const string RGWRole::role_path_oid_prefix = "role_paths.";
const string RGWRole::role_arn_prefix = "arn:aws:iam::";
+void RGWRoleInfo::dump(Formatter *f) const
+{
+ encode_json("RoleId", id , f);
+ encode_json("RoleName", name , f);
+ encode_json("Path", path, f);
+ encode_json("Arn", arn, f);
+ encode_json("CreateDate", creation_date, f);
+ encode_json("MaxSessionDuration", max_session_duration, f);
+ encode_json("AssumeRolePolicyDocument", trust_policy, f);
+ if (!tags.empty()) {
+ f->open_array_section("Tags");
+ for (const auto& it : tags) {
+ f->open_object_section("Key");
+ encode_json("Key", it.first, f);
+ f->close_section();
+ f->open_object_section("Value");
+ encode_json("Value", it.second, f);
+ f->close_section();
+ }
+ f->close_section();
+ }
+}
+
+void RGWRoleInfo::decode_json(JSONObj *obj)
+{
+ JSONDecoder::decode_json("RoleId", id, obj);
+ JSONDecoder::decode_json("RoleName", name, obj);
+ JSONDecoder::decode_json("Path", path, obj);
+ JSONDecoder::decode_json("Arn", arn, obj);
+ JSONDecoder::decode_json("CreateDate", creation_date, obj);
+ JSONDecoder::decode_json("MaxSessionDuration", max_session_duration, obj);
+ JSONDecoder::decode_json("AssumeRolePolicyDocument", trust_policy, obj);
+}
+
+RGWRole::RGWRole(std::string name,
+ std::string tenant,
+ std::string path,
+ std::string trust_policy,
+ std::string max_session_duration_str,
+ std::multimap<std::string,std::string> tags)
+{
+ info.name = std::move(name);
+ info.path = std::move(path);
+ info.trust_policy = std::move(trust_policy);
+ info.tenant = std::move(tenant);
+ info.tags = std::move(tags);
+ if (this->info.path.empty())
+ this->info.path = "/";
+ extract_name_tenant(this->info.name);
+ if (max_session_duration_str.empty()) {
+ info.max_session_duration = SESSION_DURATION_MIN;
+ } else {
+ info.max_session_duration = std::stoull(max_session_duration_str);
+ }
+ info.mtime = real_time();
+}
+
+RGWRole::RGWRole(std::string id)
+{
+ info.id = std::move(id);
+}
+
int RGWRole::get(const DoutPrefixProvider *dpp, optional_yield y)
{
int ret = read_name(dpp, y);
return 0;
}
+void RGWRole::dump(Formatter *f) const
+{
+ info.dump(f);
+}
+
+void RGWRole::decode_json(JSONObj *obj)
+{
+ info.decode_json(obj);
+}
+
+bool RGWRole::validate_input(const DoutPrefixProvider* dpp)
+{
+ if (info.name.length() > MAX_ROLE_NAME_LEN) {
+ ldpp_dout(dpp, 0) << "ERROR: Invalid name length " << dendl;
+ return false;
+ }
+
+ if (info.path.length() > MAX_PATH_NAME_LEN) {
+ ldpp_dout(dpp, 0) << "ERROR: Invalid path length " << dendl;
+ return false;
+ }
+
+ std::regex regex_name("[A-Za-z0-9:=,.@-]+");
+ if (! std::regex_match(info.name, regex_name)) {
+ ldpp_dout(dpp, 0) << "ERROR: Invalid chars in name " << dendl;
+ return false;
+ }
+
+ std::regex regex_path("(/[!-~]+/)|(/)");
+ if (! std::regex_match(info.path,regex_path)) {
+ ldpp_dout(dpp, 0) << "ERROR: Invalid chars in path " << dendl;
+ return false;
+ }
+
+ if (info.max_session_duration < SESSION_DURATION_MIN ||
+ info.max_session_duration > SESSION_DURATION_MAX) {
+ ldpp_dout(dpp, 0) << "ERROR: Invalid session duration, should be between 3600 and 43200 seconds " << dendl;
+ return false;
+ }
+ return true;
+}
+
+void RGWRole::extract_name_tenant(const std::string& str) {
+ if (auto pos = str.find('$');
+ pos != std::string::npos) {
+ info.tenant = str.substr(0, pos);
+ info.name = str.substr(pos+1);
+ }
+}
+
int RGWRole::update(const DoutPrefixProvider *dpp, optional_yield y)
{
int ret = store_info(dpp, false, y);
if (ret < 0) {
ldpp_dout(dpp, 0) << "ERROR: storing info in Role pool: "
- << id << ": " << cpp_strerror(-ret) << dendl;
+ << info.id << ": " << cpp_strerror(-ret) << dendl;
return ret;
}
void RGWRole::set_perm_policy(const string& policy_name, const string& perm_policy)
{
- perm_policy_map[policy_name] = perm_policy;
+ info.perm_policy_map[policy_name] = perm_policy;
}
vector<string> RGWRole::get_role_policy_names()
{
vector<string> policy_names;
- for (const auto& it : perm_policy_map)
+ for (const auto& it : info.perm_policy_map)
{
policy_names.push_back(std::move(it.first));
}
int RGWRole::get_role_policy(const DoutPrefixProvider* dpp, const string& policy_name, string& perm_policy)
{
- const auto it = perm_policy_map.find(policy_name);
- if (it == perm_policy_map.end()) {
+ const auto it = info.perm_policy_map.find(policy_name);
+ if (it == info.perm_policy_map.end()) {
ldpp_dout(dpp, 0) << "ERROR: Policy name: " << policy_name << " not found" << dendl;
return -ENOENT;
} else {
int RGWRole::delete_policy(const DoutPrefixProvider* dpp, const string& policy_name)
{
- const auto& it = perm_policy_map.find(policy_name);
- if (it == perm_policy_map.end()) {
+ const auto& it = info.perm_policy_map.find(policy_name);
+ if (it == info.perm_policy_map.end()) {
ldpp_dout(dpp, 0) << "ERROR: Policy name: " << policy_name << " not found" << dendl;
return -ENOENT;
} else {
- perm_policy_map.erase(it);
+ info.perm_policy_map.erase(it);
}
return 0;
}
-void RGWRole::dump(Formatter *f) const
-{
- encode_json("RoleId", id , f);
- encode_json("RoleName", name , f);
- encode_json("Path", path, f);
- encode_json("Arn", arn, f);
- encode_json("CreateDate", creation_date, f);
- encode_json("MaxSessionDuration", max_session_duration, f);
- encode_json("AssumeRolePolicyDocument", trust_policy, f);
- if (!tags.empty()) {
- f->open_array_section("Tags");
- for (const auto& it : tags) {
- f->open_object_section("Key");
- encode_json("Key", it.first, f);
- f->close_section();
- f->open_object_section("Value");
- encode_json("Value", it.second, f);
- f->close_section();
- }
- f->close_section();
- }
-}
-
-void RGWRole::decode_json(JSONObj *obj)
-{
- JSONDecoder::decode_json("RoleId", id, obj);
- JSONDecoder::decode_json("RoleName", name, obj);
- JSONDecoder::decode_json("Path", path, obj);
- JSONDecoder::decode_json("Arn", arn, obj);
- JSONDecoder::decode_json("CreateDate", creation_date, obj);
- JSONDecoder::decode_json("MaxSessionDuration", max_session_duration, obj);
- JSONDecoder::decode_json("AssumeRolePolicyDocument", trust_policy, obj);
-}
-
-bool RGWRole::validate_input(const DoutPrefixProvider* dpp)
-{
- if (name.length() > MAX_ROLE_NAME_LEN) {
- ldpp_dout(dpp, 0) << "ERROR: Invalid name length " << dendl;
- return false;
- }
-
- if (path.length() > MAX_PATH_NAME_LEN) {
- ldpp_dout(dpp, 0) << "ERROR: Invalid path length " << dendl;
- return false;
- }
-
- std::regex regex_name("[A-Za-z0-9:=,.@-]+");
- if (! std::regex_match(name, regex_name)) {
- ldpp_dout(dpp, 0) << "ERROR: Invalid chars in name " << dendl;
- return false;
- }
-
- std::regex regex_path("(/[!-~]+/)|(/)");
- if (! std::regex_match(path,regex_path)) {
- ldpp_dout(dpp, 0) << "ERROR: Invalid chars in path " << dendl;
- return false;
- }
-
- if (max_session_duration < SESSION_DURATION_MIN ||
- max_session_duration > SESSION_DURATION_MAX) {
- ldpp_dout(dpp, 0) << "ERROR: Invalid session duration, should be between 3600 and 43200 seconds " << dendl;
- return false;
- }
- return true;
-}
-
-void RGWRole::extract_name_tenant(const std::string& str) {
- if (auto pos = str.find('$');
- pos != std::string::npos) {
- tenant = str.substr(0, pos);
- name = str.substr(pos+1);
- }
-}
-
void RGWRole::update_trust_policy(string& trust_policy)
{
- this->trust_policy = trust_policy;
+ this->info.trust_policy = trust_policy;
}
int RGWRole::set_tags(const DoutPrefixProvider* dpp, const multimap<string,string>& tags_map)
{
for (auto& it : tags_map) {
- this->tags.emplace(it.first, it.second);
+ this->info.tags.emplace(it.first, it.second);
}
- if (this->tags.size() > 50) {
+ if (this->info.tags.size() > 50) {
ldpp_dout(dpp, 0) << "No. of tags is greater than 50" << dendl;
return -EINVAL;
}
boost::optional<multimap<string,string>> RGWRole::get_tags()
{
- if(this->tags.empty()) {
+ if(this->info.tags.empty()) {
return boost::none;
}
- return this->tags;
+ return this->info.tags;
}
void RGWRole::erase_tags(const vector<string>& tagKeys)
{
for (auto& it : tagKeys) {
- this->tags.erase(it);
+ this->info.tags.erase(it);
}
}
base_init(role_svc->ctx(), role_svc->get_be_handler());
}
-void RGWRoleCompleteInfo::dump(ceph::Formatter *f) const
-{
- info->dump(f);
- if (has_attrs) {
- encode_json("attrs", info->get_attrs(), f);
- }
-}
-
-void RGWRoleCompleteInfo::decode_json(JSONObj *obj)
-{
- decode_json_obj(*info, obj);
- has_attrs = JSONDecoder::decode_json("attrs", info->get_attrs(), obj);
-}
-
-
RGWMetadataObject *RGWRoleMetadataHandler::get_meta_obj(JSONObj *jo,
const obj_version& objv,
const ceph::real_time& mtime)
{
- RGWRoleCompleteInfo rci;
+ RGWRoleInfo info;
try {
- decode_json_obj(rci, jo);
+ info.decode_json(jo);
} catch (JSONDecoder:: err& e) {
return nullptr;
}
- return new RGWRoleMetadataObject(rci, objv, mtime);
+ return new RGWRoleMetadataObject(info, objv, mtime, store);
}
int RGWRoleMetadataHandler::do_get(RGWSI_MetaBackend_Handler::Op *op,
optional_yield y,
const DoutPrefixProvider *dpp)
{
- RGWRoleCompleteInfo rci;
std::unique_ptr<rgw::sal::RGWRole> role = store->get_role(entry);
- rci.info = role.get();
- int ret = rci.info->read_info(dpp, y, false);
+ int ret = role->read_info(dpp, y, false);
if (ret < 0) {
return ret;
}
- RGWObjVersionTracker objv_tracker = rci.info->get_objv_tracker();
- real_time mtime = rci.info->get_mtime();
+ RGWObjVersionTracker objv_tracker = role->get_objv_tracker();
+ real_time mtime = role->get_mtime();
- RGWRoleMetadataObject *rdo = new RGWRoleMetadataObject(rci, objv_tracker.read_version,
- mtime);
+ RGWRoleInfo info = role->get_info();
+ RGWRoleMetadataObject *rdo = new RGWRoleMetadataObject(info, objv_tracker.read_version,
+ mtime, store);
*obj = rdo;
return 0;
}
int put_checked(const DoutPrefixProvider *dpp) override {
- auto& rci = mdo->get_rci();
+ auto& info = mdo->get_role_info();
auto mtime = mdo->get_mtime();
- rci.info->set_mtime(mtime);
- int ret = rci.info->create(dpp, true, y, false);
+ auto* store = mdo->get_store();
+ info.mtime = mtime;
+ std::unique_ptr<rgw::sal::RGWRole> role = store->get_role(info);
+ int ret = role->create(dpp, true, y, false);
return ret < 0 ? ret : STATUS_APPLIED;
}
};
class RGWRados;
namespace rgw { namespace sal {
-class RGWRole
+struct RGWRoleInfo
{
-public:
- static const std::string role_name_oid_prefix;
- static const std::string role_oid_prefix;
- static const std::string role_path_oid_prefix;
- static const std::string role_arn_prefix;
- static constexpr int MAX_ROLE_NAME_LEN = 64;
- static constexpr int MAX_PATH_NAME_LEN = 512;
- static constexpr uint64_t SESSION_DURATION_MIN = 3600; // in seconds
- static constexpr uint64_t SESSION_DURATION_MAX = 43200; // in seconds
-protected:
-
std::string id;
std::string name;
std::string path;
RGWObjVersionTracker objv_tracker;
real_time mtime;
-public:
- virtual int store_info(const DoutPrefixProvider *dpp, bool exclusive, optional_yield y, bool addprefix=true) = 0;
- virtual int store_name(const DoutPrefixProvider *dpp, bool exclusive, optional_yield y) = 0;
- virtual int store_path(const DoutPrefixProvider *dpp, bool exclusive, optional_yield y) = 0;
- virtual int read_id(const DoutPrefixProvider *dpp, const std::string& role_name, const std::string& tenant, std::string& role_id, optional_yield y) = 0;
- virtual int read_name(const DoutPrefixProvider *dpp, optional_yield y) = 0;
- virtual int read_info(const DoutPrefixProvider *dpp, optional_yield y, bool addprefix=true) = 0;
- bool validate_input(const DoutPrefixProvider* dpp);
- void extract_name_tenant(const std::string& str);
+ RGWRoleInfo() = default;
- RGWRole(std::string name,
- std::string tenant,
- std::string path="",
- std::string trust_policy="",
- std::string max_session_duration_str="",
- std::multimap<std::string,std::string> tags={})
- : name(std::move(name)),
- path(std::move(path)),
- trust_policy(std::move(trust_policy)),
- tenant(std::move(tenant)),
- tags(std::move(tags)) {
- if (this->path.empty())
- this->path = "/";
- extract_name_tenant(name);
- if (max_session_duration_str.empty()) {
- max_session_duration = SESSION_DURATION_MIN;
- } else {
- max_session_duration = std::stoull(max_session_duration_str);
- }
- mtime = real_time();
- }
-
- RGWRole(std::string id) : id(std::move(id)) {}
-
- RGWRole() = default;
-
- virtual ~RGWRole() = default;
+ virtual ~RGWRoleInfo() = default;
void encode(bufferlist& bl) const {
ENCODE_START(3, 1, bl);
DECODE_FINISH(bl);
}
- const std::string& get_id() const { return id; }
- const std::string& get_name() const { return name; }
- const std::string& get_tenant() const { return tenant; }
- const std::string& get_path() const { return path; }
- const std::string& get_create_date() const { return creation_date; }
- const std::string& get_assume_role_policy() const { return trust_policy;}
- const uint64_t& get_max_session_duration() const { return max_session_duration; }
- const RGWObjVersionTracker& get_objv_tracker() const { return objv_tracker; }
- const real_time& get_mtime() const { return mtime; }
- std::map<std::string, bufferlist>& get_attrs() { return attrs; }
+ void dump(Formatter *f) const;
+ void decode_json(JSONObj *obj);
+};
+WRITE_CLASS_ENCODER(RGWRoleInfo)
+
+class RGWRole
+{
+public:
+ static const std::string role_name_oid_prefix;
+ static const std::string role_oid_prefix;
+ static const std::string role_path_oid_prefix;
+ static const std::string role_arn_prefix;
+ static constexpr int MAX_ROLE_NAME_LEN = 64;
+ static constexpr int MAX_PATH_NAME_LEN = 512;
+ static constexpr uint64_t SESSION_DURATION_MIN = 3600; // in seconds
+ static constexpr uint64_t SESSION_DURATION_MAX = 43200; // in seconds
+protected:
+ RGWRoleInfo info;
+public:
+ virtual int store_info(const DoutPrefixProvider *dpp, bool exclusive, optional_yield y, bool addprefix=true) = 0;
+ virtual int store_name(const DoutPrefixProvider *dpp, bool exclusive, optional_yield y) = 0;
+ virtual int store_path(const DoutPrefixProvider *dpp, bool exclusive, optional_yield y) = 0;
+ virtual int read_id(const DoutPrefixProvider *dpp, const std::string& role_name, const std::string& tenant, std::string& role_id, optional_yield y) = 0;
+ virtual int read_name(const DoutPrefixProvider *dpp, optional_yield y) = 0;
+ virtual int read_info(const DoutPrefixProvider *dpp, optional_yield y, bool addprefix=true) = 0;
+ bool validate_input(const DoutPrefixProvider* dpp);
+ void extract_name_tenant(const std::string& str);
+
+ RGWRole(std::string name,
+ std::string tenant,
+ std::string path="",
+ std::string trust_policy="",
+ std::string max_session_duration_str="",
+ std::multimap<std::string,std::string> tags={});
+
+ RGWRole(std::string id);
+
+ RGWRole(const RGWRoleInfo& info) : info(info) {}
+
+ RGWRole() = default;
+
+ virtual ~RGWRole() = default;
- void set_id(const std::string& id) { this->id = id; }
- void set_mtime(const real_time& mtime) { this->mtime = mtime; }
+ const std::string& get_id() const { return info.id; }
+ const std::string& get_name() const { return info.name; }
+ const std::string& get_tenant() const { return info.tenant; }
+ const std::string& get_path() const { return info.path; }
+ const std::string& get_create_date() const { return info.creation_date; }
+ const std::string& get_assume_role_policy() const { return info.trust_policy;}
+ const uint64_t& get_max_session_duration() const { return info.max_session_duration; }
+ const RGWObjVersionTracker& get_objv_tracker() const { return info.objv_tracker; }
+ const real_time& get_mtime() const { return info.mtime; }
+ std::map<std::string, bufferlist>& get_attrs() { return info.attrs; }
+ RGWRoleInfo& get_info() { return info; }
+
+ void set_id(const std::string& id) { this->info.id = id; }
+ void set_mtime(const real_time& mtime) { this->info.mtime = mtime; }
virtual int create(const DoutPrefixProvider *dpp, bool exclusive, optional_yield y, bool addprefix=true) = 0;
virtual int delete_obj(const DoutPrefixProvider *dpp, optional_yield y) = 0;
static const std::string& get_info_oid_prefix();
static const std::string& get_path_oid_prefix();
};
-WRITE_CLASS_ENCODER(RGWRole)
-
-struct RGWRoleCompleteInfo {
- RGWRole* info;
- bool has_attrs;
-
- void dump(Formatter *f) const;
- void decode_json(JSONObj *obj);
-};
class RGWRoleMetadataObject: public RGWMetadataObject {
- RGWRoleCompleteInfo rci;
+ RGWRoleInfo info;
+ Store* store;
public:
RGWRoleMetadataObject() = default;
- RGWRoleMetadataObject(const RGWRoleCompleteInfo& _rci,
+ RGWRoleMetadataObject(RGWRoleInfo info,
const obj_version& v,
- real_time m) : RGWMetadataObject(v,m), rci(_rci) {}
+ real_time m,
+ Store* store) : RGWMetadataObject(v,m), info(info), store(store) {}
void dump(Formatter *f) const override {
- rci.dump(f);
+ info.dump(f);
+ }
+
+ RGWRoleInfo& get_role_info() {
+ return info;
}
- RGWRoleCompleteInfo& get_rci() {
- return rci;
+ Store* get_store() {
+ return store;
}
};
class RGWOIDCProvider;
class RGWRole;
class PlacementTier;
+struct RGWRoleInfo;
enum AttrsMod {
ATTRSMOD_NONE = 0,
std::multimap<std::string,std::string> tags={}) = 0;
/** Get an IAM Role by ID */
virtual std::unique_ptr<RGWRole> get_role(std::string id) = 0;
+ virtual std::unique_ptr<RGWRole> get_role(const RGWRoleInfo& info) = 0;
/** Get all IAM Roles optionally filtered by path */
virtual int get_roles(const DoutPrefixProvider *dpp,
optional_yield y,
return std::unique_ptr<RGWRole>(p);
}
+ std::unique_ptr<RGWRole> DBStore::get_role(const RGWRoleInfo& info)
+ {
+ RGWRole* p = nullptr;
+ return std::unique_ptr<RGWRole>(p);
+ }
+
int DBStore::get_roles(const DoutPrefixProvider *dpp,
optional_yield y,
const std::string& path_prefix,
std::string max_session_duration_str="",
std::multimap<std::string,std::string> tags={}) override;
virtual std::unique_ptr<RGWRole> get_role(std::string id) override;
+ virtual std::unique_ptr<RGWRole> get_role(const RGWRoleInfo& info) override;
virtual int get_roles(const DoutPrefixProvider *dpp,
optional_yield y,
const std::string& path_prefix,
return std::unique_ptr<RGWRole>(p);
}
+std::unique_ptr<RGWRole> MotrStore::get_role(const RGWRoleInfo& info)
+{
+ RGWRole* p = nullptr;
+ return std::unique_ptr<RGWRole>(p);
+}
+
std::unique_ptr<RGWRole> MotrStore::get_role(std::string id)
{
RGWRole* p = nullptr;
std::string trust_policy="",
std::string max_session_duration_str="",
std::multimap<std::string, std::string> tags={}) override;
+ virtual std::unique_ptr<RGWRole> get_role(const RGWRoleInfo& info) override;
virtual std::unique_ptr<RGWRole> get_role(std::string id) override;
virtual int get_roles(const DoutPrefixProvider *dpp,
optional_yield y,
return std::make_unique<RadosRole>(this, id);
}
+std::unique_ptr<RGWRole> RadosStore::get_role(const RGWRoleInfo& info)
+{
+ return std::make_unique<RadosRole>(this, info);
+}
+
int RadosStore::get_roles(const DoutPrefixProvider *dpp,
optional_yield y,
const std::string& path_prefix,
std::string oid;
if (addprefix) {
- oid = get_info_oid_prefix() + id;
+ oid = get_info_oid_prefix() + info.id;
} else {
- oid = id;
+ oid = info.id;
}
bufferlist bl;
- encode(*this, bl);
+ encode(this->info, bl);
- if (!this->tags.empty()) {
+ if (!this->info.tags.empty()) {
bufferlist bl_tags;
- encode(this->tags, bl_tags);
- attrs.emplace("tagging", bl_tags);
+ encode(this->info.tags, bl_tags);
+ info.attrs.emplace("tagging", bl_tags);
}
- RGWSI_MBSObj_PutParams params(bl, &attrs, mtime, exclusive);
+ RGWSI_MBSObj_PutParams params(bl, &info.attrs, info.mtime, exclusive);
std::unique_ptr<RGWSI_MetaBackend::Context> ctx(store->svc()->role->svc.meta_be->alloc_ctx());
ctx->init(store->svc()->role->get_be_handler());
- return store->svc()->role->svc.meta_be->put(ctx.get(), oid, params, &objv_tracker, y, dpp);
+ return store->svc()->role->svc.meta_be->put(ctx.get(), oid, params, &info.objv_tracker, y, dpp);
}
int RadosRole::store_name(const DoutPrefixProvider *dpp, bool exclusive, optional_yield y)
{
auto obj_ctx = store->svc()->sysobj->init_obj_ctx();
RGWNameToId nameToId;
- nameToId.obj_id = id;
+ nameToId.obj_id = info.id;
- std::string oid = tenant + get_names_oid_prefix() + name;
+ std::string oid = info.tenant + get_names_oid_prefix() + info.name;
bufferlist bl;
using ceph::encode;
encode(nameToId, bl);
- return rgw_put_system_obj(dpp, obj_ctx, store->svc()->zone->get_zone_params().roles_pool, oid, bl, exclusive, &objv_tracker, real_time(), y);
+ return rgw_put_system_obj(dpp, obj_ctx, store->svc()->zone->get_zone_params().roles_pool, oid, bl, exclusive, &info.objv_tracker, real_time(), y);
}
int RadosRole::store_path(const DoutPrefixProvider *dpp, bool exclusive, optional_yield y)
{
auto obj_ctx = store->svc()->sysobj->init_obj_ctx();
- std::string oid = tenant + get_path_oid_prefix() + path + get_info_oid_prefix() + id;
+ std::string oid = info.tenant + get_path_oid_prefix() + info.path + get_info_oid_prefix() + info.id;
bufferlist bl;
- return rgw_put_system_obj(dpp, obj_ctx, store->svc()->zone->get_zone_params().roles_pool, oid, bl, exclusive, &objv_tracker, real_time(), y);
+ return rgw_put_system_obj(dpp, obj_ctx, store->svc()->zone->get_zone_params().roles_pool, oid, bl, exclusive, &info.objv_tracker, real_time(), y);
}
int RadosRole::read_id(const DoutPrefixProvider *dpp, const std::string& role_name, const std::string& tenant, std::string& role_id, optional_yield y)
{
auto obj_ctx = store->svc()->sysobj->init_obj_ctx();
- std::string oid = tenant + get_names_oid_prefix() + role_name;
+ std::string oid = info.tenant + get_names_oid_prefix() + role_name;
bufferlist bl;
int ret = rgw_get_system_obj(obj_ctx, store->svc()->zone->get_zone_params().roles_pool, oid, bl, nullptr, nullptr, null_yield, dpp);
int RadosRole::read_name(const DoutPrefixProvider *dpp, optional_yield y)
{
auto obj_ctx = store->svc()->sysobj->init_obj_ctx();
- std::string oid = tenant + get_names_oid_prefix() + name;
+ std::string oid = info.tenant + get_names_oid_prefix() + info.name;
bufferlist bl;
int ret = rgw_get_system_obj(obj_ctx, store->svc()->zone->get_zone_params().roles_pool, oid, bl, nullptr, nullptr, null_yield, dpp);
if (ret < 0) {
- ldpp_dout(dpp, 0) << "ERROR: failed reading role name from Role pool: " << name <<
+ ldpp_dout(dpp, 0) << "ERROR: failed reading role name from Role pool: " << info.name <<
": " << cpp_strerror(-ret) << dendl;
return ret;
}
auto iter = bl.cbegin();
decode(nameToId, iter);
} catch (buffer::error& err) {
- ldpp_dout(dpp, 0) << "ERROR: failed to decode role name from Role pool: " << name << dendl;
+ ldpp_dout(dpp, 0) << "ERROR: failed to decode role name from Role pool: " << info.name << dendl;
return -EIO;
}
- id = nameToId.obj_id;
+ info.id = nameToId.obj_id;
return 0;
}
int RadosRole::read_info(const DoutPrefixProvider *dpp, optional_yield y, bool addprefix)
{
- //auto obj_ctx = store->svc()->sysobj->init_obj_ctx();
+ auto obj_ctx = store->svc()->sysobj->init_obj_ctx();
std::string oid;
if (addprefix) {
- oid = get_info_oid_prefix() + id;
+ oid = get_info_oid_prefix() + info.id;
} else {
- oid = id;
+ oid = info.id;
}
bufferlist bl;
- RGWSI_MBSObj_GetParams params(&bl, &attrs, &mtime);
+ RGWSI_MBSObj_GetParams params(&bl, &info.attrs, &info.mtime);
std::unique_ptr<RGWSI_MetaBackend::Context> ctx(store->svc()->role->svc.meta_be->alloc_ctx());
ctx->init(store->svc()->role->get_be_handler());
- int ret = store->svc()->role->svc.meta_be->get_entry(ctx.get(), oid, params, &objv_tracker, y, dpp);
+ int ret = store->svc()->role->svc.meta_be->get_entry(ctx.get(), oid, params, &info.objv_tracker, y, dpp);
if (ret < 0) {
+ ldpp_dout(dpp, 0) << "ERROR: failed reading role info from Role pool: " << info.id << ": " << cpp_strerror(-ret) << dendl;
return ret;
}
#if 0
- int ret = rgw_get_system_obj(obj_ctx, store->get_zone()->get_params().roles_pool, oid, bl, &objv_tracker, &mtime, null_yield, dpp, &attrs, nullptr, boost::none, true);
+ int ret = rgw_get_system_obj(obj_ctx, store->get_zone()->get_params().roles_pool, oid, bl, &info.objv_tracker, &info.mtime, null_yield, dpp, &info.attrs, nullptr, boost::none, true);
if (ret < 0) {
- ldpp_dout(dpp, 0) << "ERROR: failed reading role info from Role pool: " << id << ": " << cpp_strerror(-ret) << dendl;
+ ldpp_dout(dpp, 0) << "ERROR: failed reading role info from Role pool: " << info.id << ": " << cpp_strerror(-ret) << dendl;
return ret;
}
#endif
try {
using ceph::decode;
auto iter = bl.cbegin();
- decode(*this, iter);
+ decode(this->info, iter);
} catch (buffer::error& err) {
- ldpp_dout(dpp, 0) << "ERROR: failed to decode role info from Role pool: " << id << dendl;
+ ldpp_dout(dpp, 0) << "ERROR: failed to decode role info from Role pool: " << info.id << dendl;
return -EIO;
}
- auto it = attrs.find("tagging");
- if (it != attrs.end()) {
+ auto it = info.attrs.find("tagging");
+ if (it != info.attrs.end()) {
bufferlist bl_tags = it->second;
try {
using ceph::decode;
auto iter = bl_tags.cbegin();
- decode(tags, iter);
+ decode(info.tags, iter);
} catch (buffer::error& err) {
- ldpp_dout(dpp, 0) << "ERROR: failed to decode attrs" << id << dendl;
+ ldpp_dout(dpp, 0) << "ERROR: failed to decode attrs" << info.id << dendl;
return -EIO;
}
}
}
/* check to see the name is not used */
- ret = read_id(dpp, name, tenant, id, y);
+ ret = read_id(dpp, info.name, info.tenant, info.id, y);
if (exclusive && ret == 0) {
- ldpp_dout(dpp, 0) << "ERROR: name " << name << " already in use for role id "
- << id << dendl;
+ ldpp_dout(dpp, 0) << "ERROR: name " << info.name << " already in use for role id "
+ << info.id << dendl;
return -EEXIST;
} else if ( ret < 0 && ret != -ENOENT) {
- ldpp_dout(dpp, 0) << "failed reading role id " << id << ": "
+ ldpp_dout(dpp, 0) << "failed reading role id " << info.id << ": "
<< cpp_strerror(-ret) << dendl;
return ret;
}
char uuid_str[37];
new_uuid.generate_random();
new_uuid.print(uuid_str);
- id = uuid_str;
+ info.id = uuid_str;
//arn
- arn = role_arn_prefix + tenant + ":role" + path + name;
+ info.arn = role_arn_prefix + info.tenant + ":role" + info.path + info.name;
// Creation time
real_clock::time_point t = real_clock::now();
gmtime_r(&tv.tv_sec, &result);
strftime(buf,30,"%Y-%m-%dT%H:%M:%S", &result);
sprintf(buf + strlen(buf),".%dZ",(int)tv.tv_usec/1000);
- creation_date.assign(buf, strlen(buf));
+ info.creation_date.assign(buf, strlen(buf));
auto& pool = store->svc()->zone->get_zone_params().roles_pool;
ret = store_info(dpp, exclusive, y, addprefix);
if (ret < 0) {
ldpp_dout(dpp, 0) << "ERROR: storing role info in Role pool: "
- << id << ": " << cpp_strerror(-ret) << dendl;
+ << info.id << ": " << cpp_strerror(-ret) << dendl;
return ret;
}
ret = store_name(dpp, exclusive, y);
if (ret < 0) {
ldpp_dout(dpp, 0) << "ERROR: storing role name in Role pool: "
- << name << ": " << cpp_strerror(-ret) << dendl;
+ << info.name << ": " << cpp_strerror(-ret) << dendl;
//Delete the role info that was stored in the previous call
- std::string oid = get_info_oid_prefix() + id;
+ std::string oid = get_info_oid_prefix() + info.id;
int info_ret = rgw_delete_system_obj(dpp, store->svc()->sysobj, pool, oid, nullptr, y);
if (info_ret < 0) {
ldpp_dout(dpp, 0) << "ERROR: cleanup of role id from Role pool: "
- << id << ": " << cpp_strerror(-info_ret) << dendl;
+ << info.id << ": " << cpp_strerror(-info_ret) << dendl;
}
return ret;
}
ret = store_path(dpp, exclusive, y);
if (ret < 0) {
ldpp_dout(dpp, 0) << "ERROR: storing role path in Role pool: "
- << path << ": " << cpp_strerror(-ret) << dendl;
+ << info.path << ": " << cpp_strerror(-ret) << dendl;
//Delete the role info that was stored in the previous call
- std::string oid = get_info_oid_prefix() + id;
+ std::string oid = get_info_oid_prefix() + info.id;
int info_ret = rgw_delete_system_obj(dpp, store->svc()->sysobj, pool, oid, nullptr, y);
if (info_ret < 0) {
ldpp_dout(dpp, 0) << "ERROR: cleanup of role id from Role pool: "
- << id << ": " << cpp_strerror(-info_ret) << dendl;
+ << info.id << ": " << cpp_strerror(-info_ret) << dendl;
}
//Delete role name that was stored in previous call
- oid = tenant + get_names_oid_prefix() + name;
+ oid = info.tenant + get_names_oid_prefix() + info.name;
int name_ret = rgw_delete_system_obj(dpp, store->svc()->sysobj, pool, oid, nullptr, y);
if (name_ret < 0) {
ldpp_dout(dpp, 0) << "ERROR: cleanup of role name from Role pool: "
- << name << ": " << cpp_strerror(-name_ret) << dendl;
+ << info.name << ": " << cpp_strerror(-name_ret) << dendl;
}
return ret;
}
return ret;
}
- if (! perm_policy_map.empty()) {
+ if (! info.perm_policy_map.empty()) {
return -ERR_DELETE_CONFLICT;
}
// Delete id
- std::string oid = get_info_oid_prefix() + id;
+ std::string oid = get_info_oid_prefix() + info.id;
ret = rgw_delete_system_obj(dpp, store->svc()->sysobj, pool, oid, nullptr, y);
if (ret < 0) {
ldpp_dout(dpp, 0) << "ERROR: deleting role id from Role pool: "
- << id << ": " << cpp_strerror(-ret) << dendl;
+ << info.id << ": " << cpp_strerror(-ret) << dendl;
}
// Delete name
- oid = tenant + get_names_oid_prefix() + name;
+ oid = info.tenant + get_names_oid_prefix() + info.name;
ret = rgw_delete_system_obj(dpp, store->svc()->sysobj, pool, oid, nullptr, y);
if (ret < 0) {
ldpp_dout(dpp, 0) << "ERROR: deleting role name from Role pool: "
- << name << ": " << cpp_strerror(-ret) << dendl;
+ << info.name << ": " << cpp_strerror(-ret) << dendl;
}
// Delete path
- oid = tenant + get_path_oid_prefix() + path + get_info_oid_prefix() + id;
+ oid = info.tenant + get_path_oid_prefix() + info.path + get_info_oid_prefix() + info.id;
ret = rgw_delete_system_obj(dpp, store->svc()->sysobj, pool, oid, nullptr, y);
if (ret < 0) {
ldpp_dout(dpp, 0) << "ERROR: deleting role path from Role pool: "
- << path << ": " << cpp_strerror(-ret) << dendl;
+ << info.path << ": " << cpp_strerror(-ret) << dendl;
}
return ret;
}
std::string max_session_duration_str="",
std::multimap<std::string,std::string> tags={}) override;
virtual std::unique_ptr<RGWRole> get_role(std::string id) override;
+ virtual std::unique_ptr<RGWRole> get_role(const RGWRoleInfo& info) override;
virtual int get_roles(const DoutPrefixProvider *dpp,
optional_yield y,
const std::string& path_prefix,
std::string max_session_duration,
std::multimap<std::string,std::string> tags) : RGWRole(name, tenant, path, trust_policy, max_session_duration, tags), store(_store) {}
RadosRole(RadosStore* _store, std::string id) : RGWRole(id), store(_store) {}
+ RadosRole(RadosStore* _store, const RGWRoleInfo& info) : RGWRole(info), store(_store) {}
RadosRole(RadosStore* _store) : store(_store) {}
~RadosRole() = default;
projects / ceph.git / commitdiff