"will be located in the path that is specified here. "),
Option("rgw_enable_apis", Option::TYPE_STR, Option::LEVEL_ADVANCED)
- .set_default("s3, s3website, swift, swift_auth, admin, sts, pubsub")
+ .set_default("s3, s3website, swift, swift_auth, admin, sts, iam, pubsub")
.set_description("A list of set of RESTful APIs that rgw handles."),
Option("rgw_cache_enabled", Option::TYPE_BOOL, Option::LEVEL_ADVANCED)
rgw_sts.cc
rgw_rest_sts.cc
rgw_perf_counters.cc
- rgw_object_lock.cc)
+ rgw_object_lock.cc
+ rgw_rest_iam.cc)
if(WITH_RADOSGW_AMQP_ENDPOINT)
list(APPEND librgw_common_srcs rgw_amqp.cc)
{ ERR_EMAIL_EXIST, {409, "EmailExists" }},
{ ERR_KEY_EXIST, {409, "KeyExists"}},
{ ERR_TAG_CONFLICT, {409, "OperationAborted"}},
- { ERR_ROLE_EXISTS, {409, "EntityAlreadyExists"}},
- { ERR_DELETE_CONFLICT, {409, "DeleteConflict"}},
{ ERR_POSITION_NOT_EQUAL_TO_LENGTH, {409, "PositionNotEqualToLength"}},
{ ERR_OBJECT_NOT_APPENDABLE, {409, "ObjectNotAppendable"}},
{ ERR_INVALID_BUCKET_STATE, {409, "InvalidBucketState"}},
{ ERR_INVALID_IDENTITY_TOKEN, {400, "InvalidIdentityToken" }},
});
+rgw_http_errors rgw_http_iam_errors({
+ { ERR_ROLE_EXISTS, {409, "EntityAlreadyExists"}},
+ { ERR_DELETE_CONFLICT, {409, "DeleteConflict"}},
+});
+
using namespace ceph::crypto;
rgw_err::
return;
}
+ if (prot_flags & RGW_REST_IAM) {
+ if (search_err(rgw_http_iam_errors, err_no, err.http_ret, err.err_code))
+ return;
+ }
+
//Default to searching in s3 errors
if (search_err(rgw_http_s3_errors, err_no, err.http_ret, err.err_code))
return;
#define RGW_REST_S3 0x4
#define RGW_REST_WEBSITE 0x8
#define RGW_REST_STS 0x10
+#define RGW_REST_IAM 0x20
#define RGW_SUSPENDED_USER_AUID (uint64_t)-2
extern rgw_http_errors rgw_http_sts_errors;
+extern rgw_http_errors rgw_http_iam_errors;
+
static inline int rgw_http_error_to_errno(int http_err)
{
if (http_err >= 200 && http_err <= 299)
// S3 website mode is a specialization of S3
const bool s3website_enabled = apis_map.count("s3website") > 0;
const bool sts_enabled = apis_map.count("sts") > 0;
+ const bool iam_enabled = apis_map.count("iam") > 0;
const bool pubsub_enabled = apis_map.count("pubsub") > 0;
// Swift API entrypoint could placed in the root instead of S3
const bool swift_at_root = g_conf()->rgw_swift_url_prefix == "/";
if (apis_map.count("s3") > 0 || s3website_enabled) {
if (! swift_at_root) {
rest.register_default_mgr(set_logging(rest_filter(store, RGW_REST_S3,
- new RGWRESTMgr_S3(s3website_enabled, sts_enabled, pubsub_enabled))));
+ new RGWRESTMgr_S3(s3website_enabled, sts_enabled, iam_enabled, pubsub_enabled))));
} else {
derr << "Cannot have the S3 or S3 Website enabled together with "
<< "Swift API placed in the root of hierarchy" << dendl;
#include <limits.h>
#include <boost/algorithm/string.hpp>
+#include <boost/tokenizer.hpp>
#include "common/Formatter.h"
#include "common/HTMLFormatter.h"
#include "common/utf8.h"
#include "rgw_common.h"
#include "rgw_rados.h"
#include "rgw_zone.h"
+#include "rgw_auth_s3.h"
#include "rgw_formats.h"
#include "rgw_op.h"
#include "rgw_rest.h"
--- /dev/null
+// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
+// vim: ts=8 sw=2 smarttab
+
+#include <boost/tokenizer.hpp>
+
+#include "rgw_rest.h"
+#include "rgw_rest_iam.h"
+
+#include "rgw_request.h"
+#include "rgw_process.h"
+
+#include "rgw_rest_role.h"
+#include "rgw_rest_user_policy.h"
+
+#define dout_context g_ceph_context
+#define dout_subsys ceph_subsys_rgw
+
+void RGWHandler_REST_IAM::rgw_iam_parse_input()
+{
+ if (post_body.size() > 0) {
+ ldout(s->cct, 10) << "Content of POST: " << post_body << dendl;
+
+ if (post_body.find("Action") != string::npos) {
+ boost::char_separator<char> sep("&");
+ boost::tokenizer<boost::char_separator<char>> tokens(post_body, sep);
+ for (const auto& t : tokens) {
+ auto pos = t.find("=");
+ if (pos != string::npos) {
+ std::string key = t.substr(0, pos);
+ std::string value = t.substr(pos + 1, t.size() - 1);
+ if (key == "AssumeRolePolicyDocument" || key == "Path" || key == "PolicyDocument") {
+ value = url_decode(value);
+ }
+ s->info.args.append(key, value);
+ }
+ }
+ }
+ }
+ auto payload_hash = rgw::auth::s3::calc_v4_payload_hash(post_body);
+ s->info.args.append("PayloadHash", payload_hash);
+}
+
+RGWOp *RGWHandler_REST_IAM::op_post()
+{
+ rgw_iam_parse_input();
+
+ if (s->info.args.exists("Action")) {
+ string action = s->info.args.get("Action");
+ if (action.compare("CreateRole") == 0)
+ return new RGWCreateRole;
+ if (action.compare("DeleteRole") == 0)
+ return new RGWDeleteRole;
+ if (action.compare("GetRole") == 0)
+ return new RGWGetRole;
+ if (action.compare("UpdateAssumeRolePolicy") == 0)
+ return new RGWModifyRole;
+ if (action.compare("ListRoles") == 0)
+ return new RGWListRoles;
+ if (action.compare("PutRolePolicy") == 0)
+ return new RGWPutRolePolicy;
+ if (action.compare("GetRolePolicy") == 0)
+ return new RGWGetRolePolicy;
+ if (action.compare("ListRolePolicies") == 0)
+ return new RGWListRolePolicies;
+ if (action.compare("DeleteRolePolicy") == 0)
+ return new RGWDeleteRolePolicy;
+ if (action.compare("PutUserPolicy") == 0)
+ return new RGWPutUserPolicy;
+ if (action.compare("GetUserPolicy") == 0)
+ return new RGWGetUserPolicy;
+ if (action.compare("ListUserPolicies") == 0)
+ return new RGWListUserPolicies;
+ if (action.compare("DeleteUserPolicy") == 0)
+ return new RGWDeleteUserPolicy;
+ }
+
+ return nullptr;
+}
+
+int RGWHandler_REST_IAM::init(RGWRados *store,
+ struct req_state *s,
+ rgw::io::BasicClient *cio)
+{
+ s->dialect = "iam";
+
+ if (int ret = RGWHandler_REST_IAM::init_from_header(s, RGW_FORMAT_XML, true); ret < 0) {
+ ldout(s->cct, 10) << "init_from_header returned err=" << ret << dendl;
+ return ret;
+ }
+
+ return RGWHandler_REST::init(store, s, cio);
+}
+
+int RGWHandler_REST_IAM::authorize(const DoutPrefixProvider* dpp)
+{
+ return RGW_Auth_S3::authorize(dpp, store, auth_registry, s);
+}
+
+int RGWHandler_REST_IAM::init_from_header(struct req_state* s,
+ int default_formatter,
+ bool configurable_format)
+{
+ string req;
+ string first;
+
+ s->prot_flags = RGW_REST_IAM;
+
+ const char *p, *req_name;
+ if (req_name = s->relative_uri.c_str(); *req_name == '?') {
+ p = req_name;
+ } else {
+ p = s->info.request_params.c_str();
+ }
+
+ s->info.args.set(p);
+ s->info.args.parse();
+
+ /* must be called after the args parsing */
+ if (int ret = allocate_formatter(s, default_formatter, configurable_format); ret < 0)
+ return ret;
+
+ if (*req_name != '/')
+ return 0;
+
+ req_name++;
+
+ if (!*req_name)
+ return 0;
+
+ req = req_name;
+ int pos = req.find('/');
+ if (pos >= 0) {
+ first = req.substr(0, pos);
+ } else {
+ first = req;
+ }
+
+ return 0;
+}
+
+RGWHandler_REST*
+RGWRESTMgr_IAM::get_handler(struct req_state* const s,
+ const rgw::auth::StrategyRegistry& auth_registry,
+ const std::string& frontend_prefix)
+{
+ return new RGWHandler_REST_IAM(auth_registry);
+}
--- /dev/null
+// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
+// vim: ts=8 sw=2 smarttab
+
+#ifndef CEPH_RGW_REST_IAM_H
+#define CEPH_RGW_REST_IAM_H
+
+#include "rgw_auth.h"
+#include "rgw_auth_filters.h"
+
+class RGWHandler_REST_IAM : public RGWHandler_REST {
+ const rgw::auth::StrategyRegistry& auth_registry;
+ const string& post_body;
+ RGWOp *op_post() override;
+ void rgw_iam_parse_input();
+public:
+
+ static int init_from_header(struct req_state *s, int default_formatter, bool configurable_format);
+
+ RGWHandler_REST_IAM(const rgw::auth::StrategyRegistry& auth_registry, const string& post_body="")
+ : RGWHandler_REST(),
+ auth_registry(auth_registry),
+ post_body(post_body) {}
+ ~RGWHandler_REST_IAM() override = default;
+
+ int init(RGWRados *store,
+ struct req_state *s,
+ rgw::io::BasicClient *cio) override;
+ int authorize(const DoutPrefixProvider* dpp) override;
+ int postauth_init() override { return 0; }
+};
+
+class RGWRESTMgr_IAM : public RGWRESTMgr {
+public:
+ RGWRESTMgr_IAM() = default;
+ ~RGWRESTMgr_IAM() override = default;
+
+ RGWRESTMgr *get_resource_mgr(struct req_state* const s,
+ const std::string& uri,
+ std::string* const out_uri) override {
+ return this;
+ }
+
+ RGWHandler_REST* get_handler(struct req_state*,
+ const rgw::auth::StrategyRegistry&,
+ const std::string&) override;
+};
+
+#endif /* CEPH_RGW_REST_STS_H */
+
set_req_state_err(s, op_ret);
}
dump_errno(s);
- end_header(s);
+ end_header(s, this);
}
int RGWRoleRead::check_caps(RGWUserCaps& caps)
}
if (op_ret == 0) {
- s->formatter->open_object_section("role");
+ s->formatter->open_object_section("CreateRoleResponse");
+ s->formatter->open_object_section("CreateRoleResult");
+ s->formatter->open_object_section("Role");
role.dump(s->formatter);
s->formatter->close_section();
+ s->formatter->close_section();
+ s->formatter->open_object_section("ResponseMetadata");
+ s->formatter->dump_string("RequestId", s->trans_id);
+ s->formatter->close_section();
+ s->formatter->close_section();
}
}
if (op_ret == -ENOENT) {
op_ret = -ERR_NO_ROLE_FOUND;
}
+
+ s->formatter->open_object_section("DeleteRoleResponse");
+ s->formatter->open_object_section("ResponseMetadata");
+ s->formatter->dump_string("RequestId", s->trans_id);
+ s->formatter->close_section();
+ s->formatter->close_section();
}
int RGWGetRole::verify_permission()
op_ret = _verify_permission(role);
if (op_ret == 0) {
- s->formatter->open_object_section("role");
+ s->formatter->open_object_section("GetRoleResponse");
+ s->formatter->open_object_section("ResponseMetadata");
+ s->formatter->dump_string("RequestId", s->trans_id);
+ s->formatter->close_section();
+ s->formatter->open_object_section("GetRoleResult");
+ s->formatter->open_object_section("Role");
role.dump(s->formatter);
s->formatter->close_section();
+ s->formatter->close_section();
+ s->formatter->close_section();
}
}
_role.update_trust_policy(trust_policy);
op_ret = _role.update();
+ s->formatter->open_object_section("UpdateAssumeRolePolicyResponse");
+ s->formatter->open_object_section("ResponseMetadata");
+ s->formatter->dump_string("RequestId", s->trans_id);
+ s->formatter->close_section();
+ s->formatter->close_section();
}
int RGWListRoles::verify_permission()
op_ret = RGWRole::get_roles_by_path_prefix(store, s->cct, path_prefix, s->user->user_id.tenant, result);
if (op_ret == 0) {
- s->formatter->open_array_section("Roles");
+ s->formatter->open_array_section("ListRolesResponse");
+ s->formatter->open_object_section("ResponseMetadata");
+ s->formatter->dump_string("RequestId", s->trans_id);
+ s->formatter->close_section();
+ s->formatter->open_array_section("ListRolesResult");
+ s->formatter->open_object_section("Roles");
for (const auto& it : result) {
- s->formatter->open_object_section("role");
+ s->formatter->open_object_section("member");
it.dump(s->formatter);
s->formatter->close_section();
}
s->formatter->close_section();
+ s->formatter->close_section();
+ s->formatter->close_section();
}
}
_role.set_perm_policy(policy_name, perm_policy);
op_ret = _role.update();
+
+ if (op_ret == 0) {
+ s->formatter->open_object_section("PutRolePolicyResponse");
+ s->formatter->open_object_section("ResponseMetadata");
+ s->formatter->dump_string("RequestId", s->trans_id);
+ s->formatter->close_section();
+ s->formatter->close_section();
+ }
}
int RGWGetRolePolicy::get_params()
string perm_policy;
op_ret = _role.get_role_policy(policy_name, perm_policy);
+ if (op_ret == -ENOENT) {
+ op_ret = -ERR_NO_SUCH_ENTITY;
+ }
+
if (op_ret == 0) {
+ s->formatter->open_object_section("GetRolePolicyResponse");
+ s->formatter->open_object_section("ResponseMetadata");
+ s->formatter->dump_string("RequestId", s->trans_id);
+ s->formatter->close_section();
s->formatter->open_object_section("GetRolePolicyResult");
s->formatter->dump_string("PolicyName", policy_name);
s->formatter->dump_string("RoleName", role_name);
s->formatter->dump_string("Permission policy", perm_policy);
s->formatter->close_section();
+ s->formatter->close_section();
}
}
}
std::vector<string> policy_names = _role.get_role_policy_names();
+ s->formatter->open_object_section("ListRolePoliciesResponse");
+ s->formatter->open_object_section("ResponseMetadata");
+ s->formatter->dump_string("RequestId", s->trans_id);
+ s->formatter->close_section();
+ s->formatter->open_object_section("ListRolePoliciesResult");
s->formatter->open_array_section("PolicyNames");
for (const auto& it : policy_names) {
s->formatter->dump_string("member", it);
}
s->formatter->close_section();
+ s->formatter->close_section();
+ s->formatter->close_section();
}
int RGWDeleteRolePolicy::get_params()
if (op_ret == 0) {
op_ret = _role.update();
}
+
+ s->formatter->open_object_section("DeleteRolePoliciesResponse");
+ s->formatter->open_object_section("ResponseMetadata");
+ s->formatter->dump_string("RequestId", s->trans_id);
+ s->formatter->close_section();
+ s->formatter->close_section();
}
#include "include/ceph_assert.h"
#include "rgw_role.h"
#include "rgw_rest_sts.h"
+#include "rgw_rest_iam.h"
#include "rgw_sts.h"
#define dout_context g_ceph_context
{
const auto max_size = s->cct->_conf->rgw_max_put_param_size;
- int ret;
+ int ret = 0;
bufferlist data;
std::tie(ret, data) = rgw_rest_read_all_input(s, max_size, false);
- if (ret < 0) {
- return nullptr;
- }
+ string post_body = data.to_str();
- const auto post_body = data.to_str();
-
- if (s->info.args.exists("Action")) {
- string action = s->info.args.get("Action");
- if (action.compare("CreateRole") == 0)
- return new RGWCreateRole;
- if (action.compare("DeleteRole") == 0)
- return new RGWDeleteRole;
- if (action.compare("GetRole") == 0)
- return new RGWGetRole;
- if (action.compare("UpdateAssumeRolePolicy") == 0)
- return new RGWModifyRole;
- if (action.compare("ListRoles") == 0)
- return new RGWListRoles;
- if (action.compare("PutRolePolicy") == 0)
- return new RGWPutRolePolicy;
- if (action.compare("GetRolePolicy") == 0)
- return new RGWGetRolePolicy;
- if (action.compare("ListRolePolicies") == 0)
- return new RGWListRolePolicies;
- if (action.compare("DeleteRolePolicy") == 0)
- return new RGWDeleteRolePolicy;
- if (action.compare("PutUserPolicy") == 0)
- return new RGWPutUserPolicy;
- if (action.compare("GetUserPolicy") == 0)
- return new RGWGetUserPolicy;
- if (action.compare("ListUserPolicies") == 0)
- return new RGWListUserPolicies;
- if (action.compare("DeleteUserPolicy") == 0)
- return new RGWDeleteUserPolicy;
- }
-
- if (isSTSenabled) {
+ if (this->isSTSenabled) {
RGWHandler_REST_STS sts_handler(auth_registry, post_body);
sts_handler.init(store, s, s->cio);
auto op = sts_handler.get_op(store);
return op;
}
}
+
+ if (this->isIAMenabled) {
+ RGWHandler_REST_IAM iam_handler(auth_registry, post_body);
+ iam_handler.init(store, s, s->cio);
+ auto op = iam_handler.get_op(store);
+ if (op) {
+ return op;
+ }
+ }
+
if (isPSenabled) {
RGWHandler_REST_PSTopic_AWS topic_handler(auth_registry, post_body);
topic_handler.init(store, s, s->cio);
auto op = topic_handler.get_op(store);
- if (op) {
- return op;
- }
}
return NULL;
}
} else {
if (s->init_state.url_bucket.empty()) {
- handler = new RGWHandler_REST_Service_S3(auth_registry, enable_sts, enable_pubsub);
+ handler = new RGWHandler_REST_Service_S3(auth_registry, enable_sts, enable_iam, enable_pubsub);
} else if (s->object.empty()) {
handler = new RGWHandler_REST_Bucket_S3(auth_registry, enable_pubsub);
} else {
bool is_non_s3_op = false;
if (s->op_type == RGW_STS_GET_SESSION_TOKEN ||
s->op_type == RGW_STS_ASSUME_ROLE ||
- s->op_type == RGW_STS_ASSUME_ROLE_WEB_IDENTITY) {
+ s->op_type == RGW_STS_ASSUME_ROLE_WEB_IDENTITY ||
+ s->op_type == RGW_OP_CREATE_ROLE ||
+ s->op_type == RGW_OP_DELETE_ROLE ||
+ s->op_type == RGW_OP_GET_ROLE ||
+ s->op_type == RGW_OP_MODIFY_ROLE ||
+ s->op_type == RGW_OP_LIST_ROLES ||
+ s->op_type == RGW_OP_PUT_ROLE_POLICY ||
+ s->op_type == RGW_OP_GET_ROLE_POLICY ||
+ s->op_type == RGW_OP_LIST_ROLE_POLICIES ||
+ s->op_type == RGW_OP_DELETE_ROLE_POLICY ||
+ s->op_type == RGW_OP_PUT_USER_POLICY ||
+ s->op_type == RGW_OP_GET_USER_POLICY ||
+ s->op_type == RGW_OP_LIST_USER_POLICIES ||
+ s->op_type == RGW_OP_DELETE_USER_POLICY) {
is_non_s3_op = true;
}
class RGWHandler_REST_Service_S3 : public RGWHandler_REST_S3 {
protected:
const bool isSTSenabled;
+ bool isIAMenabled;
const bool isPSenabled;
bool is_usage_op() {
return s->info.args.exists("usage");
RGWOp *op_post() override;
public:
RGWHandler_REST_Service_S3(const rgw::auth::StrategyRegistry& auth_registry,
- bool _isSTSenabled, bool _isPSenabled) :
- RGWHandler_REST_S3(auth_registry), isSTSenabled(_isSTSenabled), isPSenabled(_isPSenabled) {}
+ bool _isSTSenabled, bool _isIAMenabled, bool _isPSenabled) :
+ RGWHandler_REST_S3(auth_registry), isSTSenabled(_isSTSenabled), isIAMenabled(_isIAMenabled), isPSenabled(_isPSenabled) {}
~RGWHandler_REST_Service_S3() override = default;
};
private:
bool enable_s3website;
bool enable_sts;
+ bool enable_iam;
const bool enable_pubsub;
public:
- explicit RGWRESTMgr_S3(bool enable_s3website = false, bool enable_sts = false, bool _enable_pubsub = false)
+ explicit RGWRESTMgr_S3(bool enable_s3website = false, bool enable_sts = false, bool enable_iam = false, bool _enable_pubsub = false)
: enable_s3website(enable_s3website),
enable_sts(enable_sts),
+ enable_iam(enable_iam),
enable_pubsub(_enable_pubsub) {
}
#include "rgw_auth.h"
#include "rgw_auth_registry.h"
#include "rgw_rest_sts.h"
-#include "rgw_auth_s3.h"
#include "rgw_formats.h"
#include "rgw_client_io.h"
if (key == "RoleArn" || key == "Policy") {
value = url_decode(value);
}
- ldout(s->cct, 10) << "Key: " << key << "Value: " << value << dendl;
s->info.args.append(key, value);
}
}
string req;
string first;
- s->prot_flags |= RGW_REST_STS;
+ s->prot_flags = RGW_REST_STS;
const char *p, *req_name;
if (req_name = s->relative_uri.c_str(); *req_name == '?') {
void RGWRestUserPolicy::dump(Formatter *f) const
{
- encode_json("policyname", policy_name , f);
- encode_json("username", user_name , f);
- encode_json("policydocument", policy, f);
+ encode_json("Policyname", policy_name , f);
+ encode_json("Username", user_name , f);
+ encode_json("Policydocument", policy, f);
}
void RGWRestUserPolicy::send_response()
ldout(s->cct, 20) << "failed to parse policy: " << e.what() << dendl;
op_ret = -ERR_MALFORMED_DOC;
}
+
+ if (op_ret == 0) {
+ s->formatter->open_object_section("PutUserPolicyResponse");
+ s->formatter->open_object_section("ResponseMetadata");
+ s->formatter->dump_string("RequestId", s->trans_id);
+ s->formatter->close_section();
+ s->formatter->close_section();
+ }
}
uint64_t RGWGetUserPolicy::get_op()
}
if (op_ret == 0) {
+ s->formatter->open_object_section("GetUserPolicyResponse");
+ s->formatter->open_object_section("ResponseMetadata");
+ s->formatter->dump_string("RequestId", s->trans_id);
+ s->formatter->close_section();
+ s->formatter->open_object_section("GetUserPolicyResult");
map<string, string> policies;
if (auto it = uattrs.find(RGW_ATTR_USER_POLICY); it != uattrs.end()) {
bufferlist bl = uattrs[RGW_ATTR_USER_POLICY];
decode(policies, bl);
if (auto it = policies.find(policy_name); it != policies.end()) {
policy = policies[policy_name];
- s->formatter->open_object_section("userpolicy");
dump(s->formatter);
- s->formatter->close_section();
} else {
ldout(s->cct, 0) << "ERROR: policy not found" << policy << dendl;
op_ret = -ERR_NO_SUCH_ENTITY;
op_ret = -ERR_NO_SUCH_ENTITY;
return;
}
+ s->formatter->close_section();
+ s->formatter->close_section();
}
if (op_ret < 0) {
op_ret = -ERR_INTERNAL_ERROR;
if (op_ret == 0) {
map<string, string> policies;
if (auto it = uattrs.find(RGW_ATTR_USER_POLICY); it != uattrs.end()) {
+ s->formatter->open_object_section("ListUserPoliciesResponse");
+ s->formatter->open_object_section("ResponseMetadata");
+ s->formatter->dump_string("RequestId", s->trans_id);
+ s->formatter->close_section();
+ s->formatter->open_object_section("ListUserPoliciesResult");
bufferlist bl = uattrs[RGW_ATTR_USER_POLICY];
decode(policies, bl);
for (const auto& p : policies) {
- s->formatter->open_object_section("policies");
- s->formatter->dump_string("policy", p.first);
+ s->formatter->open_object_section("PolicyNames");
+ s->formatter->dump_string("member", p.first);
s->formatter->close_section();
}
+ s->formatter->close_section();
+ s->formatter->close_section();
} else {
ldout(s->cct, 0) << "ERROR: RGW_ATTR_USER_POLICY not found" << dendl;
op_ret = -ERR_NO_SUCH_ENTITY;
if (op_ret < 0) {
op_ret = -ERR_INTERNAL_ERROR;
}
+ if (op_ret == 0) {
+ s->formatter->open_object_section("DeleteUserPoliciesResponse");
+ s->formatter->open_object_section("ResponseMetadata");
+ s->formatter->dump_string("RequestId", s->trans_id);
+ s->formatter->close_section();
+ s->formatter->close_section();
+ }
} else {
op_ret = -ERR_NO_SUCH_ENTITY;
return;
const auto it = perm_policy_map.find(policy_name);
if (it == perm_policy_map.end()) {
ldout(cct, 0) << "ERROR: Policy name: " << policy_name << " not found" << dendl;
- return -EINVAL;
+ return -ENOENT;
} else {
perm_policy = it->second;
}
void RGWRole::dump(Formatter *f) const
{
- encode_json("id", id , f);
- encode_json("name", name , f);
- encode_json("path", path, f);
- encode_json("arn", arn, f);
- encode_json("create_date", creation_date, f);
- encode_json("max_session_duration", max_session_duration, f);
- encode_json("assume_role_policy_document", trust_policy, f);
+ encode_json("RoleId", id , f);
+ encode_json("RoleName", name , f);
+ encode_json("Path", path, f);
+ encode_json("Arn", arn, f);
+ encode_json("CreateDate", creation_date, f);
+ encode_json("MaxSessionDuration", max_session_duration, f);
+ encode_json("AssumeRolePolicyDocument", trust_policy, f);
}
void RGWRole::decode_json(JSONObj *obj)
projects / ceph.git / commitdiff