner& owner,
    return create_canned(owner, bucket_owner, canned_acl, policy.get_acl());
  }
  
+int create_policy_from_headers(const DoutPrefixProvider* dpp,
+                               rgw::sal::Driver* driver,
+                               const ACLOwner& owner,
+                               const RGWEnv& env,
+                               RGWAccessControlPolicy& policy)
+{
+  policy.set_owner(owner);
+  auto& acl = policy.get_acl();
+
+  for (const s3_acl_header* p = acl_header_perms; p->rgw_perm; p++) {
+    int r = parse_acl_header(dpp, driver, env, p, acl);
+    if (r < 0) {
+      return r;
+    }
+  }
+
+  return 0;
+}
+
  } // namespace rgw::s3
diff --git a/src/rgw/rgw_acl_s3.h b/src/rgw/rgw_acl_s3.h

index 740cbf35f82cde6f27b51a832d95d958f0d94d2e..9753dd55b70eda9e0cf44204abf1b715b0561f9d 100644 (file)
--- a/src/rgw/rgw_acl_s3.h
+++ b/src/rgw/rgw_acl_s3.h
@@ -54,8 +54,6 @@ class RGWAccessControlList_S3 : public RGWAccessControlList, public XMLObj
  public:
    bool xml_end(const char *el) override;
    void to_xml(const DoutPrefixProvider* dpp, std::ostream& out);
-
-  int create_from_grants(std::list<ACLGrant>& grants);
  };
  
  class ACLOwner_S3 : public ACLOwner, public XMLObj
@@ -78,9 +76,6 @@ public:
    void to_xml(const DoutPrefixProvider* dpp, std::ostream& out);
    int rebuild(const DoutPrefixProvider *dpp, rgw::sal::Driver* driver, ACLOwner *owner,
               RGWAccessControlPolicy& dest, std::string &err_msg);
-
-  int create_from_headers(const DoutPrefixProvider *dpp, rgw::sal::Driver* driver,
-                         const RGWEnv *env, ACLOwner& _owner);
  };
  
  /**
@@ -104,4 +99,11 @@ int create_canned_acl(const ACLOwner& owner,
                        const std::string& canned_acl,
                        RGWAccessControlPolicy& policy);
  
+/// Construct a policy from x-amz-grant-* request headers.
+int create_policy_from_headers(const DoutPrefixProvider* dpp,
+                               rgw::sal::Driver* driver,
+                               const ACLOwner& owner,
+                               const RGWEnv& env,
+                               RGWAccessControlPolicy& policy);
+
  } // namespace rgw::s3
diff --git a/src/rgw/rgw_common.cc b/src/rgw/rgw_common.cc

index 6ec10f2cc2f47263bfd5fb646a21280a96717bc4..3ab882d35bbcecb9a75b530313d0a18fce45f98e 100644 (file)
--- a/src/rgw/rgw_common.cc
+++ b/src/rgw/rgw_common.cc
@@ -639,7 +639,7 @@ bool parse_iso8601(const char *s, struct tm *t, uint32_t *pns, bool extended_for
    return true;
  }
  
-int parse_key_value(string& in_str, const char *delim, string& key, string& val)
+int parse_key_value(const string& in_str, const char *delim, string& key, string& val)
  {
    if (delim == NULL)
      return -EINVAL;
@@ -654,7 +654,7 @@ int parse_key_value(string& in_str, const char *delim, string& key, string& val)
    return 0;
  }
  
-int parse_key_value(string& in_str, string& key, string& val)
+int parse_key_value(const string& in_str, string& key, string& val)
  {
    return parse_key_value(in_str, "=", key,val);
  }
diff --git a/src/rgw/rgw_common.h b/src/rgw/rgw_common.h

index 85d5ab2c155beb1b89999e6f78abf544ed67fc3d..15d2e800fdee6b94b122ae964da056a5d7c32848 100644 (file)
--- a/src/rgw/rgw_common.h
+++ b/src/rgw/rgw_common.h
@@ -1490,8 +1490,8 @@ bool rgw_set_amz_meta_header(
  
  extern std::string rgw_string_unquote(const std::string& s);
  extern void parse_csv_string(const std::string& ival, std::vector<std::string>& ovals);
-extern int parse_key_value(std::string& in_str, std::string& key, std::string& val);
-extern int parse_key_value(std::string& in_str, const char *delim, std::string& key, std::string& val);
+extern int parse_key_value(const std::string& in_str, std::string& key, std::string& val);
+extern int parse_key_value(const std::string& in_str, const char *delim, std::string& key, std::string& val);
  
  extern boost::optional<std::pair<std::string_view,std::string_view>>
  parse_key_value(const std::string_view& in_str,
diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc

index 0e557a13415a61ddf17ca925e8992a03610a0fae..a5956def0d25fb5e7dc4f97c70c3677026672f6d 100644 (file)
--- a/src/rgw/rgw_rest_s3.cc
+++ b/src/rgw/rgw_rest_s3.cc
@@ -2384,13 +2384,14 @@ void RGWStatBucket_ObjStore_S3::send_response()
  
  static int create_s3_policy(req_state *s, rgw::sal::Driver* driver,
                             RGWAccessControlPolicy_S3& s3policy,
-                           ACLOwner& owner)
+                           const ACLOwner& owner)
  {
    if (s->has_acl_header) {
      if (!s->canned_acl.empty())
        return -ERR_INVALID_REQUEST;
  
-    return s3policy.create_from_headers(s, driver, s->info.env, owner);
+    return rgw::s3::create_policy_from_headers(s, driver, owner,
+                                               *s->info.env, s3policy);
    }
  
    return rgw::s3::create_canned_acl(owner, s->bucket_owner,
author	Casey Bodley <cbodley@redhat.com>
	Thu, 16 Nov 2023 21:38:31 +0000 (16:38 -0500)
committer	Casey Bodley <cbodley@redhat.com>
	Thu, 30 Nov 2023 15:58:49 +0000 (10:58 -0500)
src/rgw/rgw_acl_s3.cc		patch \| blob \| history
src/rgw/rgw_acl_s3.h		patch \| blob \| history
src/rgw/rgw_common.cc		patch \| blob \| history
src/rgw/rgw_common.h		patch \| blob \| history
src/rgw/rgw_rest_s3.cc		patch \| blob \| history