&OpenIDConnectProviderArn=arn:aws:iam:::oidc-provider/localhost:8080/auth/realms/quickstart
&ClientID=app-jee-jsp"
+RemoveClientIDFromOpenIDConnectProvider
+----------------------------------
+
+Remove a client id from the list of existing client ids registered while creating an OpenIDConnectProvider.
+
+Request Parameters
+~~~~~~~~~~~~~~~~~~
+
+``OpenIDConnectProviderArn``
+
+:Description: ARN of the IDP which is returned by the Create API.
+:Type: String
+
+``ClientID``
+
+:Description: Client ID to remove from the existing OpenIDConnectProvider.
+:Type: String
+
+Example::
+ POST "<hostname>?Action=Action=RemoveClientIDFromOpenIDConnectProvider
+ &OpenIDConnectProviderArn=arn:aws:iam:::oidc-provider/localhost:8080/auth/realms/quickstart
+ &ClientID=app-jee-jsp"
+
UpdateOpenIDConnectProviderThumbprint
-------------------------------------
Example::
POST "<hostname>?Action=Action=UpdateOpenIDConnectProviderThumbprint
&OpenIDConnectProviderArn=arn:aws:iam:::oidc-provider/localhost:8080/auth/realms/quickstart
- &&ThumbprintList.list.1=ABCDB3515DD0D319DD219A43A9EA727AD6061234"
\ No newline at end of file
+ &&ThumbprintList.list.1=ABCDB3515DD0D319DD219A43A9EA727AD6061234"
case RGW_OP_GET_OIDC_PROVIDER:
case RGW_OP_LIST_OIDC_PROVIDERS:
case RGW_OP_ADD_CLIENTID_TO_OIDC_PROVIDER:
+ case RGW_OP_REMOVE_CLIENTID_FROM_OIDC_PROVIDER:
case RGW_OP_UPDATE_OIDC_PROVIDER_THUMBPRINT:
case RGW_OP_PUBSUB_TOPIC_CREATE:
case RGW_OP_PUBSUB_TOPICS_LIST:
{ "iam:GetOIDCProvider", iamGetOIDCProvider},
{ "iam:ListOIDCProviders", iamListOIDCProviders},
{ "iam:AddClientIdToOIDCProvider", iamAddClientIdToOIDCProvider},
+ { "iam:RemoveCientIdFromOIDCProvider", iamRemoveClientIdFromOIDCProvider},
{ "iam:UpdateOIDCProviderThumbprint", iamUpdateOIDCProviderThumbprint},
{ "iam:TagRole", iamTagRole},
{ "iam:ListRoleTags", iamListRoleTags},
case iamAddClientIdToOIDCProvider:
return "iam:AddClientIdToOIDCProvider";
+ case iamRemoveClientIdFromOIDCProvider:
+ return "iam:RemoveClientIdFromOIDCProvider";
+
case iamUpdateOIDCProviderThumbprint:
return "iam:UpdateOIDCProviderThumbprint";
iamGetOIDCProvider,
iamListOIDCProviders,
iamAddClientIdToOIDCProvider,
+ iamRemoveClientIdFromOIDCProvider,
iamUpdateOIDCProviderThumbprint,
iamTagRole,
iamListRoleTags,
RGW_OP_GET_OIDC_PROVIDER,
RGW_OP_LIST_OIDC_PROVIDERS,
RGW_OP_ADD_CLIENTID_TO_OIDC_PROVIDER,
+ RGW_OP_REMOVE_CLIENTID_FROM_OIDC_PROVIDER,
RGW_OP_UPDATE_OIDC_PROVIDER_THUMBPRINT,
};
{"GetOpenIDConnectProvider", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWGetOIDCProvider;}},
{"DeleteOpenIDConnectProvider", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWDeleteOIDCProvider;}},
{"AddClientIDToOpenIDConnectProvider", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWAddClientIdToOIDCProvider;}},
+ {"RemoveClientIDFromOpenIDConnectProvider", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWRemoveCientIdFromOIDCProvider;}},
{"UpdateOpenIDConnectProviderThumbprint", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWUpdateOIDCProviderThumbprint;}},
{"TagRole", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWTagRole(bl_post_body);}},
{"ListRoleTags", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWListRoleTags;}},
}
}
+RGWRemoveCientIdFromOIDCProvider::RGWRemoveCientIdFromOIDCProvider()
+ : RGWRestOIDCProvider(rgw::IAM::iamRemoveClientIdFromOIDCProvider, RGW_CAP_WRITE)
+{
+}
+
+int RGWRemoveCientIdFromOIDCProvider::init_processing(optional_yield y)
+{
+ std::string_view account;
+ if (const auto& acc = s->auth.identity->get_account(); acc) {
+ account = acc->id;
+ } else {
+ account = s->user->get_tenant();
+ }
+ std::string provider_arn = s->info.args.get("OpenIDConnectProviderArn");
+ auto ret = validate_provider_arn(provider_arn, account,
+ resource, url, s->err.message);
+ if (ret < 0) {
+ return ret;
+ }
+
+ client_id = s->info.args.get("ClientID");
+
+ if (client_id.empty()) {
+ s->err.message = "Missing required element ClientID";
+ ldpp_dout(this, 20) << "ERROR: ClientID is empty" << dendl;
+ return -EINVAL;
+ }
+
+ if (client_id.size() > MAX_OIDC_CLIENT_ID_LEN) {
+ s->err.message = "ClientID cannot exceed the maximum length of "
+ + std::to_string(MAX_OIDC_CLIENT_ID_LEN);
+ ldpp_dout(this, 20) << "ERROR: ClientID length exceeded " << MAX_OIDC_CLIENT_ID_LEN << dendl;
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
+void RGWRemoveCientIdFromOIDCProvider::execute(optional_yield y)
+{
+ RGWOIDCProviderInfo info;
+ op_ret = driver->load_oidc_provider(this, y, resource.account, url, info);
+
+ if (op_ret < 0) {
+ if (op_ret != -ENOENT && op_ret != -EINVAL) {
+ op_ret = ERR_INTERNAL_ERROR;
+ }
+ return;
+ }
+
+ auto position = std::find(info.client_ids.begin(), info.client_ids.end(), client_id);
+
+ if(position != info.client_ids.end()) {
+ info.client_ids.erase(position);
+ constexpr bool exclusive = false;
+ op_ret = driver->store_oidc_provider(this, y, info, exclusive);
+ }
+
+ if (op_ret == 0) {
+ op_ret = 0;
+ s->formatter->open_object_section("RemoveClientIDFromOpenIDConnectProviderResponse");
+ s->formatter->open_object_section("ResponseMetadata");
+ s->formatter->dump_string("RequestId", s->trans_id);
+ s->formatter->close_section();
+ s->formatter->open_object_section("RemoveClientIDFromOpenIDConnectProviderResponse");
+ dump_oidc_provider(info, s->formatter);
+ s->formatter->close_section();
+ s->formatter->close_section();
+ }
+}
+
RGWUpdateOIDCProviderThumbprint::RGWUpdateOIDCProviderThumbprint()
: RGWRestOIDCProvider(rgw::IAM::iamUpdateOIDCProviderThumbprint, RGW_CAP_WRITE)
{
RGWOpType get_type() override { return RGW_OP_ADD_CLIENTID_TO_OIDC_PROVIDER; }
};
+class RGWRemoveCientIdFromOIDCProvider : public RGWRestOIDCProvider {
+ std::string url;
+ std::string client_id;
+public:
+ RGWRemoveCientIdFromOIDCProvider();
+
+ int init_processing(optional_yield y);
+ void execute(optional_yield y) override;
+ const char* name() const override { return "remove_client_id_from_oidc_provider"; }
+ RGWOpType get_type() override { return RGW_OP_REMOVE_CLIENTID_FROM_OIDC_PROVIDER; }
+};
+
class RGWUpdateOIDCProviderThumbprint : public RGWRestOIDCProvider {
std::string url;
std::vector<std::string> thumbprints;
projects / ceph.git / commitdiff