rgw:modify op_mask of user via the radosgw admin api

Fixes: http://tracker.ceph.com/issues/39084
Signed-off-by: Ning Yao <yaoning@unitedstack.com>

diff --git a/doc/radosgw/adminops.rst b/doc/radosgw/adminops.rst
index 062abb0946ad9649a33bb06eda015e500130de6a..bf04ed3f72d1f473b3df5d7a1b9f26afb7acdbb6 100644 (file)
--- a/doc/radosgw/adminops.rst
+++ b/doc/radosgw/adminops.rst
@@ -622,6 +622,13 @@ Request Parameters
 :Example: False [False]
 :Required: No
 
+``op-mask``
+
+:Description: The op-mask of the user to be modified.
+:Type: String
+:Example: ``read, write, delete, *``
+:Required: No
+
 Response Entities
 ~~~~~~~~~~~~~~~~~
 

diff --git a/src/rgw/rgw_admin.cc b/src/rgw/rgw_admin.cc
index 047a506248ce25b82c34d7bd42ba16e6f46ca021..d8b04829b8e9d932946b84193f49e76160b09126 100644 (file)
--- a/src/rgw/rgw_admin.cc
+++ b/src/rgw/rgw_admin.cc
@@ -318,6 +318,7 @@ void usage()
   cout << "   --infile=<file>           specify a file to read in when setting data\n";
   cout << "   --categories=<list>       comma separated list of categories, used in usage show\n";
   cout << "   --caps=<caps>             list of caps (e.g., \"usage=read, write; user=read\")\n";
+  cout << "   --op-mask=<op-mask>       permission of user's operations (e.g., \"read, write, delete, *\")\n";
   cout << "   --yes-i-really-mean-it    required for certain operations\n";
   cout << "   --warnings-only           when specified with bucket limit check, list\n";
   cout << "                             only buckets nearing or over the current max\n";

diff --git a/src/rgw/rgw_rest_user.cc b/src/rgw/rgw_rest_user.cc
index b6737f25504be6fb7a74c103a891c36359c44d5c..6baf8e2d07f70ec9fdb47d13921b5705d23729aa 100644 (file)
--- a/src/rgw/rgw_rest_user.cc
+++ b/src/rgw/rgw_rest_user.cc
@@ -179,6 +179,7 @@ void RGWOp_User_Modify::execute()
   std::string secret_key;
   std::string key_type_str;
   std::string caps;
+  std::string op_mask_str;
 
   bool gen_key;
   bool suspended;
@@ -203,6 +204,7 @@ void RGWOp_User_Modify::execute()
   RESTArgs::get_string(s, "key-type", key_type_str, &key_type_str);
 
   RESTArgs::get_bool(s, "system", false, &system);
+  RESTArgs::get_string(s, "op-mask", op_mask_str, &op_mask_str);
 
   if (!s->user->system && system) {
     ldout(s->cct, 0) << "cannot set system flag by non-system user" << dendl;
@@ -236,6 +238,16 @@ void RGWOp_User_Modify::execute()
     op_state.set_key_type(key_type);
   }
 
+  if (!op_mask_str.empty()) {
+    uint32_t op_mask;
+    if (rgw_parse_op_type_list(op_mask_str, &op_mask) < 0) {
+        ldout(s->cct, 0) << "failed to parse op_mask" << dendl;
+        http_ret = -EINVAL;
+        return;
+    }   
+    op_state.set_op_mask(op_mask);
+  }
+
   if (s->info.args.exists("suspended"))
     op_state.set_suspension(suspended);
 

diff --git a/src/test/cli/radosgw-admin/help.t b/src/test/cli/radosgw-admin/help.t
index 0a4b3460dce989961fe2339a48d668e200403295..3f3d31333c926b161b2627db44bc222b594142a2 100644 (file)
--- a/src/test/cli/radosgw-admin/help.t
+++ b/src/test/cli/radosgw-admin/help.t
@@ -247,6 +247,7 @@
      --infile=<file>           specify a file to read in when setting data
      --categories=<list>       comma separated list of categories, used in usage show
      --caps=<caps>             list of caps (e.g., "usage=read, write; user=read")
+     --op-mask=<op-mask>       permission of user's operations (e.g., "read, write, delete, *")
      --yes-i-really-mean-it    required for certain operations
      --warnings-only           when specified with bucket limit check, list
                                only buckets nearing or over the current max