#include "rgw_keystone.h"
#include "common/ceph_crypto_cms.h"
#include "common/armor.h"
-
-#if 0
-// FIXME
-#include "rgw_swift.h"
-#endif
+#include "common/Cond.h"
#define dout_subsys ceph_subsys_rgw
tokens.erase(iter);
}
-
-#if 0
-//FIXME
-typedef RGWPostHTTPData RGWGetRevokedTokens;
-int RGWSwift::check_revoked()
+int RGWKeystoneTokenCache::RevokeThread::check_revoked()
{
string url;
string token;
bufferlist bl;
RGWGetRevokedTokens req(cct, &bl);
- if (get_keystone_admin_token(token) < 0) {
+ if (RGWSwift::get_keystone_admin_token(cct, token) < 0) {
return -EINVAL;
}
- if (get_keystone_url(url) < 0) {
+ if (RGWSwift::get_keystone_url(cct, url) < 0) {
return -EINVAL;
}
req.append_header("X-Auth-Token", token);
if (iter.end()) {
ldout(cct, 0) << "revoked tokens response is missing signed section" << dendl;
return -EINVAL;
- }
+ }
JSONObj *signed_obj = *iter;
}
string token_id = token->get_data();
- RGWKeystoneTokenCache::get_instance().invalidate(token_id);
+ cache->invalidate(token_id);
}
return 0;
}
-bool RGWSwift::going_down()
+bool RGWKeystoneTokenCache::going_down() const
{
return (down_flag.read() != 0);
}
-void *RGWSwift::KeystoneRevokeThread::entry() {
+void *RGWKeystoneTokenCache::RevokeThread::entry() {
do {
dout(2) << "keystone revoke thread: start" << dendl;
- int r = swift->check_revoked();
+ int r = check_revoked();
if (r < 0) {
dout(0) << "ERROR: keystone revocation processing returned error r=" << r << dendl;
}
- if (swift->going_down())
+ if (cache->going_down())
break;
lock.Lock();
cond.WaitInterval(cct, lock, utime_t(cct->_conf->rgw_keystone_revocation_interval, 0));
lock.Unlock();
- } while (!swift->going_down());
+ } while (!cache->going_down());
return NULL;
}
-void RGWSwift::KeystoneRevokeThread::stop()
+void RGWKeystoneTokenCache::RevokeThread::stop()
{
Mutex::Locker l(lock);
cond.Signal();
}
-#endif
#define CEPH_RGW_KEYSTONE_H
#include "rgw_common.h"
+#include "rgw_http_client.h"
+#include "common/Cond.h"
int rgw_open_cms_envelope(CephContext *cct,
const std::string& src,
list<string>::iterator lru_iter;
};
+ atomic_t down_flag;
+
+ class RevokeThread : public Thread {
+ friend class RGWKeystoneTokenCache;
+ typedef RGWPostHTTPData RGWGetRevokedTokens;
+
+ CephContext * const cct;
+ RGWKeystoneTokenCache * const cache;
+ Mutex lock;
+ Cond cond;
+
+ RevokeThread(CephContext * const cct, RGWKeystoneTokenCache * cache)
+ : cct(cct),
+ cache(cache),
+ lock("RGWKeystoneTokenCache::RevokeThread") {
+ }
+ void *entry();
+ void stop();
+ int check_revoked();
+ } revocator;
+
CephContext * const cct;
- string admin_token_id;
- map<string, token_entry> tokens;
- list<string> tokens_lru;
+ std::string admin_token_id;
+ std::map<std::string, token_entry> tokens;
+ std::list<std::string> tokens_lru;
Mutex lock;
const size_t max;
RGWKeystoneTokenCache()
- : cct(g_ceph_context),
+ : revocator(g_ceph_context, this),
+ cct(g_ceph_context),
lock("RGWKeystoneTokenCache", true /* recursive */),
max(cct->_conf->rgw_keystone_token_cache_size) {
+ /* The thread name has been kept for backward compliance. */
+ revocator.create("rgw_swift_k_rev");
}
+ ~RGWKeystoneTokenCache() {
+ down_flag.set(1);
+
+ revocator.stop();
+ revocator.join();
+ }
+
public:
RGWKeystoneTokenCache(const RGWKeystoneTokenCache&) = delete;
void operator=(const RGWKeystoneTokenCache&) = delete;
void add(const string& token_id, const KeystoneToken& token);
void add_admin(const KeystoneToken& token);
void invalidate(const string& token_id);
+ bool going_down() const;
};
projects / ceph.git / commitdiff