}
std::string admin_token;
- if (rgw::keystone::Service::get_admin_token(cct, token_cache, config,
+ if (rgw::keystone::Service::get_admin_token(dpp, cct, token_cache, config,
admin_token) < 0) {
throw -EINVAL;
}
<< ", body=" << token_body_bl.c_str() << dendl;
TokenEngine::token_envelope_t token_body;
- ret = token_body.parse(cct, token, token_body_bl, config.get_api_version());
+ ret = token_body.parse(dpp, cct, token, token_body_bl, config.get_api_version());
if (ret < 0) {
throw ret;
}
/* get authentication token for Keystone. */
std::string admin_token;
- int ret = rgw::keystone::Service::get_admin_token(cct, token_cache, config,
+ int ret = rgw::keystone::Service::get_admin_token(dpp, cct, token_cache, config,
admin_token);
if (ret < 0) {
ldpp_dout(dpp, 2) << "s3 keystone: cannot get token for keystone access"
/* now parse response */
rgw::keystone::TokenEnvelope token_envelope;
- ret = token_envelope.parse(cct, std::string(), token_body_bl, api_version);
+ ret = token_envelope.parse(dpp, cct, std::string(), token_body_bl, api_version);
if (ret < 0) {
ldpp_dout(dpp, 2) << "s3 keystone: token parsing failed, ret=0" << ret
<< dendl;
/* get authentication token for Keystone. */
std::string admin_token;
- int ret = rgw::keystone::Service::get_admin_token(cct, token_cache, config,
+ int ret = rgw::keystone::Service::get_admin_token(dpp, cct, token_cache, config,
admin_token);
if (ret < 0) {
ldpp_dout(dpp, 2) << "s3 keystone: cannot get token for keystone access"
return empty;
}
-int Service::get_admin_token(CephContext* const cct,
+int Service::get_admin_token(const DoutPrefixProvider *dpp,
+ CephContext* const cct,
TokenCache& token_cache,
const Config& config,
std::string& token)
/* Try cache first before calling Keystone for a new admin token. */
if (token_cache.find_admin(t)) {
- ldout(cct, 20) << "found cached admin token" << dendl;
+ ldpp_dout(dpp, 20) << "found cached admin token" << dendl;
token = t.token.id;
return 0;
}
/* Call Keystone now. */
- const auto ret = issue_admin_token_request(cct, config, t);
+ const auto ret = issue_admin_token_request(dpp, cct, config, t);
if (! ret) {
token_cache.add_admin(t);
token = t.token.id;
return ret;
}
-int Service::issue_admin_token_request(CephContext* const cct,
+int Service::issue_admin_token_request(const DoutPrefixProvider *dpp,
+ CephContext* const cct,
const Config& config,
TokenEnvelope& t)
{
return -EACCES;
}
- if (t.parse(cct, token_req.get_subject_token(), token_bl,
+ if (t.parse(dpp, cct, token_req.get_subject_token(), token_bl,
keystone_version) != 0) {
return -EINVAL;
}
return 0;
}
-int Service::get_keystone_barbican_token(CephContext * const cct,
+int Service::get_keystone_barbican_token(const DoutPrefixProvider *dpp,
+ CephContext * const cct,
std::string& token)
{
using keystone_config_t = rgw::keystone::CephCtxConfig;
/* Try cache first. */
if (token_cache.find_barbican(t)) {
- ldout(cct, 20) << "found cached barbican token" << dendl;
+ ldpp_dout(dpp, 20) << "found cached barbican token" << dendl;
token = t.token.id;
return 0;
}
token_req.set_url(token_url);
- ldout(cct, 20) << "Requesting secret from barbican url=" << token_url << dendl;
+ ldpp_dout(dpp, 20) << "Requesting secret from barbican url=" << token_url << dendl;
const int ret = token_req.process(null_yield);
if (ret < 0) {
- ldout(cct, 20) << "Barbican process error:" << token_bl.c_str() << dendl;
+ ldpp_dout(dpp, 20) << "Barbican process error:" << token_bl.c_str() << dendl;
return ret;
}
return -EACCES;
}
- if (t.parse(cct, token_req.get_subject_token(), token_bl,
+ if (t.parse(dpp, cct, token_req.get_subject_token(), token_bl,
keystone_version) != 0) {
return -EINVAL;
}
return false;
}
-int TokenEnvelope::parse(CephContext* const cct,
+int TokenEnvelope::parse(const DoutPrefixProvider *dpp,
+ CephContext* const cct,
const std::string& token_str,
ceph::bufferlist& bl,
const ApiVersion version)
{
JSONParser parser;
if (! parser.parse(bl.c_str(), bl.length())) {
- ldout(cct, 0) << "Keystone token parse error: malformed json" << dendl;
+ ldpp_dout(dpp, 0) << "Keystone token parse error: malformed json" << dendl;
return -EINVAL;
}
return -ENOTSUP;
}
} catch (const JSONDecoder::err& err) {
- ldout(cct, 0) << "Keystone token parse error: " << err.what() << dendl;
+ ldpp_dout(dpp, 0) << "Keystone token parse error: " << err.what() << dendl;
return -EINVAL;
}
add_locked(barbican_token_id, token);
}
-void TokenCache::invalidate(const std::string& token_id)
+void TokenCache::invalidate(const DoutPrefixProvider *dpp, const std::string& token_id)
{
std::lock_guard l{lock};
map<string, token_entry>::iterator iter = tokens.find(token_id);
if (iter == tokens.end())
return;
- ldout(cct, 20) << "invalidating revoked token id=" << token_id << dendl;
+ ldpp_dout(dpp, 20) << "invalidating revoked token id=" << token_id << dendl;
token_entry& e = iter->second;
tokens_lru.erase(e.lru_iter);
tokens.erase(iter);
typedef RGWKeystoneHTTPTransceiver RGWValidateKeystoneToken;
typedef RGWKeystoneHTTPTransceiver RGWGetKeystoneAdminToken;
- static int get_admin_token(CephContext* const cct,
+ static int get_admin_token(const DoutPrefixProvider *dpp,
+ CephContext* const cct,
TokenCache& token_cache,
const Config& config,
std::string& token);
- static int issue_admin_token_request(CephContext* const cct,
+ static int issue_admin_token_request(const DoutPrefixProvider *dpp,
+ CephContext* const cct,
const Config& config,
TokenEnvelope& token);
- static int get_keystone_barbican_token(CephContext * const cct,
+ static int get_keystone_barbican_token(const DoutPrefixProvider *dpp,
+ CephContext * const cct,
std::string& token);
};
const uint64_t now = ceph_clock_now().sec();
return now >= static_cast<uint64_t>(get_expires());
}
- int parse(CephContext* cct,
+ int parse(const DoutPrefixProvider *dpp, CephContext* cct,
const std::string& token_str,
ceph::buffer::list& bl /* in */,
ApiVersion version);
void add(const std::string& token_id, const TokenEnvelope& token);
void add_admin(const TokenEnvelope& token);
void add_barbican(const TokenEnvelope& token);
- void invalidate(const std::string& token_id);
+ void invalidate(const DoutPrefixProvider *dpp, const std::string& token_id);
bool going_down() const;
private:
void add_locked(const std::string& token_id, const TokenEnvelope& token);
return res;
}
-static int get_actual_key_from_barbican(CephContext *cct,
+static int get_actual_key_from_barbican(const DoutPrefixProvider *dpp,
+ CephContext *cct,
std::string_view key_id,
std::string& actual_key)
{
int res = 0;
std::string token;
- if (rgw::keystone::Service::get_keystone_barbican_token(cct, token) < 0) {
- ldout(cct, 5) << "Failed to retrieve token for Barbican" << dendl;
+ if (rgw::keystone::Service::get_keystone_barbican_token(dpp, cct, token) < 0) {
+ ldpp_dout(dpp, 5) << "Failed to retrieve token for Barbican" << dendl;
return -EINVAL;
}
res = request_key_from_barbican(cct, key_id, token, actual_key);
if (res != 0) {
- ldout(cct, 5) << "Failed to retrieve secret from Barbican:" << key_id << dendl;
+ ldpp_dout(dpp, 5) << "Failed to retrieve secret from Barbican:" << key_id << dendl;
}
return res;
}
}
-int reconstitute_actual_key_from_kms(const DoutPrefixProvider* dpp,
- CephContext *cct,
+int reconstitute_actual_key_from_kms(const DoutPrefixProvider *dpp, CephContext *cct,
map<string, bufferlist>& attrs,
std::string& actual_key)
{
ldpp_dout(dpp, 20) << "SSE-KMS backend is " << kms_backend << dendl;
if (RGW_SSE_KMS_BACKEND_BARBICAN == kms_backend) {
- return get_actual_key_from_barbican(cct, key_id, actual_key);
+ return get_actual_key_from_barbican(dpp, cct, key_id, actual_key);
}
if (RGW_SSE_KMS_BACKEND_VAULT == kms_backend) {
return -EINVAL;
}
-int make_actual_key_from_kms(const DoutPrefixProvider* dpp,
- CephContext *cct,
+int make_actual_key_from_kms(const DoutPrefixProvider *dpp, CephContext *cct,
map<string, bufferlist>& attrs,
std::string& actual_key)
{
* TODO
* \return
*/
-int make_actual_key_from_kms(const DoutPrefixProvider* dpp,
- CephContext *cct,
+int make_actual_key_from_kms(const DoutPrefixProvider *dpp, CephContext *cct,
std::map<std::string, bufferlist>& attrs,
std::string& actual_key);
-int reconstitute_actual_key_from_kms(const DoutPrefixProvider* dpp,
- CephContext *cct,
+int reconstitute_actual_key_from_kms(const DoutPrefixProvider *dpp, CephContext *cct,
std::map<std::string, bufferlist>& attrs,
std::string& actual_key);
projects / ceph.git / commitdiff