RGWObjectCtx rados_ctx(store, s); // XXX holds std::map
- auto sysobj_ctx = static_cast<rgw::sal::RGWRadosStore*>(store)->svc()->sysobj->init_obj_ctx();
- s->sysobj_ctx = &sysobj_ctx;
-
/* XXX and -then- stash req_state pointers everywhere they are needed */
ret = req->init(rgw_env, &rados_ctx, io, s);
if (ret < 0) {
cerr << "failed to parse policy: " << e.what() << std::endl;
return -EINVAL;
}
- RGWRole role(g_ceph_context, store->get_ctl(), role_name, path, assume_role_doc, tenant);
+ RGWRole role(g_ceph_context, store, role_name, path, assume_role_doc, tenant);
ret = role.create(dpp(), true, null_yield);
if (ret < 0) {
return -ret;
cerr << "ERROR: empty role name" << std::endl;
return -EINVAL;
}
- RGWRole role(g_ceph_context, store->get_ctl(), role_name, tenant);
+ RGWRole role(g_ceph_context, store, role_name, tenant);
ret = role.delete_obj(dpp(), null_yield);
if (ret < 0) {
return -ret;
cerr << "ERROR: empty role name" << std::endl;
return -EINVAL;
}
- RGWRole role(g_ceph_context, store->get_ctl(), role_name, tenant);
+ RGWRole role(g_ceph_context, store, role_name, tenant);
ret = role.get(dpp(), null_yield);
if (ret < 0) {
return -ret;
return -EINVAL;
}
- RGWRole role(g_ceph_context, store->get_ctl(), role_name, tenant);
+ RGWRole role(g_ceph_context, store, role_name, tenant);
ret = role.get(dpp(), null_yield);
if (ret < 0) {
return -ret;
return -EINVAL;
}
- RGWRole role(g_ceph_context, store->get_ctl(), role_name, tenant);
+ RGWRole role(g_ceph_context, store, role_name, tenant);
ret = role.get(dpp(), null_yield);
if (ret < 0) {
return -ret;
cerr << "ERROR: Role name is empty" << std::endl;
return -EINVAL;
}
- RGWRole role(g_ceph_context, store->get_ctl(), role_name, tenant);
+ RGWRole role(g_ceph_context, store, role_name, tenant);
ret = role.get(dpp(), null_yield);
if (ret < 0) {
return -ret;
cerr << "ERROR: policy name is empty" << std::endl;
return -EINVAL;
}
- RGWRole role(g_ceph_context, store->get_ctl(), role_name, tenant);
+ RGWRole role(g_ceph_context, store, role_name, tenant);
int ret = role.get(dpp(), null_yield);
if (ret < 0) {
return -ret;
cerr << "ERROR: policy name is empty" << std::endl;
return -EINVAL;
}
- RGWRole role(g_ceph_context, store->get_ctl(), role_name, tenant);
+ RGWRole role(g_ceph_context, store, role_name, tenant);
ret = role.get(dpp(), null_yield);
if (ret < 0) {
return -ret;
const string& display_name,
RGWUserInfo& user_info) const /* out */
{
- user_info.user_id = acct_user;
- user_info.display_name = display_name;
- user_info.type = TYPE_WEB;
-
- user_info.max_buckets =
+ std::unique_ptr<rgw::sal::RGWUser> user = store->get_user(acct_user);
+ user->get_info().display_name = display_name;
+ user->get_info().type = TYPE_WEB;
+ user->get_info().max_buckets =
cct->_conf.get_val<int64_t>("rgw_user_max_buckets");
- rgw_apply_default_bucket_quota(user_info.bucket_quota, cct->_conf);
- rgw_apply_default_user_quota(user_info.user_quota, cct->_conf);
+ rgw_apply_default_bucket_quota(user->get_info().bucket_quota, cct->_conf);
+ rgw_apply_default_user_quota(user->get_info().user_quota, cct->_conf);
- int ret = ctl->user->store_info(dpp, user_info, null_yield,
- RGWUserCtl::PutParams().set_exclusive(true));
+ int ret = user->store_info(dpp, null_yield,
+ RGWUserCtl::PutParams().set_exclusive(true));
if (ret < 0) {
ldpp_dout(dpp, 0) << "ERROR: failed to store new user info: user="
- << user_info.user_id << " ret=" << ret << dendl;
+ << user << " ret=" << ret << dendl;
throw ret;
}
+ user_info = user->get_info();
}
void rgw::auth::WebIdentityApplier::load_acct_info(const DoutPrefixProvider* dpp, RGWUserInfo& user_info) const {
federated_user.tenant = role_tenant;
federated_user.ns = "oidc";
+ std::unique_ptr<rgw::sal::RGWUser> user = store->get_user(federated_user);
+
//Check in oidc namespace
- if (ctl->user->get_info_by_uid(dpp, federated_user, &user_info, null_yield) >= 0) {
+ if (user->load_by_id(dpp, null_yield) >= 0) {
/* Succeeded. */
+ user_info = user->get_info();
return;
}
- federated_user.ns.clear();
+ user->clear_ns();
//Check for old users which wouldn't have been created in oidc namespace
- if (ctl->user->get_info_by_uid(dpp, federated_user, &user_info, null_yield) >= 0) {
+ if (user->load_by_id(dpp, null_yield) >= 0) {
/* Succeeded. */
+ user_info = user->get_info();
return;
}
//Check if user_id.buckets already exists, may have been from the time, when shadow users didnt exist
RGWStorageStats stats;
- int ret = ctl->user->read_stats(federated_user, &stats, null_yield);
+ int ret = user->read_stats(null_yield, &stats);
if (ret < 0 && ret != -ENOENT) {
ldpp_dout(dpp, 0) << "ERROR: reading stats for the user returned error " << ret << dendl;
return;
{
rgw_user new_acct_user = acct_user;
- if (info.acct_type) {
- //ldap/keystone for s3 users
- user_info.type = info.acct_type;
- }
-
/* An upper layer may enforce creating new accounts within their own
* tenants. */
if (new_acct_user.tenant.empty() && implicit_tenant) {
new_acct_user.tenant = new_acct_user.id;
}
- user_info.user_id = new_acct_user;
- user_info.display_name = info.acct_name;
-
- user_info.max_buckets =
+ std::unique_ptr<rgw::sal::RGWUser> user = store->get_user(new_acct_user);
+ user->get_info().display_name = info.acct_name;
+ if (info.acct_type) {
+ //ldap/keystone for s3 users
+ user->get_info().type = info.acct_type;
+ }
+ user->get_info().max_buckets =
cct->_conf.get_val<int64_t>("rgw_user_max_buckets");
- rgw_apply_default_bucket_quota(user_info.bucket_quota, cct->_conf);
- rgw_apply_default_user_quota(user_info.user_quota, cct->_conf);
+ rgw_apply_default_bucket_quota(user->get_info().bucket_quota, cct->_conf);
+ rgw_apply_default_user_quota(user->get_info().user_quota, cct->_conf);
+ user_info = user->get_info();
- int ret = ctl->user->store_info(dpp, user_info, null_yield,
- RGWUserCtl::PutParams().set_exclusive(true));
+ int ret = user->store_info(dpp, null_yield,
+ RGWUserCtl::PutParams().set_exclusive(true));
if (ret < 0) {
ldpp_dout(dpp, 0) << "ERROR: failed to store new user info: user="
- << user_info.user_id << " ret=" << ret << dendl;
+ << user << " ret=" << ret << dendl;
throw ret;
}
}
auto implicit_value = implicit_tenant_context.get_value();
bool implicit_tenant = implicit_value.implicit_tenants_for_(implicit_tenant_bit);
bool split_mode = implicit_value.is_split_mode();
+ std::unique_ptr<rgw::sal::RGWUser> user;
/* Normally, empty "tenant" field of acct_user means the authenticated
* identity has the legacy, global tenant. However, due to inclusion
; /* suppress lookup for id used by "other" protocol */
else if (acct_user.tenant.empty()) {
const rgw_user tenanted_uid(acct_user.id, acct_user.id);
+ user = store->get_user(tenanted_uid);
- if (ctl->user->get_info_by_uid(dpp, tenanted_uid, &user_info, null_yield) >= 0) {
+ if (user->load_by_id(dpp, null_yield) >= 0) {
/* Succeeded. */
+ user_info = user->get_info();
return;
}
}
+ user = store->get_user(acct_user);
+
if (split_mode && implicit_tenant)
; /* suppress lookup for id used by "other" protocol */
- else if (ctl->user->get_info_by_uid(dpp, acct_user, &user_info, null_yield) >= 0) {
- /* Succeeded. */
- return;
+ else if (user->load_by_id(dpp, null_yield) >= 0) {
+ /* Succeeded. */
+ user_info = user->get_info();
+ return;
}
ldpp_dout(dpp, 0) << "NOTICE: couldn't map swift user " << acct_user << dendl;
class WebIdentityApplier : public IdentityApplier {
protected:
CephContext* const cct;
- RGWCtl* const ctl;
+ rgw::sal::RGWStore* store;
string role_session;
string role_tenant;
rgw::web_idp::WebTokenClaims token_claims;
RGWUserInfo& user_info) const; /* out */
public:
WebIdentityApplier( CephContext* const cct,
- RGWCtl* const ctl,
+ rgw::sal::RGWStore* store,
const string& role_session,
const string& role_tenant,
const rgw::web_idp::WebTokenClaims& token_claims)
: cct(cct),
- ctl(ctl),
+ store(store),
role_session(role_session),
role_tenant(role_tenant),
token_claims(token_claims) {
CephContext* const cct;
/* Read-write is intensional here due to RGWUserInfo creation process. */
- RGWCtl* const ctl;
+ rgw::sal::RGWStore* store;
/* Supplemental strategy for extracting permissions from ACLs. Its results
* will be combined (ORed) with a default strategy that is responsible for
public:
RemoteApplier(CephContext* const cct,
- RGWCtl* const ctl,
+ rgw::sal::RGWStore* store,
acl_strategy_t&& extra_acl_strategy,
const AuthInfo& info,
rgw::auth::ImplicitTenants& implicit_tenant_context,
rgw::auth::ImplicitTenants::implicit_tenant_flag_bits implicit_tenant_bit)
: cct(cct),
- ctl(ctl),
+ store(store),
extra_acl_strategy(std::move(extra_acl_strategy)),
info(info),
implicit_tenant_context(implicit_tenant_context),
template <typename T>
class ThirdPartyAccountApplier : public DecoratedApplier<T> {
- /* const */RGWCtl* const ctl;
+ rgw::sal::RGWStore* store;
const rgw_user acct_user_override;
public:
static const rgw_user UNKNOWN_ACCT;
template <typename U>
- ThirdPartyAccountApplier(RGWCtl* const ctl,
+ ThirdPartyAccountApplier(rgw::sal::RGWStore* store,
const rgw_user &acct_user_override,
U&& decoratee)
: DecoratedApplier<T>(std::move(decoratee)),
- ctl(ctl),
+ store(store),
acct_user_override(acct_user_override) {
}
} else {
/* Compatibility mechanism for multi-tenancy. For more details refer to
* load_acct_info method of rgw::auth::RemoteApplier. */
+ std::unique_ptr<rgw::sal::RGWUser> user;
+
if (acct_user_override.tenant.empty()) {
const rgw_user tenanted_uid(acct_user_override.id, acct_user_override.id);
+ user = store->get_user(tenanted_uid);
- if (ctl->user->get_info_by_uid(dpp, tenanted_uid, &user_info, null_yield) >= 0) {
+ if (user->load_by_id(dpp, null_yield) >= 0) {
+ user_info = user->get_info();
/* Succeeded. */
return;
}
}
- const int ret = ctl->user->get_info_by_uid(dpp, acct_user_override, &user_info, null_yield);
+ user = store->get_user(acct_user_override);
+ const int ret = user->load_by_id(dpp, null_yield);
if (ret < 0) {
/* We aren't trying to recover from ENOENT here. It's supposed that creating
* someone else's account isn't a thing we want to support in this filter. */
throw ret;
}
}
-
+ user_info = user->get_info();
}
}
template <typename T> static inline
-ThirdPartyAccountApplier<T> add_3rdparty(RGWCtl* const ctl,
+ThirdPartyAccountApplier<T> add_3rdparty(rgw::sal::RGWStore* store,
const rgw_user &acct_user_override,
T&& t) {
- return ThirdPartyAccountApplier<T>(ctl, acct_user_override,
+ return ThirdPartyAccountApplier<T>(store, acct_user_override,
std::forward<T>(t));
}
template <typename T>
class SysReqApplier : public DecoratedApplier<T> {
CephContext* const cct;
- /*const*/ RGWCtl* const ctl;
+ rgw::sal::RGWStore* store;
const RGWHTTPArgs& args;
mutable boost::tribool is_system;
public:
template <typename U>
SysReqApplier(CephContext* const cct,
- /*const*/ RGWCtl* const ctl,
+ rgw::sal::RGWStore* store,
const req_state* const s,
U&& decoratee)
: DecoratedApplier<T>(std::forward<T>(decoratee)),
cct(cct),
- ctl(ctl),
+ store(store),
args(s->info.args),
is_system(boost::logic::indeterminate) {
}
/* We aren't writing directly to user_info for consistency and security
* reasons. rgw_get_user_info_by_uid doesn't trigger the operator=() but
* calls ::decode instead. */
- RGWUserInfo euser_info;
- if (ctl->user->get_info_by_uid(dpp, effective_uid, &euser_info, null_yield) < 0) {
+ std::unique_ptr<rgw::sal::RGWUser> user = store->get_user(effective_uid);
+ if (user->load_by_id(dpp, null_yield) < 0) {
//ldpp_dout(dpp, 0) << "User lookup failed!" << dendl;
throw -EACCES;
}
- user_info = euser_info;
+ user_info = user->get_info();
}
}
}
template <typename T> static inline
SysReqApplier<T> add_sysreq(CephContext* const cct,
- /* const */ RGWCtl* const ctl,
+ rgw::sal::RGWStore* store,
const req_state* const s,
T&& t) {
- return SysReqApplier<T>(cct, ctl, s, std::forward<T>(t));
+ return SysReqApplier<T>(cct, store, s, std::forward<T>(t));
}
} /* namespace auth */
s3_main_strategy_t(CephContext* const cct,
ImplicitTenants& implicit_tenant_context,
- RGWCtl* const ctl)
- : s3_main_strategy_plain(cct, implicit_tenant_context, ctl),
- s3_main_strategy_boto2(cct, implicit_tenant_context, ctl) {
+ rgw::sal::RGWStore* store)
+ : s3_main_strategy_plain(cct, implicit_tenant_context, store),
+ s3_main_strategy_boto2(cct, implicit_tenant_context, store) {
add_engine(Strategy::Control::SUFFICIENT, s3_main_strategy_plain);
add_engine(Strategy::Control::FALLBACK, s3_main_strategy_boto2);
}
public:
StrategyRegistry(CephContext* const cct,
ImplicitTenants& implicit_tenant_context,
- RGWCtl* const ctl)
- : s3_main_strategy(cct, implicit_tenant_context, ctl),
- s3_post_strategy(cct, implicit_tenant_context, ctl),
- swift_strategy(cct, implicit_tenant_context, ctl),
- sts_strategy(cct, implicit_tenant_context, ctl) {
+ rgw::sal::RGWStore* store)
+ : s3_main_strategy(cct, implicit_tenant_context, store),
+ s3_post_strategy(cct, implicit_tenant_context, store),
+ swift_strategy(cct, implicit_tenant_context, store),
+ sts_strategy(cct, implicit_tenant_context, store) {
}
const s3_main_strategy_t& get_s3_main() const {
static std::shared_ptr<StrategyRegistry>
create(CephContext* const cct,
ImplicitTenants& implicit_tenant_context,
- RGWCtl* const ctl) {
- return std::make_shared<StrategyRegistry>(cct, implicit_tenant_context, ctl);
+ rgw::sal::RGWStore* store) {
+ return std::make_shared<StrategyRegistry>(cct, implicit_tenant_context, store);
}
};
public rgw::auth::LocalApplier::Factory,
public rgw::auth::RoleApplier::Factory {
typedef rgw::auth::IdentityApplier::aplptr_t aplptr_t;
- RGWCtl* const ctl;
+ rgw::sal::RGWStore* store;
rgw::auth::ImplicitTenants& implicit_tenant_context;
STSEngine sts_engine;
rgw::auth::RemoteApplier::acl_strategy_t&& acl_alg,
const rgw::auth::RemoteApplier::AuthInfo &info
) const override {
- auto apl = rgw::auth::add_sysreq(cct, ctl, s,
- rgw::auth::RemoteApplier(cct, ctl, std::move(acl_alg), info,
+ auto apl = rgw::auth::add_sysreq(cct, store, s,
+ rgw::auth::RemoteApplier(cct, store, std::move(acl_alg), info,
implicit_tenant_context,
rgw::auth::ImplicitTenants::IMPLICIT_TENANTS_S3));
return aplptr_t(new decltype(apl)(std::move(apl)));
const RGWUserInfo& user_info,
const std::string& subuser,
const boost::optional<uint32_t>& perm_mask) const override {
- auto apl = rgw::auth::add_sysreq(cct, ctl, s,
+ auto apl = rgw::auth::add_sysreq(cct, store, s,
rgw::auth::LocalApplier(cct, user_info, subuser, perm_mask));
return aplptr_t(new decltype(apl)(std::move(apl)));
}
const std::string& role_session_name,
const std::vector<string>& token_claims,
const std::string& token_issued_at) const override {
- auto apl = rgw::auth::add_sysreq(cct, ctl, s,
+ auto apl = rgw::auth::add_sysreq(cct, store, s,
rgw::auth::RoleApplier(cct, role, user_id, token_policy, role_session_name, token_claims, token_issued_at));
return aplptr_t(new decltype(apl)(std::move(apl)));
}
public:
STSAuthStrategy(CephContext* const cct,
- RGWCtl* const ctl,
+ rgw::sal::RGWStore* store,
rgw::auth::ImplicitTenants& implicit_tenant_context,
AWSEngine::VersionAbstractor* const ver_abstractor)
- : ctl(ctl),
+ : store(store),
implicit_tenant_context(implicit_tenant_context),
- sts_engine(cct, ctl, *ver_abstractor,
+ sts_engine(cct, store, *ver_abstractor,
static_cast<rgw::auth::LocalApplier::Factory*>(this),
static_cast<rgw::auth::RemoteApplier::Factory*>(this),
static_cast<rgw::auth::RoleApplier::Factory*>(this)) {
class ExternalAuthStrategy : public rgw::auth::Strategy,
public rgw::auth::RemoteApplier::Factory {
typedef rgw::auth::IdentityApplier::aplptr_t aplptr_t;
- RGWCtl* const ctl;
+ rgw::sal::RGWStore* store;
rgw::auth::ImplicitTenants& implicit_tenant_context;
using keystone_config_t = rgw::keystone::CephCtxConfig;
rgw::auth::RemoteApplier::acl_strategy_t&& acl_alg,
const rgw::auth::RemoteApplier::AuthInfo &info
) const override {
- auto apl = rgw::auth::add_sysreq(cct, ctl, s,
- rgw::auth::RemoteApplier(cct, ctl, std::move(acl_alg), info,
+ auto apl = rgw::auth::add_sysreq(cct, store, s,
+ rgw::auth::RemoteApplier(cct, store, std::move(acl_alg), info,
implicit_tenant_context,
rgw::auth::ImplicitTenants::IMPLICIT_TENANTS_S3));
/* TODO(rzarzynski): replace with static_ptr. */
public:
ExternalAuthStrategy(CephContext* const cct,
- RGWCtl* const ctl,
+ rgw::sal::RGWStore* store,
rgw::auth::ImplicitTenants& implicit_tenant_context,
AWSEngine::VersionAbstractor* const ver_abstractor)
- : ctl(ctl),
+ : store(store),
implicit_tenant_context(implicit_tenant_context),
- ldap_engine(cct, ctl, *ver_abstractor,
+ ldap_engine(cct, store, *ver_abstractor,
static_cast<rgw::auth::RemoteApplier::Factory*>(this)) {
if (cct->_conf->rgw_s3_auth_use_keystone &&
AbstractorT>::value,
"AbstractorT must be a subclass of rgw::auth::s3::VersionAbstractor");
- RGWCtl* const ctl;
+ rgw::sal::RGWStore* store;
AbstractorT ver_abstractor;
S3AnonymousEngine anonymous_engine;
const RGWUserInfo& user_info,
const std::string& subuser,
const boost::optional<uint32_t>& perm_mask) const override {
- auto apl = rgw::auth::add_sysreq(cct, ctl, s,
+ auto apl = rgw::auth::add_sysreq(cct, store, s,
rgw::auth::LocalApplier(cct, user_info, subuser, perm_mask));
/* TODO(rzarzynski): replace with static_ptr. */
return aplptr_t(new decltype(apl)(std::move(apl)));
AWSAuthStrategy(CephContext* const cct,
rgw::auth::ImplicitTenants& implicit_tenant_context,
- RGWCtl* const ctl)
- : ctl(ctl),
+ rgw::sal::RGWStore* store)
+ : store(store),
ver_abstractor(cct),
anonymous_engine(cct,
static_cast<rgw::auth::LocalApplier::Factory*>(this)),
- external_engines(cct, ctl, implicit_tenant_context, &ver_abstractor),
- sts_engine(cct, ctl, implicit_tenant_context, &ver_abstractor),
- local_engine(cct, ctl, ver_abstractor,
+ external_engines(cct, store, implicit_tenant_context, &ver_abstractor),
+ sts_engine(cct, store, implicit_tenant_context, &ver_abstractor),
+ local_engine(cct, store, ver_abstractor,
static_cast<rgw::auth::LocalApplier::Factory*>(this)) {
/* The anonymous auth. */
if (AllowAnonAccessT) {
Clock::duration time_elapsed() const { return Clock::now() - time; }
RGWObjectCtx *obj_ctx{nullptr};
- RGWSysObjectCtx *sysobj_ctx{nullptr};
string dialect;
string req_id;
string trans_id;
/* Initialize the registry of auth strategies which will coordinate
* the dynamic reconfiguration. */
auto auth_registry = \
- rgw::auth::StrategyRegistry::create(g_ceph_context, implicit_tenants, store->get_ctl());
+ rgw::auth::StrategyRegistry::create(g_ceph_context, implicit_tenants, store);
for (auto frontend : frontends)
frontend->unpause_with_new_config(store, auth_registry);
std::unique_ptr<rgw::sal::RGWUser> tuser; // Don't use this. It's empty except during init.
public:
CephContext* cct;
- boost::optional<RGWSysObjectCtx> sysobj_ctx;
/* unambiguiously return req_state */
inline struct req_state* get_state() { return this->RGWRequest::s; }
RGWRequest::init_state(_s);
RGWHandler::init(rados_ctx->get_store(), _s, io);
- sysobj_ctx.emplace(static_cast<rgw::sal::RGWRadosStore*>(store)->svc()->sysobj);
-
get_state()->obj_ctx = rados_ctx;
- get_state()->sysobj_ctx = &(sysobj_ctx.get());
get_state()->req_id = static_cast<rgw::sal::RGWRadosStore*>(store)->svc()->zone_utils->unique_id(id);
get_state()->trans_id = static_cast<rgw::sal::RGWRadosStore*>(store)->svc()->zone_utils->unique_trans_id(id);
get_state()->bucket_tenant = tuser->get_tenant();
RGWRequest::init_state(&rstate);
RGWHandler::init(rados_ctx.get_store(), &rstate, &io_ctx);
- sysobj_ctx.emplace(static_cast<rgw::sal::RGWRadosStore*>(store)->svc()->sysobj);
-
- get_state()->cio = &io_ctx;
get_state()->obj_ctx = &rados_ctx;
- get_state()->sysobj_ctx = &(sysobj_ctx.get());
get_state()->req_id = static_cast<rgw::sal::RGWRadosStore*>(store)->svc()->zone_utils->unique_id(id);
get_state()->trans_id = static_cast<rgw::sal::RGWRadosStore*>(store)->svc()->zone_utils->unique_trans_id(id);
rgw::auth::ImplicitTenants implicit_tenant_context{g_conf()};
g_conf().add_observer(&implicit_tenant_context);
auto auth_registry = \
- rgw::auth::StrategyRegistry::create(g_ceph_context, implicit_tenant_context, store->get_ctl());
+ rgw::auth::StrategyRegistry::create(g_ceph_context, implicit_tenant_context, store);
/* Header custom behavior */
rest.register_x_headers(g_conf()->rgw_log_http_headers);
using ceph::encode;
string oid = tenant + get_url_oid_prefix() + url;
- auto svc = ctl->svc;
-
bufferlist bl;
encode(*this, bl);
- auto obj_ctx = svc->sysobj->init_obj_ctx();
- return rgw_put_system_obj(obj_ctx, svc->zone->get_zone_params().oidc_pool, oid,
- bl, exclusive, NULL, real_time(), y);
+ return store->put_system_obj(store->get_zone_params().oidc_pool, oid,
+ bl, exclusive, NULL, real_time(), y);
}
int RGWOIDCProvider::get_tenant_url_from_arn(string& tenant, string& url)
sprintf(buf + strlen(buf),".%dZ",(int)tv.tv_usec/1000);
creation_date.assign(buf, strlen(buf));
- auto svc = ctl->svc;
-
- auto& pool = svc->zone->get_zone_params().oidc_pool;
+ auto& pool = store->get_zone_params().oidc_pool;
ret = store_url(idp_url, exclusive, y);
if (ret < 0) {
ldpp_dout(dpp, 0) << "ERROR: storing role info in pool: " << pool.name << ": "
int RGWOIDCProvider::delete_obj(optional_yield y)
{
- auto svc = ctl->svc;
- auto& pool = svc->zone->get_zone_params().oidc_pool;
+ auto& pool = store->get_zone_params().oidc_pool;
string url, tenant;
auto ret = get_tenant_url_from_arn(tenant, url);
// Delete url
string oid = tenant + get_url_oid_prefix() + url;
- ret = rgw_delete_system_obj(svc->sysobj, pool, oid, NULL, y);
+ ret = store->delete_system_obj(pool, oid, NULL, y);
if (ret < 0) {
ldout(cct, 0) << "ERROR: deleting oidc url from pool: " << pool.name << ": "
<< provider_url << ": " << cpp_strerror(-ret) << dendl;
int RGWOIDCProvider::read_url(const DoutPrefixProvider *dpp, const string& url, const string& tenant)
{
- auto svc = ctl->svc;
- auto& pool = svc->zone->get_zone_params().oidc_pool;
+ auto& pool = store->get_zone_params().oidc_pool;
string oid = tenant + get_url_oid_prefix() + url;
bufferlist bl;
- auto obj_ctx = svc->sysobj->init_obj_ctx();
- int ret = rgw_get_system_obj(obj_ctx, pool, oid, bl, NULL, NULL, null_yield, dpp);
+ int ret = store->get_system_obj(dpp, pool, oid, bl, NULL, NULL, null_yield);
if (ret < 0) {
return ret;
}
const string& tenant,
vector<RGWOIDCProvider>& providers)
{
- auto ctl = store->get_ctl();
- auto svc = ctl->svc;
auto pool = store->get_zone_params().oidc_pool;
string prefix = tenant + oidc_url_oid_prefix;
return r;
}
for (const auto& iter : oids) {
- RGWOIDCProvider provider(ctl->cct, store->get_ctl());
+ RGWOIDCProvider provider(store->ctx(), store);
bufferlist bl;
- auto obj_ctx = svc->sysobj->init_obj_ctx();
- int ret = rgw_get_system_obj(obj_ctx, pool, iter, bl, NULL, NULL, null_yield, dpp);
+ int ret = store->get_system_obj(dpp, pool, iter, bl, NULL, NULL, null_yield);
if (ret < 0) {
return ret;
}
#include "rgw/rgw_sal.h"
-class RGWCtl;
class RGWOIDCProvider
{
static constexpr int MAX_OIDC_URL_LEN = 255;
CephContext *cct;
- RGWCtl *ctl;
+ rgw::sal::RGWStore* store;
string id;
string provider_url;
string arn;
public:
RGWOIDCProvider(CephContext *cct,
- RGWCtl *ctl,
+ rgw::sal::RGWStore* store,
string provider_url,
string tenant,
vector<string> client_ids,
vector<string> thumbprints)
: cct(cct),
- ctl(ctl),
+ store(store),
provider_url(std::move(provider_url)),
tenant(std::move(tenant)),
client_ids(std::move(client_ids)),
}
RGWOIDCProvider(CephContext *cct,
- RGWCtl *ctl,
+ rgw::sal::RGWStore* store,
string arn,
string tenant)
: cct(cct),
- ctl(ctl),
+ store(store),
arn(std::move(arn)),
tenant(std::move(tenant)) {
}
RGWOIDCProvider(CephContext *cct,
- RGWCtl *ctl,
+ rgw::sal::RGWStore* store,
string tenant)
: cct(cct),
- ctl(ctl),
+ store(store),
tenant(std::move(tenant)) {}
RGWOIDCProvider(CephContext *cct,
- RGWCtl *ctl)
+ rgw::sal::RGWStore* store)
: cct(cct),
- ctl(ctl) {}
+ store(store) {}
RGWOIDCProvider() {}
RGWObjectCtx rados_ctx(store, s);
s->obj_ctx = &rados_ctx;
- auto sysobj_ctx = static_cast<rgw::sal::RGWRadosStore*>(store)->svc()->sysobj->init_obj_ctx();
- s->sysobj_ctx = &sysobj_ctx;
-
if (ret < 0) {
s->cio = client_io;
abort_early(s, nullptr, ret, nullptr, yield);
return;
}
- RGWOIDCProvider provider(s->cct, store->get_ctl(), provider_url,
+ RGWOIDCProvider provider(s->cct, store, provider_url,
s->user->get_tenant(), client_ids, thumbprints);
op_ret = provider.create(s, true, y);
void RGWDeleteOIDCProvider::execute(optional_yield y)
{
- RGWOIDCProvider provider(s->cct, store->get_ctl(), provider_arn, s->user->get_tenant());
+ RGWOIDCProvider provider(s->cct, store, provider_arn, s->user->get_tenant());
op_ret = provider.delete_obj(y);
if (op_ret < 0 && op_ret != -ENOENT && op_ret != -EINVAL) {
void RGWGetOIDCProvider::execute(optional_yield y)
{
- RGWOIDCProvider provider(s->cct, store->get_ctl(), provider_arn, s->user->get_tenant());
+ RGWOIDCProvider provider(s->cct, store, provider_arn, s->user->get_tenant());
op_ret = provider.get(s);
if (op_ret < 0 && op_ret != -ENOENT && op_ret != -EINVAL) {
}
string role_name = s->info.args.get("RoleName");
- RGWRole role(s->cct, store->get_ctl(), role_name, s->user->get_tenant());
+ RGWRole role(s->cct, store, role_name, s->user->get_tenant());
if (op_ret = role.get(s, y); op_ret < 0) {
if (op_ret == -ENOENT) {
op_ret = -ERR_NO_ROLE_FOUND;
if (op_ret < 0) {
return;
}
- RGWRole role(s->cct, store->get_ctl(), role_name, role_path, trust_policy,
+ RGWRole role(s->cct, store, role_name, role_path, trust_policy,
s->user->get_tenant(), max_session_duration);
op_ret = role.create(s, true, y);
if (op_ret < 0) {
return;
}
- RGWRole role(s->cct, store->get_ctl(), role_name, s->user->get_tenant());
+ RGWRole role(s->cct, store, role_name, s->user->get_tenant());
op_ret = role.get(s, y);
if (op_ret == -ENOENT) {
optional_yield y) const
{
/* get the user info */
- RGWUserInfo user_info;
+ std::unique_ptr<rgw::sal::RGWUser> user;
/* TODO(rzarzynski): we need to have string-view taking variant. */
- const std::string access_key_id(_access_key_id);
- if (rgw_get_user_info_by_access_key(dpp, ctl->user, access_key_id, user_info, y) < 0) {
- ldpp_dout(dpp, 5) << "error reading user info, uid=" << access_key_id
+ RGWAccessKey access_key;
+ access_key.id = _access_key_id;
+ if (store->get_user(dpp, access_key, y, &user) < 0) {
+ ldpp_dout(dpp, 5) << "error reading user info, uid=" << access_key.id
<< " can't authenticate" << dendl;
return result_t::deny(-ERR_INVALID_ACCESS_KEY);
}
}
}*/
- const auto iter = user_info.access_keys.find(access_key_id);
- if (iter == std::end(user_info.access_keys)) {
+ const auto iter = user->get_info().access_keys.find(access_key.id);
+ if (iter == std::end(user->get_info().access_keys)) {
ldpp_dout(dpp, 0) << "ERROR: access key not encoded in user info" << dendl;
return result_t::deny(-EPERM);
}
return result_t::deny(-ERR_SIGNATURE_NO_MATCH);
}
- auto apl = apl_factory->create_apl_local(cct, s, user_info, k.subuser, boost::none);
+ auto apl = apl_factory->create_apl_local(cct, s, user->get_info(), k.subuser, boost::none);
return result_t::grant(std::move(apl), completer_factory(k.key));
}
}
// Get all the authorization info
- RGWUserInfo user_info;
+ std::unique_ptr<rgw::sal::RGWUser> user;
rgw_user user_id;
string role_id;
rgw::auth::RoleApplier::Role r;
if (! token.roleId.empty()) {
- RGWRole role(s->cct, ctl, token.roleId);
+ RGWRole role(s->cct, store, token.roleId);
if (role.get_by_id(dpp, y) < 0) {
return result_t::deny(-EPERM);
}
user_id = token.user;
}
+ user = store->get_user(token.user);
if (! token.user.empty() && token.acct_type != TYPE_ROLE) {
// get user info
- int ret = rgw_get_user_info_by_uid(dpp, ctl->user, token.user, user_info, y, NULL);
+ int ret = user->load_by_id(dpp, y);
if (ret < 0) {
ldpp_dout(dpp, 5) << "ERROR: failed reading user info: uid=" << token.user << dendl;
return result_t::reject(-EPERM);
return result_t::grant(std::move(apl), completer_factory(token.secret_access_key));
} else { // This is for all local users of type TYPE_RGW or TYPE_NONE
string subuser;
- auto apl = local_apl_factory->create_apl_local(cct, s, user_info, subuser, token.perm_mask);
+ auto apl = local_apl_factory->create_apl_local(cct, s, user->get_info(), subuser, token.perm_mask);
return result_t::grant(std::move(apl), completer_factory(token.secret_access_key));
}
}
using result_t = rgw::auth::Engine::result_t;
protected:
- RGWCtl* const ctl;
+ rgw::sal::RGWStore* store;
const rgw::auth::RemoteApplier::Factory* const apl_factory;
acl_strategy_t get_acl_strategy() const;
optional_yield y) const override;
public:
LDAPEngine(CephContext* const cct,
- RGWCtl* const ctl,
+ rgw::sal::RGWStore* store,
const VersionAbstractor& ver_abstractor,
const rgw::auth::RemoteApplier::Factory* const apl_factory)
: AWSEngine(cct, ver_abstractor),
- ctl(ctl),
+ store(store),
apl_factory(apl_factory) {
init(cct);
}
};
class LocalEngine : public AWSEngine {
- RGWCtl* const ctl;
+ rgw::sal::RGWStore* store;
const rgw::auth::LocalApplier::Factory* const apl_factory;
result_t authenticate(const DoutPrefixProvider* dpp,
optional_yield y) const override;
public:
LocalEngine(CephContext* const cct,
- RGWCtl* const ctl,
+ rgw::sal::RGWStore* store,
const VersionAbstractor& ver_abstractor,
const rgw::auth::LocalApplier::Factory* const apl_factory)
: AWSEngine(cct, ver_abstractor),
- ctl(ctl),
+ store(store),
apl_factory(apl_factory) {
}
};
class STSEngine : public AWSEngine {
- RGWCtl* const ctl;
+ rgw::sal::RGWStore* store;
const rgw::auth::LocalApplier::Factory* const local_apl_factory;
const rgw::auth::RemoteApplier::Factory* const remote_apl_factory;
const rgw::auth::RoleApplier::Factory* const role_apl_factory;
optional_yield y) const override;
public:
STSEngine(CephContext* const cct,
- RGWCtl* const ctl,
+ rgw::sal::RGWStore* store,
const VersionAbstractor& ver_abstractor,
const rgw::auth::LocalApplier::Factory* const local_apl_factory,
const rgw::auth::RemoteApplier::Factory* const remote_apl_factory,
const rgw::auth::RoleApplier::Factory* const role_apl_factory)
: AWSEngine(cct, ver_abstractor),
- ctl(ctl),
+ store(store),
local_apl_factory(local_apl_factory),
remote_apl_factory(remote_apl_factory),
role_apl_factory(role_apl_factory) {
}
auto provider_arn = rgw::ARN(idp_url, "oidc-provider", tenant);
string p_arn = provider_arn.to_string();
- RGWOIDCProvider provider(cct, ctl, p_arn, tenant);
+ RGWOIDCProvider provider(cct, store, p_arn, tenant);
auto ret = provider.get(dpp);
if (ret < 0) {
return boost::none;
class WebTokenEngine : public rgw::auth::Engine {
CephContext* const cct;
- RGWCtl* const ctl;
+ rgw::sal::RGWStore* store;
using result_t = rgw::auth::Engine::result_t;
using token_t = rgw::web_idp::WebTokenClaims;
public:
WebTokenEngine(CephContext* const cct,
- RGWCtl* const ctl,
+ rgw::sal::RGWStore* store,
const rgw::auth::TokenExtractor* const extractor,
const rgw::auth::WebIdentityApplier::Factory* const apl_factory)
: cct(cct),
- ctl(ctl),
+ store(store),
extractor(extractor),
apl_factory(apl_factory) {
}
class DefaultStrategy : public rgw::auth::Strategy,
public rgw::auth::TokenExtractor,
public rgw::auth::WebIdentityApplier::Factory {
- RGWCtl* const ctl;
+ rgw::sal::RGWStore* store;
ImplicitTenants& implicit_tenant_context;
/* The engine. */
const string& role_session,
const string& role_tenant,
const rgw::web_idp::WebTokenClaims& token) const override {
- auto apl = rgw::auth::add_sysreq(cct, ctl, s,
- rgw::auth::WebIdentityApplier(cct, ctl, role_session, role_tenant, token));
+ auto apl = rgw::auth::add_sysreq(cct, store, s,
+ rgw::auth::WebIdentityApplier(cct, store, role_session, role_tenant, token));
return aplptr_t(new decltype(apl)(std::move(apl)));
}
public:
DefaultStrategy(CephContext* const cct,
ImplicitTenants& implicit_tenant_context,
- RGWCtl* const ctl)
- : ctl(ctl),
+ rgw::sal::RGWStore* store)
+ : store(store),
implicit_tenant_context(implicit_tenant_context),
- web_token_engine(cct, ctl,
+ web_token_engine(cct, store,
static_cast<rgw::auth::TokenExtractor*>(this),
static_cast<rgw::auth::WebIdentityApplier::Factory*>(this)) {
/* When the constructor's body is being executed, all member engines
bufferlist bl;
encode(*this, bl);
- auto svc = ctl->svc;
-
- auto obj_ctx = ctl->svc->sysobj->init_obj_ctx();
- return rgw_put_system_obj(obj_ctx, svc->zone->get_zone_params().roles_pool, oid,
- bl, exclusive, NULL, real_time(), y, NULL);
+ return store->put_system_obj(store->get_zone_params().roles_pool, oid,
+ bl, exclusive, NULL, real_time(), y, NULL);
}
int RGWRole::store_name(bool exclusive, optional_yield y)
using ceph::encode;
encode(nameToId, bl);
- auto svc = ctl->svc;
-
- auto obj_ctx = svc->sysobj->init_obj_ctx();
- return rgw_put_system_obj(obj_ctx, svc->zone->get_zone_params().roles_pool, oid,
- bl, exclusive, NULL, real_time(), y, NULL);
+ return store->put_system_obj(store->get_zone_params().roles_pool, oid,
+ bl, exclusive, NULL, real_time(), y, NULL);
}
int RGWRole::store_path(bool exclusive, optional_yield y)
{
string oid = tenant + get_path_oid_prefix() + path + get_info_oid_prefix() + id;
- auto svc = ctl->svc;
-
bufferlist bl;
- auto obj_ctx = svc->sysobj->init_obj_ctx();
- return rgw_put_system_obj(obj_ctx, svc->zone->get_zone_params().roles_pool, oid,
- bl, exclusive, NULL, real_time(), y, NULL);
+ return store->put_system_obj(store->get_zone_params().roles_pool, oid,
+ bl, exclusive, NULL, real_time(), y, NULL);
}
int RGWRole::create(const DoutPrefixProvider *dpp, bool exclusive, optional_yield y)
sprintf(buf + strlen(buf),".%dZ",(int)tv.tv_usec/1000);
creation_date.assign(buf, strlen(buf));
- auto svc = ctl->svc;
-
- auto& pool = svc->zone->get_zone_params().roles_pool;
+ auto& pool = store->get_zone_params().roles_pool;
ret = store_info(exclusive, y);
if (ret < 0) {
ldpp_dout(dpp, 0) << "ERROR: storing role info in pool: " << pool.name << ": "
//Delete the role info that was stored in the previous call
string oid = get_info_oid_prefix() + id;
- int info_ret = rgw_delete_system_obj(svc->sysobj, pool, oid, NULL, y);
+ int info_ret = store->delete_system_obj(pool, oid, nullptr, y);
if (info_ret < 0) {
ldpp_dout(dpp, 0) << "ERROR: cleanup of role id from pool: " << pool.name << ": "
<< id << ": " << cpp_strerror(-info_ret) << dendl;
<< path << ": " << cpp_strerror(-ret) << dendl;
//Delete the role info that was stored in the previous call
string oid = get_info_oid_prefix() + id;
- int info_ret = rgw_delete_system_obj(svc->sysobj, pool, oid, NULL, y);
+ int info_ret = store->delete_system_obj(pool, oid, nullptr, y);
if (info_ret < 0) {
ldpp_dout(dpp, 0) << "ERROR: cleanup of role id from pool: " << pool.name << ": "
<< id << ": " << cpp_strerror(-info_ret) << dendl;
}
//Delete role name that was stored in previous call
oid = tenant + get_names_oid_prefix() + name;
- int name_ret = rgw_delete_system_obj(svc->sysobj, pool, oid, NULL, y);
+ int name_ret = store->delete_system_obj(pool, oid, nullptr, y);
if (name_ret < 0) {
ldpp_dout(dpp, 0) << "ERROR: cleanup of role name from pool: " << pool.name << ": "
<< name << ": " << cpp_strerror(-name_ret) << dendl;
int RGWRole::delete_obj(const DoutPrefixProvider *dpp, optional_yield y)
{
- auto svc = ctl->svc;
- auto& pool = svc->zone->get_zone_params().roles_pool;
+ auto& pool = store->get_zone_params().roles_pool;
int ret = read_name(dpp, y);
if (ret < 0) {
// Delete id
string oid = get_info_oid_prefix() + id;
- ret = rgw_delete_system_obj(svc->sysobj, pool, oid, NULL, y);
+ ret = store->delete_system_obj(pool, oid, nullptr, y);
if (ret < 0) {
ldpp_dout(dpp, 0) << "ERROR: deleting role id from pool: " << pool.name << ": "
<< id << ": " << cpp_strerror(-ret) << dendl;
// Delete name
oid = tenant + get_names_oid_prefix() + name;
- ret = rgw_delete_system_obj(svc->sysobj, pool, oid, NULL, y);
+ ret = store->delete_system_obj(pool, oid, nullptr, y);
if (ret < 0) {
ldpp_dout(dpp, 0) << "ERROR: deleting role name from pool: " << pool.name << ": "
<< name << ": " << cpp_strerror(-ret) << dendl;
// Delete path
oid = tenant + get_path_oid_prefix() + path + get_info_oid_prefix() + id;
- ret = rgw_delete_system_obj(svc->sysobj, pool, oid, NULL, y);
+ ret = store->delete_system_obj(pool, oid, nullptr, y);
if (ret < 0) {
ldpp_dout(dpp, 0) << "ERROR: deleting role path from pool: " << pool.name << ": "
<< path << ": " << cpp_strerror(-ret) << dendl;
int RGWRole::update(optional_yield y)
{
- auto& pool = ctl->svc->zone->get_zone_params().roles_pool;
+ auto& pool = store->get_zone_params().roles_pool;
int ret = store_info(false, y);
if (ret < 0) {
int RGWRole::read_id(const DoutPrefixProvider *dpp, const string& role_name, const string& tenant, string& role_id, optional_yield y)
{
- auto svc = ctl->svc;
- auto& pool = svc->zone->get_zone_params().roles_pool;
+ auto& pool = store->get_zone_params().roles_pool;
string oid = tenant + get_names_oid_prefix() + role_name;
bufferlist bl;
- auto obj_ctx = svc->sysobj->init_obj_ctx();
- int ret = rgw_get_system_obj(obj_ctx, pool, oid, bl, NULL, NULL, y, dpp);
+ int ret = store->get_system_obj(dpp, pool, oid, bl, NULL, NULL, y);
if (ret < 0) {
return ret;
}
int RGWRole::read_info(const DoutPrefixProvider *dpp, optional_yield y)
{
- auto svc = ctl->svc;
- auto& pool = svc->zone->get_zone_params().roles_pool;
+ auto& pool = store->get_zone_params().roles_pool;
string oid = get_info_oid_prefix() + id;
bufferlist bl;
- auto obj_ctx = svc->sysobj->init_obj_ctx();
- int ret = rgw_get_system_obj(obj_ctx, pool, oid, bl, NULL, NULL, y, dpp);
+ int ret = store->get_system_obj(dpp, pool, oid, bl, NULL, NULL, y);
if (ret < 0) {
ldpp_dout(dpp, 0) << "ERROR: failed reading role info from pool: " << pool.name <<
": " << id << ": " << cpp_strerror(-ret) << dendl;
int RGWRole::read_name(const DoutPrefixProvider *dpp, optional_yield y)
{
- auto svc = ctl->svc;
- auto& pool = svc->zone->get_zone_params().roles_pool;
+ auto& pool = store->get_zone_params().roles_pool;
string oid = tenant + get_names_oid_prefix() + name;
bufferlist bl;
- auto obj_ctx = svc->sysobj->init_obj_ctx();
- int ret = rgw_get_system_obj(obj_ctx, pool, oid, bl, NULL, NULL, y, dpp);
+ int ret = store->get_system_obj(dpp, pool, oid, bl, NULL, NULL, y);
if (ret < 0) {
ldpp_dout(dpp, 0) << "ERROR: failed reading role name from pool: " << pool.name << ": "
<< name << ": " << cpp_strerror(-ret) << dendl;
//Get id from info oid prefix + id
string id = it.substr(pos + role_oid_prefix.length());
- RGWRole role(cct, store->get_ctl());
+ RGWRole role(cct, store);
role.set_id(id);
int ret = role.read_info(dpp, y);
if (ret < 0) {
#include "rgw/rgw_rados.h"
-struct RGWCtl;
+namespace rgw { namespace sal { class RGWStore; } }
class RGWRole
{
static constexpr uint64_t SESSION_DURATION_MAX = 43200; // in seconds
CephContext *cct;
- RGWCtl *ctl;
+ rgw::sal::RGWStore* store;
string id;
string name;
string path;
public:
RGWRole(CephContext *cct,
- RGWCtl *ctl,
+ rgw::sal::RGWStore* store,
string name,
string path,
string trust_policy,
string tenant,
string max_session_duration_str="")
: cct(cct),
- ctl(ctl),
+ store(store),
name(std::move(name)),
path(std::move(path)),
trust_policy(std::move(trust_policy)),
}
RGWRole(CephContext *cct,
- RGWCtl *ctl,
+ rgw::sal::RGWStore* store,
string name,
string tenant)
: cct(cct),
- ctl(ctl),
+ store(store),
name(std::move(name)),
tenant(std::move(tenant)) {
extract_name_tenant(this->name);
}
RGWRole(CephContext *cct,
- RGWCtl *ctl,
+ rgw::sal::RGWStore* store,
string id)
: cct(cct),
- ctl(ctl),
+ store(store),
id(std::move(id)) {}
RGWRole(CephContext *cct,
- RGWCtl *ctl)
+ rgw::sal::RGWStore* store)
: cct(cct),
- ctl(ctl) {}
+ store(store) {}
RGWRole() {}
map<rgw_user_bucket, rgw_usage_log_entry>& usage) = 0;
virtual int trim_all_usage(uint64_t start_epoch, uint64_t end_epoch) = 0;
virtual int get_config_key_val(string name, bufferlist *bl) = 0;
+ virtual int put_system_obj(const rgw_pool& pool, const string& oid,
+ bufferlist& data, bool exclusive,
+ RGWObjVersionTracker *objv_tracker, real_time set_mtime,
+ optional_yield y, map<string, bufferlist> *pattrs = nullptr) = 0;
+ virtual int get_system_obj(const DoutPrefixProvider *dpp,
+ const rgw_pool& pool, const string& key,
+ bufferlist& bl,
+ RGWObjVersionTracker *objv_tracker, real_time *pmtime,
+ optional_yield y, map<string, bufferlist> *pattrs = nullptr,
+ rgw_cache_entry_info *cache_info = nullptr,
+ boost::optional<obj_version> refresh_version = boost::none) = 0;
+ virtual int delete_system_obj(const rgw_pool& pool, const string& oid,
+ RGWObjVersionTracker *objv_tracker, optional_yield y) = 0;
virtual void finalize(void) = 0;
virtual CephContext *ctx(void) = 0;
void set_tenant(std::string& _t) { info.user_id.tenant = _t; }
const std::string& get_ns() { return info.user_id.ns; }
void set_ns(std::string& _ns) { info.user_id.ns = _ns; }
+ void clear_ns() { info.user_id.ns.clear(); }
const rgw_user& get_id() const { return info.user_id; }
uint32_t get_type() const { return info.type; }
int32_t get_max_buckets() const { return info.max_buckets; }
return svc()->config_key->get(name, true, bl);
}
+int RGWRadosStore::put_system_obj(const rgw_pool& pool, const string& oid,
+ bufferlist& data, bool exclusive,
+ RGWObjVersionTracker *objv_tracker, real_time set_mtime,
+ optional_yield y, map<string, bufferlist> *pattrs)
+{
+ auto obj_ctx = svc()->sysobj->init_obj_ctx();
+ return rgw_put_system_obj(obj_ctx, pool, oid, data, exclusive, objv_tracker, set_mtime, y, pattrs);
+}
+
+int RGWRadosStore::get_system_obj(const DoutPrefixProvider *dpp,
+ const rgw_pool& pool, const string& key,
+ bufferlist& bl,
+ RGWObjVersionTracker *objv_tracker, real_time *pmtime,
+ optional_yield y, map<string, bufferlist> *pattrs,
+ rgw_cache_entry_info *cache_info,
+ boost::optional<obj_version> refresh_version)
+{
+ auto obj_ctx = svc()->sysobj->init_obj_ctx();
+ return rgw_get_system_obj(obj_ctx, pool, key, bl, objv_tracker, pmtime, y, dpp, pattrs, cache_info, refresh_version);
+}
+
+int RGWRadosStore::delete_system_obj(const rgw_pool& pool, const string& oid,
+ RGWObjVersionTracker *objv_tracker, optional_yield y)
+{
+ return rgw_delete_system_obj(svc()->sysobj, pool, oid, objv_tracker, y);
+}
void RGWRadosStore::finalize(void)
{
if (rados)
map<rgw_user_bucket, rgw_usage_log_entry>& usage) override;
virtual int trim_all_usage(uint64_t start_epoch, uint64_t end_epoch) override;
virtual int get_config_key_val(string name, bufferlist *bl) override;
+ virtual int put_system_obj(const rgw_pool& pool, const string& oid,
+ bufferlist& data, bool exclusive,
+ RGWObjVersionTracker *objv_tracker, real_time set_mtime,
+ optional_yield y, map<string, bufferlist> *pattrs = nullptr)
+ override;
+ virtual int get_system_obj(const DoutPrefixProvider *dpp,
+ const rgw_pool& pool, const string& key,
+ bufferlist& bl,
+ RGWObjVersionTracker *objv_tracker, real_time *pmtime,
+ optional_yield y, map<string, bufferlist> *pattrs = nullptr,
+ rgw_cache_entry_info *cache_info = nullptr,
+ boost::optional<obj_version> refresh_version = boost::none) override;
+ virtual int delete_system_obj(const rgw_pool& pool, const string& oid,
+ RGWObjVersionTracker *objv_tracker, optional_yield y) override;
virtual void finalize(void) override;
virtual CephContext *ctx(void) override { return rados->ctx(); }
if (auto r_arn = rgw::ARN::parse(arn); r_arn) {
auto pos = r_arn->resource.find_last_of('/');
string roleName = r_arn->resource.substr(pos + 1);
- RGWRole role(cct, store->get_ctl(), roleName, r_arn->account);
+ RGWRole role(cct, store, roleName, r_arn->account);
if (int ret = role.get(dpp, y); ret < 0) {
if (ret == -ENOENT) {
ldpp_dout(dpp, 0) << "Role doesn't exist: " << roleName << dendl;
* the access would be limited to accounts with empty tenant. */
string bucket_tenant;
if (!s->account_name.empty()) {
- RGWUserInfo uinfo;
- bool found = false;
+ std::unique_ptr<rgw::sal::RGWUser> user;
- const rgw_user uid(s->account_name);
+ rgw_user uid(s->account_name);
if (uid.tenant.empty()) {
- const rgw_user tenanted_uid(uid.id, uid.id);
-
- if (ctl->user->get_info_by_uid(dpp, tenanted_uid, &uinfo, s->yield) >= 0) {
- /* Succeeded. */
- bucket_tenant = uinfo.user_id.tenant;
- found = true;
- }
+ uid.tenant = uid.id;
}
- if (!found && ctl->user->get_info_by_uid(dpp, uid, &uinfo, s->yield) < 0) {
+ user = store->get_user(uid);
+ if (user->load_by_id(dpp, s->yield) < 0) {
throw -EPERM;
- } else {
- bucket_tenant = uinfo.user_id.tenant;
}
+
+ bucket_tenant = user->get_tenant();
}
rgw_bucket b;
b.tenant = std::move(bucket_tenant);
b.name = std::move(bucket_name);
-
- /* Need to get user info of bucket owner. */
- RGWBucketInfo bucket_info;
- RGWSI_MetaBackend_CtxParams bectx_params = RGWSI_MetaBackend_CtxParams_SObj(s->sysobj_ctx);
- int ret = ctl->bucket->read_bucket_info(b, &bucket_info, y, dpp, RGWBucketCtl::BucketInstance::GetParams().set_bectx_params(bectx_params));
+ std::unique_ptr<rgw::sal::RGWBucket> bucket;
+ int ret = store->get_bucket(dpp, nullptr, b, &bucket, s->yield);
if (ret < 0) {
throw ret;
}
- ldpp_dout(dpp, 20) << "temp url user (bucket owner): " << bucket_info.owner
+ ldpp_dout(dpp, 20) << "temp url user (bucket owner): " << bucket->get_info().owner
<< dendl;
- if (ctl->user->get_info_by_uid(dpp, bucket_info.owner, &owner_info, s->yield) < 0) {
+ std::unique_ptr<rgw::sal::RGWUser> user;
+ user = store->get_user(bucket->get_info().owner);
+ if (user->load_by_id(dpp, s->yield) < 0) {
throw -EPERM;
}
}
ldpp_dout(dpp, 10) << "swift user=" << swift_user << dendl;
- RGWUserInfo tmp_uinfo;
- ret = ctl->user->get_info_by_swift(dpp, swift_user, &tmp_uinfo, s->yield);
+ std::unique_ptr<rgw::sal::RGWUser> user;
+ ret = store->get_user_by_swift(dpp, swift_user, s->yield, &user);
if (ret < 0) {
ldpp_dout(dpp, 0) << "NOTICE: couldn't map swift user" << dendl;
throw ret;
}
- auto apl = apl_factory->create_apl_local(cct, s, tmp_uinfo,
+ auto apl = apl_factory->create_apl_local(cct, s, user->get_info(),
extract_swift_subuser(swift_user),
boost::none);
return result_t::grant(std::move(apl));
return result_t::deny(-EPERM);
}
- RGWUserInfo user_info;
- ret = ctl->user->get_info_by_swift(dpp, swift_user, &user_info, s->yield);
+ std::unique_ptr<rgw::sal::RGWUser> user;
+ ret = store->get_user_by_swift(dpp, swift_user, s->yield, &user);
if (ret < 0) {
throw ret;
}
ldpp_dout(dpp, 10) << "swift_user=" << swift_user << dendl;
- const auto siter = user_info.swift_keys.find(swift_user);
- if (siter == std::end(user_info.swift_keys)) {
+ const auto siter = user->get_info().swift_keys.find(swift_user);
+ if (siter == std::end(user->get_info().swift_keys)) {
return result_t::deny(-EPERM);
}
return result_t::deny(-EPERM);
}
- auto apl = apl_factory->create_apl_local(cct, s, user_info,
+ auto apl = apl_factory->create_apl_local(cct, s, user->get_info(),
extract_swift_subuser(swift_user),
boost::none);
return result_t::grant(std::move(apl));
using result_t = rgw::auth::Engine::result_t;
CephContext* const cct;
- /* const */ RGWCtl* const ctl;
+ rgw::sal::RGWStore* store;
const TempURLApplier::Factory* const apl_factory;
/* Helper methods. */
public:
TempURLEngine(CephContext* const cct,
- /*const*/ RGWCtl* const ctl,
+ rgw::sal::RGWStore* _store ,
const TempURLApplier::Factory* const apl_factory)
: cct(cct),
- ctl(ctl),
+ store(_store),
apl_factory(apl_factory) {
}
using result_t = rgw::auth::Engine::result_t;
CephContext* const cct;
- RGWCtl* const ctl;
+ rgw::sal::RGWStore* store;
const rgw::auth::TokenExtractor* const extractor;
const rgw::auth::LocalApplier::Factory* const apl_factory;
public:
SignedTokenEngine(CephContext* const cct,
- /* const */RGWCtl* const ctl,
+ rgw::sal::RGWStore* _store,
const rgw::auth::TokenExtractor* const extractor,
const rgw::auth::LocalApplier::Factory* const apl_factory)
: cct(cct),
- ctl(ctl),
+ store(_store),
extractor(extractor),
apl_factory(apl_factory) {
}
using result_t = rgw::auth::Engine::result_t;
CephContext* const cct;
- RGWCtl* const ctl;
+ rgw::sal::RGWStore* store;
const rgw::auth::TokenExtractor* const extractor;
const rgw::auth::LocalApplier::Factory* const apl_factory;
public:
ExternalTokenEngine(CephContext* const cct,
- /* const */RGWCtl* const ctl,
+ rgw::sal::RGWStore* _store,
const rgw::auth::TokenExtractor* const extractor,
const rgw::auth::LocalApplier::Factory* const apl_factory)
: cct(cct),
- ctl(ctl),
+ store(_store),
extractor(extractor),
apl_factory(apl_factory) {
}
public rgw::auth::RemoteApplier::Factory,
public rgw::auth::LocalApplier::Factory,
public rgw::auth::swift::TempURLApplier::Factory {
- RGWCtl* const ctl;
+ rgw::sal::RGWStore* store;
ImplicitTenants& implicit_tenant_context;
/* The engines. */
acl_strategy_t&& extra_acl_strategy,
const rgw::auth::RemoteApplier::AuthInfo &info) const override {
auto apl = \
- rgw::auth::add_3rdparty(ctl, rgw_user(s->account_name),
- rgw::auth::add_sysreq(cct, ctl, s,
- rgw::auth::RemoteApplier(cct, ctl, std::move(extra_acl_strategy), info,
+ rgw::auth::add_3rdparty(store, rgw_user(s->account_name),
+ rgw::auth::add_sysreq(cct, store, s,
+ rgw::auth::RemoteApplier(cct, store, std::move(extra_acl_strategy), info,
implicit_tenant_context,
rgw::auth::ImplicitTenants::IMPLICIT_TENANTS_SWIFT)));
/* TODO(rzarzynski): replace with static_ptr. */
const std::string& subuser,
const boost::optional<uint32_t>& perm_mask) const override {
auto apl = \
- rgw::auth::add_3rdparty(ctl, rgw_user(s->account_name),
- rgw::auth::add_sysreq(cct, ctl, s,
+ rgw::auth::add_3rdparty(store, rgw_user(s->account_name),
+ rgw::auth::add_sysreq(cct, store, s,
rgw::auth::LocalApplier(cct, user_info, subuser, perm_mask)));
/* TODO(rzarzynski): replace with static_ptr. */
return aplptr_t(new decltype(apl)(std::move(apl)));
public:
DefaultStrategy(CephContext* const cct,
ImplicitTenants& implicit_tenant_context,
- RGWCtl* const ctl)
- : ctl(ctl),
+ rgw::sal::RGWStore* _store)
+ : store(_store),
implicit_tenant_context(implicit_tenant_context),
tempurl_engine(cct,
- ctl,
+ store,
static_cast<rgw::auth::swift::TempURLApplier::Factory*>(this)),
signed_engine(cct,
- ctl,
+ store,
static_cast<rgw::auth::TokenExtractor*>(this),
static_cast<rgw::auth::LocalApplier::Factory*>(this)),
external_engine(cct,
- ctl,
+ store,
static_cast<rgw::auth::TokenExtractor*>(this),
static_cast<rgw::auth::LocalApplier::Factory*>(this)),
anon_engine(cct,
projects / ceph.git / commitdiff