rgw: can set negative max_buckets on RGWUserInfo

This can be used to disable user's bucket creation

Fixes: http://tracker.ceph.com/issues/14534
Signed-off-by: Yehuda Sadeh <yehuda@redhat.com>

diff --git a/src/common/config_opts.h b/src/common/config_opts.h
index ae0e20772a5ed2b62c88e93648d0e119a04f119b..267aff753df09ddb50ac891f9b27d2819e21c216 100644 (file)
--- a/src/common/config_opts.h
+++ b/src/common/config_opts.h
@@ -1411,7 +1411,7 @@ OPTION(rgw_multipart_part_upload_limit, OPT_INT, 10000) // parts limit in multip
 OPTION(rgw_max_slo_entries, OPT_INT, 1000) // default number of max entries in slo
 
 OPTION(rgw_olh_pending_timeout_sec, OPT_INT, 3600) // time until we retire a pending olh change
-OPTION(rgw_user_max_buckets, OPT_U32, 1000) // global option to set max buckets count for all user
+OPTION(rgw_user_max_buckets, OPT_INT, 1000) // global option to set max buckets count for all user
 
 OPTION(rgw_objexp_gc_interval, OPT_U32, 60 * 10) // maximum time between round of expired objects garbage collecting
 OPTION(rgw_objexp_time_step, OPT_U32, 4096) // number of seconds for rounding the timestamps

diff --git a/src/rgw/rgw_admin.cc b/src/rgw/rgw_admin.cc
index 520fcc7986a858d050330fa91097b3641f0c3026..7a43cdfcfbe70c2230ce827f391604564ac73e80 100644 (file)
--- a/src/rgw/rgw_admin.cc
+++ b/src/rgw/rgw_admin.cc
@@ -2009,6 +2009,7 @@ int main(int argc, char **argv)
   int remove_bad = false;
   int check_head_obj_locator = false;
   int max_buckets = -1;
+  bool max_buckets_specified = false;
   map<string, bool> categories;
   string caps;
   int check_objects = false;
@@ -2147,6 +2148,7 @@ int main(int argc, char **argv)
         cerr << "ERROR: failed to parse max buckets: " << err << std::endl;
         return EINVAL;
       }
+      max_buckets_specified = true;
     } else if (ceph_argparse_witharg(args, i, &val, "--max-entries", (char*)NULL)) {
       max_entries = (int)strict_strtol(val.c_str(), 10, &err);
       if (!err.empty()) {
@@ -3636,7 +3638,7 @@ int main(int argc, char **argv)
   if (gen_secret_key)
     user_op.set_gen_secret(); // assume that a key pair should be created
 
-  if (max_buckets >= 0)
+  if (max_buckets_specified)
     user_op.set_max_buckets(max_buckets);
 
   if (system_specified)

diff --git a/src/rgw/rgw_common.h b/src/rgw/rgw_common.h
index 11948c5b3c7f70e12e735b31e22cd149f4f7a601..5841962aae4ee7bc915415384adb2513bacd5814 100644 (file)
--- a/src/rgw/rgw_common.h
+++ b/src/rgw/rgw_common.h
@@ -539,7 +539,7 @@ struct RGWUserInfo
   map<string, RGWAccessKey> swift_keys;
   map<string, RGWSubUser> subusers;
   __u8 suspended;
-  uint32_t max_buckets;
+  int32_t max_buckets;
   uint32_t op_mask;
   RGWUserCaps caps;
   __u8 system;

diff --git a/src/rgw/rgw_op.cc b/src/rgw/rgw_op.cc
index 082d128b816f18a9abe7d104b3b412919a701708..61983fd4a65464487116ecbd729dd0804c662de6 100644 (file)
--- a/src/rgw/rgw_op.cc
+++ b/src/rgw/rgw_op.cc
@@ -1793,6 +1793,9 @@ int RGWCreateBucket::verify_permission()
       << dendl;
     return -EACCES;
   }
+  if (s->user->max_buckets < 0) {
+    return -EPERM;
+  }
 
   if (s->user->max_buckets) {
     RGWUserBuckets buckets;

diff --git a/src/rgw/rgw_rest_user.cc b/src/rgw/rgw_rest_user.cc
index 2547c6639329e29e72f1dcaf55615a4f1203f5d7..e72f5acb5acb2ad68ebdcbd77b8fbb3e87484d54 100644 (file)
--- a/src/rgw/rgw_rest_user.cc
+++ b/src/rgw/rgw_rest_user.cc
@@ -82,8 +82,8 @@ void RGWOp_User_Create::execute()
   bool system;
   bool exclusive;
 
-  uint32_t max_buckets;
-  uint32_t default_max_buckets = s->cct->_conf->rgw_user_max_buckets;
+  int32_t max_buckets;
+  int32_t default_max_buckets = s->cct->_conf->rgw_user_max_buckets;
 
   RGWUserAdminOpState op_state;
 
@@ -98,7 +98,7 @@ void RGWOp_User_Create::execute()
   RESTArgs::get_string(s, "user-caps", caps, &caps);
   RESTArgs::get_bool(s, "generate-key", true, &gen_key);
   RESTArgs::get_bool(s, "suspended", false, &suspended);
-  RESTArgs::get_uint32(s, "max-buckets", default_max_buckets, &max_buckets);
+  RESTArgs::get_int32(s, "max-buckets", default_max_buckets, &max_buckets);
   RESTArgs::get_bool(s, "system", false, &system);
   RESTArgs::get_bool(s, "exclusive", false, &exclusive);
 
@@ -183,7 +183,7 @@ void RGWOp_User_Modify::execute()
   bool suspended;
   bool system;
 
-  uint32_t max_buckets;
+  int32_t max_buckets;
 
   RGWUserAdminOpState op_state;
 
@@ -197,7 +197,7 @@ void RGWOp_User_Modify::execute()
   RESTArgs::get_string(s, "user-caps", caps, &caps);
   RESTArgs::get_bool(s, "generate-key", false, &gen_key);
   RESTArgs::get_bool(s, "suspended", false, &suspended);
-  RESTArgs::get_uint32(s, "max-buckets", RGW_DEFAULT_MAX_BUCKETS, &max_buckets);
+  RESTArgs::get_int32(s, "max-buckets", RGW_DEFAULT_MAX_BUCKETS, &max_buckets);
   RESTArgs::get_string(s, "key-type", key_type_str, &key_type_str);
 
   RESTArgs::get_bool(s, "system", false, &system);

diff --git a/src/rgw/rgw_user.h b/src/rgw/rgw_user.h
index 4ede53c677b1717b7a7aa993e8d4ca2f192e4ddd..269ae90dc30fadc8ff575bcc93c3e87580ca5eee 100644 (file)
--- a/src/rgw/rgw_user.h
+++ b/src/rgw/rgw_user.h
@@ -157,7 +157,7 @@ struct RGWUserAdminOpState {
   rgw_user user_id;
   std::string user_email;
   std::string display_name;
-  uint32_t max_buckets;
+  int32_t max_buckets;
   __u8 suspended;
   __u8 system;
   __u8 exclusive;
@@ -335,7 +335,7 @@ struct RGWUserAdminOpState {
     info = user_info;
   }
 
-  void set_max_buckets(uint32_t mb) {
+  void set_max_buckets(int32_t mb) {
     max_buckets = mb;
     max_buckets_specified = true;
   }
@@ -410,7 +410,7 @@ struct RGWUserAdminOpState {
   __u8 get_suspension_status() { return suspended; }
   int32_t get_key_type() {return key_type; }
   uint32_t get_subuser_perm() { return perm_mask; }
-  uint32_t get_max_buckets() { return max_buckets; }
+  int32_t get_max_buckets() { return max_buckets; }
   uint32_t get_op_mask() { return op_mask; }
   RGWQuotaInfo& get_bucket_quota() { return bucket_quota; }
   RGWQuotaInfo& get_user_quota() { return user_quota; }