rgw: Replaced rgw userid with tenant in ARN for Roles.

Signed-off-by: Pritha Srivastava <prsrivas@redhat.com>

diff --git a/src/rgw/rgw_admin.cc b/src/rgw/rgw_admin.cc
index 0612cfc691c5c74aa74358f3f8d6d668a535826d..fd1100f3255cf0c350d7b65841efa04563ac6f3b 100644 (file)
--- a/src/rgw/rgw_admin.cc
+++ b/src/rgw/rgw_admin.cc
@@ -2814,15 +2814,6 @@ int main(int argc, const char **argv)
       ++i;
     }
   }
-  if (tenant.empty()) {
-    tenant = user_id.tenant;
-  } else {
-    if (user_id.empty()) {
-      cerr << "ERROR: --tenant is set, but there's no user ID" << std::endl;
-      return EINVAL;
-    }
-    user_id.tenant = tenant;
-  }
 
   if (args.empty()) {
     return usage();
@@ -2862,6 +2853,15 @@ int main(int argc, const char **argv)
       }
     }
 
+    if (tenant.empty()) {
+      tenant = user_id.tenant;
+    } else {
+      if (user_id.empty() && opt_cmd != OPT_ROLE_CREATE) {
+        cerr << "ERROR: --tenant is set, but there's no user ID" << std::endl;
+        return EINVAL;
+      }
+      user_id.tenant = tenant;
+    }
     /* check key parameter conflict */
     if ((!access_key.empty()) && gen_access_key) {
         cerr << "ERROR: key parameter conflict, --access-key & --gen-access-key" << std::endl;
@@ -4593,10 +4593,8 @@ int main(int argc, const char **argv)
     return 0;
   case OPT_ROLE_CREATE:
     {
-      string uid;
-      user_id.to_str(uid);
-      if (role_name.empty() || assume_role_doc.empty() || uid.empty()) {
-        cerr << "ERROR: one of role name or assume role policy document or uid is empty" << std::endl;
+      if (role_name.empty() || assume_role_doc.empty()) {
+        cerr << "ERROR: one of role name or assume role policy document is empty" << std::endl;
         return -EINVAL;
       }
       /* The following two calls will be replaced by read_decode_json or something
@@ -4613,7 +4611,7 @@ int main(int argc, const char **argv)
         return -EINVAL;
       }
       string trust_policy = bl.to_str();
-      RGWRole role(g_ceph_context, store, role_name, path, trust_policy, uid);
+      RGWRole role(g_ceph_context, store, role_name, path, trust_policy, tenant);
       ret = role.create(true);
       if (ret < 0) {
         return -ret;

diff --git a/src/rgw/rgw_rest_role.cc b/src/rgw/rgw_rest_role.cc
index 31d8e996c667b09ee021ded9c70c523f2b709d1c..36e1787f57ae8588444c2542150f6cd6ebbc404f 100644 (file)
--- a/src/rgw/rgw_rest_role.cc
+++ b/src/rgw/rgw_rest_role.cc
@@ -77,9 +77,7 @@ void RGWCreateRole::execute()
   if (op_ret < 0) {
     return;
   }
-  string uid;
-  s->user->user_id.to_str(uid);
-  RGWRole role(s->cct, store, role_name, role_path, trust_policy, uid);
+  RGWRole role(s->cct, store, role_name, role_path, trust_policy, s->user->user_id.tenant);
   op_ret = role.create(true);
 
   if (op_ret == -EEXIST) {

diff --git a/src/rgw/rgw_role.cc b/src/rgw/rgw_role.cc
index 9ccc20e70e3a22730005199dd6a8283940e817ec..b718aa9d62b92c1a82a47ce967d721b204eeb88c 100644 (file)
--- a/src/rgw/rgw_role.cc
+++ b/src/rgw/rgw_role.cc
@@ -78,7 +78,7 @@ int RGWRole::create(bool exclusive)
   id = uuid_str;
 
   //arn
-  arn = role_arn_prefix + uid + ":role" + path + name;
+  arn = role_arn_prefix + tenant + ":role" + path + name;
 
   // Creation time
   real_clock::time_point t = real_clock::now();

diff --git a/src/rgw/rgw_role.h b/src/rgw/rgw_role.h
index f8a60a4c5680d50195bcfb6f3dd421235241f1c4..861a797662bb8c9467ebcb8b71858d95db89cd02 100644 (file)
--- a/src/rgw/rgw_role.h
+++ b/src/rgw/rgw_role.h
@@ -17,7 +17,7 @@ class RGWRole
   string creation_date;
   string trust_policy;
   map<string, string> perm_policy_map;
-  string uid;
+  string tenant;
 
   int store_info(bool exclusive);
   int store_name(bool exclusive);
@@ -33,13 +33,13 @@ public:
           string name,
           string path,
           string trust_policy,
-          string uid)
+          string tenant)
   : cct(cct),
     store(store),
     name(std::move(name)),
     path(std::move(path)),
     trust_policy(std::move(trust_policy)),
-    uid(std::move(uid)) {
+    tenant(std::move(tenant)) {
     if (this->path.empty())
       this->path = "/";
   }