+----------------------------------------------------+----------+--------------------------------------------------------------+----------+-----------+----------+
| ``Request.Bucket.PlacementRule.StorageClass`` | string | bucket placement rule storage class | no | no | no |
+----------------------------------------------------+----------+--------------------------------------------------------------+----------+-----------+----------+
-| ``Request.Bucket.User`` | table | bucket owner | no | no | yes |
-+----------------------------------------------------+----------+--------------------------------------------------------------+----------+-----------+----------+
-| ``Request.Bucket.User.Tenant`` | string | bucket owner tenant | no | no | no |
-+----------------------------------------------------+----------+--------------------------------------------------------------+----------+-----------+----------+
-| ``Request.Bucket.User.Id`` | string | bucket owner id | no | no | no |
+| ``Request.Bucket.User`` | string | owning user/account id | no | no | yes |
+----------------------------------------------------+----------+--------------------------------------------------------------+----------+-----------+----------+
| ``Request.Object`` | table | info on the object | no | no | yes |
+----------------------------------------------------+----------+--------------------------------------------------------------+----------+-----------+----------+
+----------------------------------------------------+----------+--------------------------------------------------------------+----------+-----------+----------+
| ``Request.ObjectOwner.DisplayName`` | string | object owner display name | no | no | no |
+----------------------------------------------------+----------+--------------------------------------------------------------+----------+-----------+----------+
-| ``Request.ObjectOwner.User`` | table | object user. See: ``Request.Bucket.User`` | no | no | no |
+| ``Request.ObjectOwner.User`` | string | owning user/account id. See: ``Request.Bucket.User`` | no | no | yes |
+----------------------------------------------------+----------+--------------------------------------------------------------+----------+-----------+----------+
| ``Request.ZoneGroup.Name`` | string | name of zone group | no | no | no |
+----------------------------------------------------+----------+--------------------------------------------------------------+----------+-----------+----------+
+----------------------------------------------------+----------+--------------------------------------------------------------+----------+-----------+----------+
| ``Request.UserAcl.Grants["<name>"].Type`` | integer | user ACL grant type | no | no | no |
+----------------------------------------------------+----------+--------------------------------------------------------------+----------+-----------+----------+
-| ``Request.UserAcl.Grants["<name>"].User`` | table | user ACL grant user | no | no | yes |
-+----------------------------------------------------+----------+--------------------------------------------------------------+----------+-----------+----------+
-| ``Request.UserAcl.Grants["<name>"].User.Tenant`` | table | user ACL grant user tenant | no | no | no |
-+----------------------------------------------------+----------+--------------------------------------------------------------+----------+-----------+----------+
-| ``Request.UserAcl.Grants["<name>"].User.Id`` | table | user ACL grant user id | no | no | no |
+| ``Request.UserAcl.Grants["<name>"].User`` | string | user ACL grant user/account id | no | no | no |
+----------------------------------------------------+----------+--------------------------------------------------------------+----------+-----------+----------+
| ``Request.UserAcl.Grants["<name>"].GroupType`` | integer | user ACL grant group type | no | no | yes |
+----------------------------------------------------+----------+--------------------------------------------------------------+----------+-----------+----------+
#include <iostream>
#include <map>
+#include "include/function2.hpp"
#include "include/types.h"
#include "common/Formatter.h"
ACLPermission perm = grant.get_permission();
if (const auto* user = grant.get_user(); user) {
- acl_user_map[user->id.to_str()] |= perm.get_permissions();
+ acl_user_map[to_string(user->id)] |= perm.get_permissions();
} else if (const auto* email = grant.get_email(); email) {
acl_user_map[email->address] |= perm.get_permissions();
} else if (const auto* group = grant.get_group(); group) {
{
std::string id;
if (const auto* user = grant.get_user(); user) {
- id = user->id.to_str();
+ id = to_string(user->id);
} else if (const auto* email = grant.get_email(); email) {
id = email->address;
} // other types share the empty key in the grant multimap
register_grant(grant);
}
-void RGWAccessControlList::remove_canon_user_grant(const rgw_user& user_id)
+void RGWAccessControlList::remove_canon_user_grant(const rgw_owner& owner)
{
- const std::string& key = user_id.to_str();
- grant_map.erase(key);
- acl_user_map.erase(key);
+ const std::string& id = to_string(owner);
+ grant_map.erase(id);
+ acl_user_map.erase(id);
}
uint32_t RGWAccessControlList::get_perm(const DoutPrefixProvider* dpp,
}
+bool ACLOwner::empty() const
+{
+ return std::visit(fu2::overload(
+ [] (const rgw_user& uid) { return uid.empty(); },
+ [] (const rgw_account_id& aid) { return aid.empty(); }
+ ), id);
+}
+
void ACLPermission::generate_test_instances(list<ACLPermission*>& o)
{
ACLPermission *p = new ACLPermission;
RGWAccessControlList *l = *iter;
p->acl = *l;
- p->owner.id.id = "rgw";
+ p->owner.id = rgw_user{"rgw"};
p->owner.display_name = "radosgw";
o.push_back(p);
void ACLOwner::dump(Formatter *f) const
{
- encode_json("id", id.to_str(), f);
+ encode_json("id", to_string(id), f);
encode_json("display_name", display_name, f);
}
void ACLOwner::decode_json(JSONObj *obj) {
string id_str;
JSONDecoder::decode_json("id", id_str, obj);
- id.from_str(id_str);
+ id = parse_owner(id_str);
JSONDecoder::decode_json("display_name", display_name, obj);
}
// acl grantee types
struct ACLGranteeCanonicalUser {
- rgw_user id;
+ rgw_owner id;
std::string name;
friend auto operator<=>(const ACLGranteeCanonicalUser&,
encode(type, bl);
if (const ACLGranteeCanonicalUser* user = get_user(); user) {
- encode(user->id.to_str(), bl);
+ encode(to_string(user->id), bl);
} else {
encode(std::string{}, bl); // encode empty id
}
ACLGranteeCanonicalUser user;
std::string s;
decode(s, bl);
- user.id.from_str(s);
+ user.id = parse_owner(s);
std::string uri;
decode(uri, bl);
static ACLGroupTypeEnum uri_to_group(std::string_view uri);
- void set_canon(const rgw_user& id, const std::string& name, uint32_t perm) {
+ void set_canon(const rgw_owner& id, const std::string& name, uint32_t perm) {
grantee = ACLGranteeCanonicalUser{id, name};
permission.set_permissions(perm);
}
void dump(Formatter *f) const;
static void generate_test_instances(std::list<RGWAccessControlList*>& o);
+ bool empty() const { return grant_map.empty(); }
+
void add_grant(const ACLGrant& grant);
- void remove_canon_user_grant(const rgw_user& user_id);
+ void remove_canon_user_grant(const rgw_owner& user_id);
ACLGrantMap& get_grant_map() { return grant_map; }
const ACLGrantMap& get_grant_map() const { return grant_map; }
- void create_default(const rgw_user& id, const std::string& name) {
+ void create_default(const rgw_owner& id, const std::string& name) {
acl_user_map.clear();
acl_group_map.clear();
referer_list.clear();
WRITE_CLASS_ENCODER(RGWAccessControlList)
struct ACLOwner {
- rgw_user id;
+ rgw_owner id;
std::string display_name;
void encode(bufferlist& bl) const {
ENCODE_START(3, 2, bl);
- std::string s;
- id.to_str(s);
+ const std::string s = to_string(id);
encode(s, bl);
encode(display_name, bl);
ENCODE_FINISH(bl);
DECODE_START_LEGACY_COMPAT_LEN(3, 2, 2, bl);
std::string s;
decode(s, bl);
- id.from_str(s);
+ id = parse_owner(s);
decode(display_name, bl);
DECODE_FINISH(bl);
}
void decode_json(JSONObj *obj);
static void generate_test_instances(std::list<ACLOwner*>& o);
+ bool empty() const;
+
auto operator<=>(const ACLOwner&) const = default;
};
WRITE_CLASS_ENCODER(ACLOwner)
DECODE_FINISH(bl);
}
+ bool empty() const { return acl.empty() && owner.empty(); }
+
void set_owner(const ACLOwner& o) { owner = o; }
const ACLOwner& get_owner() const { return owner; }
ACLOwner& get_owner() { return owner; }
- void create_default(const rgw_user& id, const std::string& name) {
+ void create_default(const rgw_owner& id, const std::string& name) {
acl.create_default(id, name);
owner.id = id;
owner.display_name = name;
void to_xml(const ACLOwner& o, std::ostream& out)
{
- string s;
- o.id.to_str(s);
+ const std::string s = to_string(o.id);
if (s.empty())
return;
out << "<Owner>" << "<ID>" << s << "</ID>";
static int create_canned(const ACLOwner& owner, const ACLOwner& bucket_owner,
const string& canned_acl, RGWAccessControlList& acl)
{
- const rgw_user& bid = bucket_owner.id;
+ const rgw_owner& bid = bucket_owner.id;
const std::string& bname = bucket_owner.display_name;
/* owner gets full control */
}
ACLOwner& owner = policy.get_owner();
- owner.id = xml_owner->id;
+ owner.id = parse_owner(xml_owner->id);
if (!xml_owner->display_name.empty()) {
owner.display_name = xml_owner->display_name;
} else {
const std::string& canned_acl,
RGWAccessControlPolicy& policy)
{
- if (owner.id == rgw_user("anonymous")) {
+ if (owner.id == parse_owner("anonymous")) {
policy.set_owner(bucket_owner);
} else {
policy.set_owner(owner);
std::string id;
std::string url_spec;
if (const auto user = grant.get_user(); user) {
- id = user->id.to_str();
+ id = to_string(user->id);
} else if (const auto group = grant.get_group(); group) {
if (group->type == ACL_GROUP_ALL_USERS) {
id = SWIFT_GROUP_ALL_USERS;
if (owner.id == user->id) {
continue;
}
- id = user->id.to_str();
+ id = to_string(user->id);
} else if (const auto group = grant.get_group(); group) {
if (group->type != ACL_GROUP_ALL_USERS) {
continue;
return false;
/* S3 doesn't support account ACLs, so user_acl will be uninitialized. */
- if (user_acl.get_owner().id.empty())
+ if (user_acl.get_owner().empty())
return true;
return user_acl.verify_permission(dpp, *s->identity, perm, perm);
if (!usage_logger)
return;
- rgw_user user;
- rgw_user payer;
+ std::string user;
+ std::string payer;
string bucket_name;
bucket_name = s->bucket_name;
if (!bucket_name.empty()) {
bucket_name = s->bucket_name;
- user = s->bucket_owner.id;
+ user = to_string(s->bucket_owner.id);
if (!rgw::sal::Bucket::empty(s->bucket.get()) &&
s->bucket->get_info().requester_pays) {
- payer = s->user->get_id();
+ payer = s->user->get_id().to_str();
}
} else {
- user = s->user->get_id();
+ user = to_string(s->owner.id);
}
bool error = s->err.is_err();
bucket_name = "-"; /* bucket not found, use the invalid '-' as bucket name */
}
- string u = user.to_str();
- string p = payer.to_str();
- rgw_usage_log_entry entry(u, p, bucket_name);
+ rgw_usage_log_entry entry(user, payer, bucket_name);
uint64_t bytes_sent = ACCOUNTING_IO(s)->get_bytes_sent();
uint64_t bytes_received = ACCOUNTING_IO(s)->get_bytes_received();
t.localtime(formatter->dump_stream("time_local"));
}
formatter->dump_string("remote_addr", entry.remote_addr);
- string obj_owner = entry.object_owner.to_str();
+ string obj_owner = to_string(entry.object_owner);
if (obj_owner.length())
formatter->dump_string("object_owner", obj_owner);
formatter->dump_string("user", entry.user);
void rgw_log_entry::generate_test_instances(list<rgw_log_entry*>& o)
{
rgw_log_entry *e = new rgw_log_entry;
- e->object_owner = "object_owner";
- e->bucket_owner = "bucket_owner";
+ e->object_owner = parse_owner("object_owner");
+ e->bucket_owner = parse_owner("bucket_owner");
e->bucket = "bucket";
e->remote_addr = "1.2.3.4";
e->user = "user";
void rgw_log_entry::dump(Formatter *f) const
{
- f->dump_string("object_owner", object_owner.to_str());
- f->dump_string("bucket_owner", bucket_owner.to_str());
+ f->dump_string("object_owner", to_string(object_owner));
+ f->dump_string("bucket_owner", to_string(bucket_owner));
f->dump_string("bucket", bucket);
f->dump_stream("time") << time;
f->dump_string("remote_addr", remote_addr);
#include <boost/container/flat_map.hpp>
#include "rgw_common.h"
#include "common/OutputDataSocket.h"
+#include "common/versioned_variant.h"
#include <vector>
#include <fstream>
#include "rgw_sal_fwd.h"
using headers_map = boost::container::flat_map<std::string, std::string>;
using Clock = req_state::Clock;
- rgw_user object_owner;
- rgw_user bucket_owner;
+ rgw_owner object_owner;
+ rgw_owner bucket_owner;
std::string bucket;
Clock::time_point time;
std::string remote_addr;
void encode(bufferlist &bl) const {
ENCODE_START(14, 5, bl);
- encode(object_owner.id, bl);
- encode(bucket_owner.id, bl);
+ // old object/bucket owner ids, encoded in full in v8
+ std::string empty_owner_id;
+ encode(empty_owner_id, bl);
+ encode(empty_owner_id, bl);
+
encode(bucket, bl);
encode(time, bl);
encode(remote_addr, bl);
encode(bytes_received, bl);
encode(bucket_id, bl);
encode(obj, bl);
- encode(object_owner, bl);
- encode(bucket_owner, bl);
+ // transparently converted from rgw_user to rgw_owner
+ ceph::converted_variant::encode(object_owner, bl);
+ ceph::converted_variant::encode(bucket_owner, bl);
encode(x_headers, bl);
encode(trans_id, bl);
encode(token_claims, bl);
}
void decode(bufferlist::const_iterator &p) {
DECODE_START_LEGACY_COMPAT_LEN(14, 5, 5, p);
- decode(object_owner.id, p);
+ std::string object_owner_id;
+ std::string bucket_owner_id;
+ decode(object_owner_id, p);
if (struct_v > 3)
- decode(bucket_owner.id, p);
+ decode(bucket_owner_id, p);
decode(bucket, p);
decode(time, p);
decode(remote_addr, p);
decode(obj, p);
}
if (struct_v >= 8) {
- decode(object_owner, p);
- decode(bucket_owner, p);
+ // transparently converted from rgw_user to rgw_owner
+ ceph::converted_variant::decode(object_owner, p);
+ ceph::converted_variant::decode(bucket_owner, p);
+ } else {
+ object_owner = parse_owner(object_owner_id);
+ bucket_owner = parse_owner(bucket_owner_id);
}
if (struct_v >= 9) {
decode(x_headers, p);
if (strcasecmp(index, "DisplayName") == 0) {
pushstring(L, owner->display_name);
} else if (strcasecmp(index, "User") == 0) {
- create_metatable<UserMetaTable>(L, name, index, false, &owner->id);
+ pushstring(L, to_string(owner->id));
} else {
return error_unknown_field(L, index, name);
}
lua_pushinteger(L, grant->get_type().get_type());
} else if (strcasecmp(index, "User") == 0) {
if (const auto user = grant->get_user(); user) {
- create_metatable<UserMetaTable>(L, name, index, false,
- const_cast<rgw_user*>(&user->id));
+ pushstring(L, to_string(user->id));
} else {
lua_pushnil(L);
}
if (ret < 0) {
return ret;
}
- const rgw_user& bucket_owner = bucket_policy.get_owner().id;
- if (bucket_owner != s->user->get_id() &&
- ! s->auth.identity->is_admin_of(bucket_owner)) {
+ const rgw_owner& bucket_owner = bucket_policy.get_owner().id;
+ if (bucket_owner != s->owner.id &&
+ !s->auth.identity->is_admin_of(bucket_owner)) {
auto r = eval_identity_or_session_policies(dpp, s->iam_user_policies, s->env,
rgw::IAM::s3ListBucket, ARN(bucket->get_key()));
if (r == Effect::Allow)
s->formatter->dump_string(name, buf);
}
-void dump_owner(req_state *s, const rgw_user& id, const string& name,
+void dump_owner(req_state *s, const std::string& id, const string& name,
const char *section)
{
if (!section)
section = "Owner";
s->formatter->open_object_section(section);
- s->formatter->dump_string("ID", id.to_str());
+ s->formatter->dump_string("ID", id);
s->formatter->dump_string("DisplayName", name);
s->formatter->close_section();
}
+void dump_owner(req_state *s, const rgw_owner& owner, const string& name,
+ const char *section)
+{
+ std::string id = to_string(owner);
+ dump_owner(s, id, name, section);
+}
+
void dump_access_control(req_state *s, const char *origin,
const char *meth,
const char *hdr, const char *exp_hdr,
bool force_no_error = false);
extern void dump_start(req_state *s);
extern void list_all_buckets_start(req_state *s);
-extern void dump_owner(req_state *s, const rgw_user& id,
+extern void dump_owner(req_state *s, const std::string& id,
+ const std::string& name, const char *section = NULL);
+extern void dump_owner(req_state *s, const rgw_owner& id,
const std::string& name, const char *section = NULL);
inline void dump_urlsafe(req_state *s, bool encode_key, const char* key, const std::string& val, bool encode_slash = true) {
if (encode_key) {
s.append(", ");
if (const auto user = grant.get_user(); user) {
- s.append("id=\"" + user->id.to_str() + "\"");
+ s.append("id=\"" + to_string(user->id) + "\"");
} else if (const auto email = grant.get_email(); email) {
s.append("emailAddress=\"" + email->address + "\"");
} else if (const auto group = grant.get_group(); group) {
}
void RGWOp_Metadata_Get_Myself::execute(optional_yield y) {
- const std::string owner_id = s->owner.id.to_str();
- s->info.args.append("key", owner_id);
+ s->info.args.append("key", to_string(s->owner.id));
return RGWOp_Metadata_Get::execute(y);
}
auto& storage_class = rgw_placement_rule::get_canonical_storage_class(iter->meta.storage_class);
s->formatter->dump_string("StorageClass", storage_class.c_str());
}
- dump_owner(s, rgw_user(iter->meta.owner), iter->meta.owner_display_name);
+ dump_owner(s, iter->meta.owner, iter->meta.owner_display_name);
if (iter->meta.appendable) {
s->formatter->dump_string("Type", "Appendable");
} else {
s->formatter->dump_int("Size", iter->meta.accounted_size);
auto& storage_class = rgw_placement_rule::get_canonical_storage_class(iter->meta.storage_class);
s->formatter->dump_string("StorageClass", storage_class.c_str());
- dump_owner(s, rgw_user(iter->meta.owner), iter->meta.owner_display_name);
+ dump_owner(s, iter->meta.owner, iter->meta.owner_display_name);
if (s->system_request) {
s->formatter->dump_string("RgwxTag", iter->tag);
}
s->formatter->dump_string("StorageClass", storage_class.c_str());
}
if (fetchOwner == true) {
- dump_owner(s, rgw_user(iter->meta.owner), iter->meta.owner_display_name);
+ dump_owner(s, iter->meta.owner, iter->meta.owner_display_name);
}
s->formatter->close_section();
}
auto& storage_class = rgw_placement_rule::get_canonical_storage_class(iter->meta.storage_class);
s->formatter->dump_string("StorageClass", storage_class.c_str());
if (fetchOwner == true) {
- dump_owner(s, rgw_user(iter->meta.owner), iter->meta.owner_display_name);
+ dump_owner(s, iter->meta.owner, iter->meta.owner_display_name);
}
if (s->system_request) {
s->formatter->dump_string("RgwxTag", iter->tag);
projects / ceph-ci.git / commitdiff