f->dump_format("user", "%s%s%s", s.c_str(), sep, subuser);
f->dump_string("access_key", k.id);
f->dump_string("secret_key", k.key);
+ f->dump_bool("active", k.active);
f->close_section();
}
f->close_section();
info.user_id.to_str(s);
f->dump_format("user", "%s%s%s", s.c_str(), sep, subuser);
f->dump_string("secret_key", k.key);
+ f->dump_bool("active", k.active);
f->close_section();
}
f->close_section();
std::string key = op_state.get_secret_key();
int key_type = op_state.get_key_type();
- RGWAccessKey modify_key;
-
- pair<string, RGWAccessKey> key_pair;
- map<std::string, RGWAccessKey>::iterator kiter;
-
switch (key_type) {
case KEY_TYPE_S3:
id = op_state.get_access_key();
return -ERR_INVALID_ACCESS_KEY;
}
- key_pair.first = id;
-
+ RGWAccessKey modify_key;
+ map<std::string, RGWAccessKey>::iterator kiter;
if (key_type == KEY_TYPE_SWIFT) {
modify_key.id = id;
modify_key.subuser = op_state.get_subuser();
key = secret_key_buf;
}
- if (key.empty()) {
- set_err_msg(err_msg, "empty secret key");
- return -ERR_INVALID_SECRET_KEY;
+ if (!key.empty()) {
+ // update the access key with the new secret key
+ modify_key.key = key;
+ }
+ if (op_state.access_key_active) {
+ modify_key.active = *op_state.access_key_active;
}
-
- // update the access key with the new secret key
- modify_key.key = key;
-
- key_pair.second = modify_key;
-
if (key_type == KEY_TYPE_S3) {
(*access_keys)[id] = modify_key;
cout << " --gen-access-key generate random access key (for S3)\n";
cout << " --gen-secret generate random secret key\n";
cout << " --key-type=<type> key type, options are: swift, s3\n";
+ cout << " --key-active=<bool> activate or deactivate a key\n";
cout << " --temp-url-key[-2]=<key> temp url key\n";
cout << " --access=<access> Set access permissions for sub-user, should be one\n";
cout << " of read, write, readwrite, full\n";
int commit = false;
int staging = false;
int key_type = KEY_TYPE_UNDEFINED;
+ int key_active = true;
+ bool key_active_specified = false;
std::unique_ptr<rgw::sal::Bucket> bucket;
uint32_t perm_mask = 0;
RGWUserInfo info;
cerr << "bad key type: " << key_type_str << std::endl;
exit(1);
}
+ } else if (ceph_argparse_binary_flag(args, i, &key_active, NULL, "--key-active", (char*)NULL)) {
+ key_active_specified = true;
} else if (ceph_argparse_witharg(args, i, &val, "--job-id", (char*)NULL)) {
job_id = val;
} else if (ceph_argparse_binary_flag(args, i, &gen_access_key, NULL, "--gen-access-key", (char*)NULL)) {
if (key_type != KEY_TYPE_UNDEFINED)
user_op.set_key_type(key_type);
+ if (key_active_specified) {
+ user_op.access_key_active = key_active;
+ }
+
// set suspension operation parameters
if (opt_cmd == OPT::USER_ENABLE)
user_op.set_suspension(false);
return 0;
}
+static bool s3_key_active(const RGWUserInfo* info, const std::string& id) {
+ if (!info) {
+ return false;
+ }
+ auto i = info->access_keys.find(id);
+ return i != info->access_keys.end() && i->second.active;
+}
+
+static bool swift_key_active(const RGWUserInfo* info, const std::string& id) {
+ if (!info) {
+ return false;
+ }
+ auto i = info->swift_keys.find(id);
+ return i != info->swift_keys.end() && i->second.active;
+}
+
class PutOperation
{
RGWSI_User_RADOS::Svc& svc;
}
}
- for (auto iter = info.swift_keys.begin(); iter != info.swift_keys.end(); ++iter) {
- if (old_info && old_info->swift_keys.count(iter->first) != 0)
+ for (const auto& [id, key] : info.swift_keys) {
+ if (!key.active || swift_key_active(old_info, id))
continue;
- auto& k = iter->second;
/* check if swift mapping exists */
RGWUserInfo inf;
- int r = svc.user->get_user_info_by_swift(ctx, k.id, &inf, nullptr, nullptr, y, dpp);
+ int r = svc.user->get_user_info_by_swift(ctx, id, &inf, nullptr, nullptr, y, dpp);
if (r >= 0 && inf.user_id != info.user_id &&
(!old_info || inf.user_id != old_info->user_id)) {
- ldpp_dout(dpp, 0) << "WARNING: can't store user info, swift id (" << k.id
+ ldpp_dout(dpp, 0) << "WARNING: can't store user info, swift id (" << id
<< ") already mapped to another user (" << info.user_id << ")" << dendl;
return -EEXIST;
}
}
/* check if access keys already exist */
- for (auto iter = info.access_keys.begin(); iter != info.access_keys.end(); ++iter) {
- if (old_info && old_info->access_keys.count(iter->first) != 0)
+ for (const auto& [id, key] : info.access_keys) {
+ if (!key.active) // new key not active
+ continue;
+ if (s3_key_active(old_info, id)) // old key already active
continue;
- auto& k = iter->second;
RGWUserInfo inf;
- int r = svc.user->get_user_info_by_access_key(ctx, k.id, &inf, nullptr, nullptr, y, dpp);
+ int r = svc.user->get_user_info_by_access_key(ctx, id, &inf, nullptr, nullptr, y, dpp);
if (r >= 0 && inf.user_id != info.user_id &&
(!old_info || inf.user_id != old_info->user_id)) {
ldpp_dout(dpp, 0) << "WARNING: can't store user info, access key already mapped to another user" << dendl;
}
const bool renamed = old_info && old_info->user_id != info.user_id;
- for (auto iter = info.access_keys.begin(); iter != info.access_keys.end(); ++iter) {
- auto& k = iter->second;
- if (old_info && old_info->access_keys.count(iter->first) != 0 && !renamed)
+ for (const auto& [id, key] : info.access_keys) {
+ if (!key.active)
+ continue;
+ if (s3_key_active(old_info, id) && !renamed)
continue;
- ret = rgw_put_system_obj(dpp, svc.sysobj, svc.zone->get_zone_params().user_keys_pool, k.id,
+ ret = rgw_put_system_obj(dpp, svc.sysobj, svc.zone->get_zone_params().user_keys_pool, id,
link_bl, exclusive, NULL, real_time(), y);
if (ret < 0)
return ret;
}
- for (auto siter = info.swift_keys.begin(); siter != info.swift_keys.end(); ++siter) {
- auto& k = siter->second;
- if (old_info && old_info->swift_keys.count(siter->first) != 0 && !renamed)
+ for (const auto& [id, key] : info.swift_keys) {
+ if (!key.active)
+ continue;
+ if (swift_key_active(old_info, id) && !renamed)
continue;
- ret = rgw_put_system_obj(dpp, svc.sysobj, svc.zone->get_zone_params().user_swift_pool, k.id,
+ ret = rgw_put_system_obj(dpp, svc.sysobj, svc.zone->get_zone_params().user_swift_pool, id,
link_bl, exclusive, NULL, real_time(), y);
if (ret < 0)
return ret;
}
}
- for ([[maybe_unused]] const auto& [name, access_key] : old_info.access_keys) {
- if (!new_info.access_keys.count(access_key.id)) {
- ret = svc.user->remove_key_index(dpp, access_key, y);
+ for (const auto& [id, key] : old_info.access_keys) {
+ if (key.active && !s3_key_active(&new_info, id)) {
+ ret = svc.user->remove_key_index(dpp, key, y);
if (ret < 0 && ret != -ENOENT) {
- set_err_msg("ERROR: could not remove index for key " + access_key.id);
+ set_err_msg("ERROR: could not remove index for key " + id);
return ret;
}
}
}
- for (auto old_iter = old_info.swift_keys.begin(); old_iter != old_info.swift_keys.end(); ++old_iter) {
- const auto& swift_key = old_iter->second;
- auto new_iter = new_info.swift_keys.find(swift_key.id);
- if (new_iter == new_info.swift_keys.end()) {
- ret = svc.user->remove_swift_name_index(dpp, swift_key.id, y);
+ for (const auto& [id, key] : old_info.swift_keys) {
+ if (key.active && !swift_key_active(&new_info, id)) {
+ ret = svc.user->remove_swift_name_index(dpp, id, y);
if (ret < 0 && ret != -ENOENT) {
- set_err_msg("ERROR: could not remove index for swift_name " + swift_key.id);
+ set_err_msg("ERROR: could not remove index for swift_name " + id);
return ret;
}
}
{
int ret;
- auto kiter = info.access_keys.begin();
- for (; kiter != info.access_keys.end(); ++kiter) {
- ldpp_dout(dpp, 10) << "removing key index: " << kiter->first << dendl;
- ret = remove_key_index(dpp, kiter->second, y);
+ for (const auto& [id, key] : info.access_keys) {
+ if (!key.active) {
+ continue;
+ }
+ ldpp_dout(dpp, 10) << "removing key index: " << id << dendl;
+ ret = remove_key_index(dpp, key, y);
if (ret < 0 && ret != -ENOENT) {
- ldpp_dout(dpp, 0) << "ERROR: could not remove " << kiter->first << " (access key object), should be fixed (err=" << ret << ")" << dendl;
+ ldpp_dout(dpp, 0) << "ERROR: could not remove " << id << " (access key object), should be fixed (err=" << ret << ")" << dendl;
return ret;
}
}
- auto siter = info.swift_keys.begin();
- for (; siter != info.swift_keys.end(); ++siter) {
- auto& k = siter->second;
- ldpp_dout(dpp, 10) << "removing swift subuser index: " << k.id << dendl;
+ for (const auto& [id, key] : info.swift_keys) {
+ if (!key.active) {
+ continue;
+ }
+ ldpp_dout(dpp, 10) << "removing swift subuser index: " << id << dendl;
/* check if swift mapping exists */
- ret = remove_swift_name_index(dpp, k.id, y);
+ ret = remove_swift_name_index(dpp, id, y);
if (ret < 0 && ret != -ENOENT) {
- ldpp_dout(dpp, 0) << "ERROR: could not remove " << k.id << " (swift name object), should be fixed (err=" << ret << ")" << dendl;
+ ldpp_dout(dpp, 0) << "ERROR: could not remove " << id << " (swift name object), should be fixed (err=" << ret << ")" << dendl;
return ret;
}
}
projects / ceph-ci.git / commitdiff