rgw/iam: adds implementation for iam AddClientIdToOIDCProvider.

author Pritha Srivastava <prsrivas@redhat.com>

Tue, 10 Oct 2023 10:20:52 +0000 (15:50 +0530)

committer Pritha Srivastava <prsrivas@redhat.com>

Thu, 22 Aug 2024 04:37:02 +0000 (10:07 +0530)
author Pritha Srivastava <prsrivas@redhat.com>
Tue, 10 Oct 2023 10:20:52 +0000 (15:50 +0530)
committer Pritha Srivastava <prsrivas@redhat.com>
Thu, 22 Aug 2024 04:37:02 +0000 (10:07 +0530)
diff --git a/src/rgw/rgw_iam_policy.cc b/src/rgw/rgw_iam_policy.cc

index 1901c6f87cbde383f9542645f3d30feb66e2c74f..b45a9ac3f733b21b1585502a3cf9895b3a78bce8 100644 (file)
--- a/src/rgw/rgw_iam_policy.cc
+++ b/src/rgw/rgw_iam_policy.cc
@@ -160,6 +160,7 @@ static const actpair actpairs[] =
   { "iam:DeleteOIDCProvider", iamDeleteOIDCProvider},
   { "iam:GetOIDCProvider", iamGetOIDCProvider},
   { "iam:ListOIDCProviders", iamListOIDCProviders},
+ { "iam:AddClientIdToOIDCProvider", iamAddClientIdToOIDCProvider},
   { "iam:TagRole", iamTagRole},
   { "iam:ListRoleTags", iamListRoleTags},
   { "iam:UntagRole", iamUntagRole},
@@ -1550,6 +1551,9 @@ const char* action_bit_string(uint64_t action) {
    case iamListOIDCProviders:
      return "iam:ListOIDCProviders";
  
+  case iamAddClientIdToOIDCProvider:
+    return "iam:AddClientIdToOIDCProvider";
+
    case iamTagRole:
      return "iam:TagRole";
  
diff --git a/src/rgw/rgw_iam_policy.h b/src/rgw/rgw_iam_policy.h

index 262aeb69149726a51588f80f561431869fe54069..4c452462e4bf0397f1a9a8d90c570ff10ea638c7 100644 (file)
--- a/src/rgw/rgw_iam_policy.h
+++ b/src/rgw/rgw_iam_policy.h
@@ -143,6 +143,7 @@ enum {
    iamDeleteOIDCProvider,
    iamGetOIDCProvider,
    iamListOIDCProviders,
+  iamAddClientIdToOIDCProvider,
    iamTagRole,
    iamListRoleTags,
    iamUntagRole,
diff --git a/src/rgw/rgw_op_type.h b/src/rgw/rgw_op_type.h

index fc661b51dbe945e43a27b8d1874d79e5a1c8f5f9..b9f0b78506015ae0fa5b99853aac085c8cbcfa75 100644 (file)
--- a/src/rgw/rgw_op_type.h
+++ b/src/rgw/rgw_op_type.h
@@ -161,5 +161,6 @@ enum RGWOpType {
    RGW_OP_DELETE_OIDC_PROVIDER,
    RGW_OP_GET_OIDC_PROVIDER,
    RGW_OP_LIST_OIDC_PROVIDERS,
+  RGW_OP_ADD_CLIENTID_TO_OIDC_PROVIDER,
  };
  
diff --git a/src/rgw/rgw_rest_iam.cc b/src/rgw/rgw_rest_iam.cc

index c6f5a584c70a936a879f7304c61f7e4ffd9a7bd4..4c77bc71fa31fee55587c2fa88d8c84e30db4493 100644 (file)
--- a/src/rgw/rgw_rest_iam.cc
+++ b/src/rgw/rgw_rest_iam.cc
@@ -45,6 +45,7 @@ static const std::unordered_map<std::string_view, op_generator> op_generators =
    {"ListOpenIDConnectProviders", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWListOIDCProviders;}},
    {"GetOpenIDConnectProvider", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWGetOIDCProvider;}},
    {"DeleteOpenIDConnectProvider", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWDeleteOIDCProvider;}},
+  {"AddClientIDToOpenIDConnectProvider", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWAddClientIdToOIDCProvider;}},
    {"TagRole", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWTagRole(bl_post_body);}},
    {"ListRoleTags", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWListRoleTags;}},
    {"UntagRole", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWUntagRole(bl_post_body);}},
diff --git a/src/rgw/rgw_rest_oidc_provider.cc b/src/rgw/rgw_rest_oidc_provider.cc

index 70191879ad1fac404e11205f4735d86a927651c0..d29188bba2748e87c8b44ae7f3a2e99c6663b0ca 100644 (file)
--- a/src/rgw/rgw_rest_oidc_provider.cc
+++ b/src/rgw/rgw_rest_oidc_provider.cc
@@ -333,3 +333,75 @@ void RGWListOIDCProviders::execute(optional_yield y)
      s->formatter->close_section();
    }
  }
+
+RGWAddClientIdToOIDCProvider::RGWAddClientIdToOIDCProvider()
+  : RGWRestOIDCProvider(rgw::IAM::iamAddClientIdToOIDCProvider, RGW_CAP_WRITE)
+{
+}
+
+int RGWAddClientIdToOIDCProvider::init_processing(optional_yield y)
+{
+  std::string_view account;
+  if (const auto& acc = s->auth.identity->get_account(); acc) {
+    account = acc->id;
+  } else {
+    account = s->user->get_tenant();
+  }
+  std::string provider_arn = s->info.args.get("OpenIDConnectProviderArn");
+  auto ret = validate_provider_arn(provider_arn, account,
+                               resource, url, s->err.message);
+  if (ret < 0) {
+    return ret;
+  }
+
+  client_id = s->info.args.get("ClientID");
+
+  if (client_id.empty()) {
+    s->err.message = "Missing required element ClientID";
+    ldpp_dout(this, 20) << "ERROR: ClientID is empty" << dendl;
+    return -EINVAL;
+  }
+
+  if (client_id.size() > MAX_OIDC_CLIENT_ID_LEN) {
+    s->err.message = "ClientID cannot exceed the maximum length of "
+        + std::to_string(MAX_OIDC_CLIENT_ID_LEN);
+    ldpp_dout(this, 20) << "ERROR: ClientID length exceeded " << MAX_OIDC_CLIENT_ID_LEN << dendl;
+    return -EINVAL;
+  }
+
+  return 0;
+}
+
+void RGWAddClientIdToOIDCProvider::execute(optional_yield y)
+{
+  RGWOIDCProviderInfo info;
+  op_ret = driver->load_oidc_provider(this, y, resource.account, url, info);
+
+  if (op_ret < 0) {
+    if (op_ret != -ENOENT && op_ret != -EINVAL) {
+      op_ret = ERR_INTERNAL_ERROR;
+    }
+    return;
+  }
+
+  if(std::find(info.client_ids.begin(), info.client_ids.end(), client_id) != info.client_ids.end()) {
+    op_ret = -EEXIST;
+  } else {
+
+    info.client_ids.emplace_back(client_id);
+
+    constexpr bool exclusive = false;
+    op_ret = driver->store_oidc_provider(this, y, info, exclusive);
+  }
+  if (op_ret == 0 || op_ret == -EEXIST) {
+    op_ret = 0;
+    s->formatter->open_object_section("AddClientIDToOpenIDConnectProviderResponse");
+    s->formatter->open_object_section("ResponseMetadata");
+    s->formatter->dump_string("RequestId", s->trans_id);
+    s->formatter->close_section();
+    s->formatter->open_object_section("AddClientIDToOpenIDConnectProviderResponse");
+    dump_oidc_provider(info, s->formatter);
+    s->formatter->close_section();
+    s->formatter->close_section();
+  }
+}
diff --git a/src/rgw/rgw_rest_oidc_provider.h b/src/rgw/rgw_rest_oidc_provider.h

index 192906ab4985b3af4815c6c311c48dc7272ab68e..9a49ed7dafb75868ca63e755d8360d13be633757 100644 (file)
--- a/src/rgw/rgw_rest_oidc_provider.h
+++ b/src/rgw/rgw_rest_oidc_provider.h
@@ -62,3 +62,15 @@ class RGWListOIDCProviders : public RGWRestOIDCProvider {
    const char* name() const override { return "list_oidc_providers"; }
    RGWOpType get_type() override { return RGW_OP_LIST_OIDC_PROVIDERS; }
  };
+
+class RGWAddClientIdToOIDCProvider : public RGWRestOIDCProvider {
+  std::string url;
+  std::string client_id;
+public:
+  RGWAddClientIdToOIDCProvider();
+
+  int init_processing(optional_yield y);
+  void execute(optional_yield y) override;
+  const char* name() const override { return "add_client_id_to_oidc_provider"; }
+  RGWOpType get_type() override { return RGW_OP_ADD_CLIENTID_TO_OIDC_PROVIDER; }
+};
+\ No newline at end of file
author	Pritha Srivastava <prsrivas@redhat.com>
	Tue, 10 Oct 2023 10:20:52 +0000 (15:50 +0530)
committer	Pritha Srivastava <prsrivas@redhat.com>
	Thu, 22 Aug 2024 04:37:02 +0000 (10:07 +0530)
src/rgw/rgw_iam_policy.cc		patch \| blob \| history
src/rgw/rgw_iam_policy.h		patch \| blob \| history
src/rgw/rgw_op_type.h		patch \| blob \| history
src/rgw/rgw_rest_iam.cc		patch \| blob \| history
src/rgw/rgw_rest_oidc_provider.cc		patch \| blob \| history
src/rgw/rgw_rest_oidc_provider.h		patch \| blob \| history