info->user_info.account_id,
RGW_PERM_FULL_CONTROL,
false, /* system_request? */
- TYPE_RGW);
+ info->user_info.type);
map<string, bufferlist> uattrs;
bool gen_key;
bool suspended;
bool system;
+ bool account_root = false;
bool exclusive;
int32_t max_buckets;
RESTArgs::get_bool(s, "suspended", false, &suspended);
RESTArgs::get_int32(s, "max-buckets", default_max_buckets, &max_buckets);
RESTArgs::get_bool(s, "system", false, &system);
+ RESTArgs::get_bool(s, "account-root", false, &account_root);
RESTArgs::get_bool(s, "exclusive", false, &exclusive);
RESTArgs::get_string(s, "op-mask", op_mask_str, &op_mask_str);
RESTArgs::get_string(s, "default-placement", default_placement_str, &default_placement_str);
if (s->info.args.exists("system"))
op_state.set_system(system);
+ if (s->info.args.exists("account-root"))
+ op_state.set_account_root(account_root);
+
if (s->info.args.exists("exclusive"))
op_state.set_exclusive(exclusive);
bool gen_key;
bool suspended;
bool system;
+ bool account_root = false;
bool email_set;
bool quota_set;
int32_t max_buckets;
RESTArgs::get_string(s, "key-type", key_type_str, &key_type_str);
RESTArgs::get_bool(s, "system", false, &system);
+ RESTArgs::get_bool(s, "account-root", false, &account_root);
RESTArgs::get_string(s, "op-mask", op_mask_str, &op_mask_str);
RESTArgs::get_string(s, "default-placement", default_placement_str, &default_placement_str);
RESTArgs::get_string(s, "placement-tags", placement_tags_str, &placement_tags_str);
if (s->info.args.exists("system"))
op_state.set_system(system);
+ if (s->info.args.exists("account-root"))
+ op_state.set_account_root(account_root);
+
if (!op_mask_str.empty()) {
uint32_t op_mask;
int ret = rgw_parse_op_type_list(op_mask_str, &op_mask);
encode_json("user_quota", info.quota.user_quota, f);
encode_json("temp_url_keys", info.temp_url_keys, f);
- string user_source_type;
+ std::string_view user_source_type;
switch ((RGWIdentityType)info.type) {
case TYPE_RGW:
user_source_type = "rgw";
case TYPE_NONE:
user_source_type = "none";
break;
+ case TYPE_ROOT:
+ user_source_type = "root";
+ break;
default:
user_source_type = "none";
break;
// TODO: change account on user's buckets
}
+ if (op_state.account_root) {
+ if (user_info.account_id.empty()) {
+ set_err_msg(err_msg, "account-root user must belong to an account");
+ return -EINVAL;
+ }
+ user_info.type = TYPE_ROOT;
+ }
+
// update the request
op_state.set_user_info(user_info);
op_state.set_populated();
}
}
+ if (op_state.account_root_specified) {
+ if (op_state.account_root && user_info.account_id.empty()) {
+ set_err_msg(err_msg, "account-root user must belong to an account");
+ return -EINVAL;
+ }
+ user_info.type = op_state.account_root ? TYPE_ROOT : TYPE_RGW;
+ }
+
op_state.set_user_info(user_info);
// if we're supposed to modify keys, do so
__u8 suspended{0};
__u8 admin{0};
__u8 system{0};
+ __u8 account_root{0};
__u8 exclusive{0};
__u8 fetch_stats{0};
__u8 sync_stats{0};
bool suspension_op{false};
bool admin_specified{false};
bool system_specified{false};
+ bool account_root_specified{false};
bool key_op{false};
bool temp_url_key_specified{false};
bool found_by_uid{false};
system_specified = true;
}
+ void set_account_root(__u8 is_account_root) {
+ account_root = is_account_root;
+ account_root_specified = true;
+ }
+
void set_exclusive(__u8 is_exclusive) {
exclusive = is_exclusive;
}
bool admin_specified = false;
int system = false;
bool system_specified = false;
+ int account_root = false;
+ bool account_root_specified = false;
int shard_id = -1;
bool specified_shard_id = false;
string client_id;
admin_specified = true;
} else if (ceph_argparse_binary_flag(args, i, &system, NULL, "--system", (char*)NULL)) {
system_specified = true;
+ } else if (ceph_argparse_binary_flag(args, i, &account_root, NULL, "--account-root", (char*)NULL)) {
+ account_root_specified = true;
} else if (ceph_argparse_binary_flag(args, i, &verbose, NULL, "--verbose", (char*)NULL)) {
// do nothing
} else if (ceph_argparse_binary_flag(args, i, &staging, NULL, "--staging", (char*)NULL)) {
if (system_specified)
user_op.set_system(system);
+ if (account_root_specified)
+ user_op.set_account_root(account_root);
+
if (set_perm)
user_op.set_perm(perm_mask);
}
void to_str(std::ostream& out) const override;
void load_acct_info(const DoutPrefixProvider* dpp, RGWUserInfo& user_info) const override; /* out */
- uint32_t get_identity_type() const override { return TYPE_RGW; }
+ uint32_t get_identity_type() const override { return user_info.type; }
std::string get_acct_name() const override { return {}; }
std::string get_subuser() const override { return subuser; }
const std::string& get_tenant() const override {
case TYPE_NONE:
user_source_type = "none";
break;
+ case TYPE_ROOT:
+ user_source_type = "root";
+ break;
default:
user_source_type = "none";
break;
type = TYPE_KEYSTONE;
} else if (user_source_type == "ldap") {
type = TYPE_LDAP;
+ } else if (user_source_type == "root") {
+ type = TYPE_ROOT;
} else if (user_source_type == "none") {
type = TYPE_NONE;
}
TYPE_LDAP=3,
TYPE_ROLE=4,
TYPE_WEB=5,
+ TYPE_ROOT=6, // account root user
};
void encode_json(const char *name, const rgw_placement_rule& val, ceph::Formatter *f);
int32_t max_buckets;
uint32_t op_mask;
RGWUserCaps caps;
- __u8 admin;
- __u8 system;
+ __u8 admin = 0;
+ __u8 system = 0;
rgw_placement_rule default_placement;
std::list<std::string> placement_tags;
std::map<int, std::string> temp_url_keys;
: suspended(0),
max_buckets(RGW_DEFAULT_MAX_BUCKETS),
op_mask(RGW_OP_TYPE_ALL),
- admin(0),
- system(0),
type(TYPE_NONE) {
}
case TYPE_ROLE:
formatter->dump_string("authentication_type","STS");
break;
+ case TYPE_ROOT:
+ formatter->dump_string("authentication_type", "Local Account Root");
+ break;
default:
break;
}
t_attrs.principal_tags = std::move(token.principal_tags);
auto apl = role_apl_factory->create_apl_role(cct, s, r, t_attrs);
return result_t::grant(std::move(apl), completer_factory(token.secret_access_key));
- } else { // This is for all local users of type TYPE_RGW or TYPE_NONE
+ } else { // This is for all local users of type TYPE_RGW|ROOT|NONE
string subuser;
auto apl = local_apl_factory->create_apl_local(cct, s, user->get_info(), subuser, token.perm_mask, std::string(_access_key_id));
return result_t::grant(std::move(apl), completer_factory(token.secret_access_key));
projects / ceph.git / commitdiff