{"AttachUserPolicy", make_iam_attach_user_policy_op},
{"DetachUserPolicy", make_iam_detach_user_policy_op},
{"ListAttachedUserPolicies", make_iam_list_attached_user_policies_op},
- {"CreateOpenIDConnectProvider", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWCreateOIDCProvider;}},
- {"ListOpenIDConnectProviders", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWListOIDCProviders;}},
- {"GetOpenIDConnectProvider", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWGetOIDCProvider;}},
- {"DeleteOpenIDConnectProvider", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWDeleteOIDCProvider;}},
- {"AddClientIDToOpenIDConnectProvider", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWAddClientIdToOIDCProvider;}},
- {"RemoveClientIDFromOpenIDConnectProvider", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWRemoveCientIdFromOIDCProvider;}},
- {"UpdateOpenIDConnectProviderThumbprint", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWUpdateOIDCProviderThumbprint;}},
- {"TagRole", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWTagRole(bl_post_body);}},
- {"ListRoleTags", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWListRoleTags;}},
+ {"CreateOpenIDConnectProvider",
+ [](const bufferlist& bl_post_body) -> RGWOp* {
+ return new RGWCreateOIDCProvider(bl_post_body);
+ }},
+ {"ListOpenIDConnectProviders",
+ [](const bufferlist& bl_post_body) -> RGWOp* {
+ return new RGWListOIDCProviders;
+ }},
+ {"GetOpenIDConnectProvider", [](const bufferlist& bl_post_body) -> RGWOp* {
+ return new RGWGetOIDCProvider;
+ }},
+ {"DeleteOpenIDConnectProvider",
+ [](const bufferlist& bl_post_body) -> RGWOp* {
+ return new RGWDeleteOIDCProvider(bl_post_body);
+ }},
+ {"AddClientIDToOpenIDConnectProvider",
+ [](const bufferlist& bl_post_body) -> RGWOp* {
+ return new RGWAddClientIdToOIDCProvider(bl_post_body);
+ }},
+ {"RemoveClientIDFromOpenIDConnectProvider",
+ [](const bufferlist& bl_post_body) -> RGWOp* {
+ return new RGWRemoveClientIdFromOIDCProvider(bl_post_body);
+ }},
+ {"UpdateOpenIDConnectProviderThumbprint",
+ [](const bufferlist& bl_post_body) -> RGWOp* {
+ return new RGWUpdateOIDCProviderThumbprint(bl_post_body);
+ }},
+ {"TagRole",
+ [](const bufferlist& bl_post_body) -> RGWOp* {
+ return new RGWTagRole(bl_post_body);
+ }},
+ {"ListRoleTags", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWListRoleTags;}},
{"UntagRole", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWUntagRole(bl_post_body);}},
{"UpdateRole", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWUpdateRole(bl_post_body);}},
{"CreateUser", make_iam_create_user_op},
#include "rgw_rest_iam.h"
#include "rgw_rest_oidc_provider.h"
#include "rgw_oidc_provider.h"
+#include "rgw_process_env.h"
#include "rgw_sal.h"
#define dout_subsys ceph_subsys_rgw
using namespace std;
+static int
+forward_oidc_iam_request(
+ RGWRESTOp* op,
+ req_state* s,
+ bufferlist& bl_post_body,
+ optional_yield y)
+{
+ const rgw::SiteConfig& site = *s->penv.site;
+ RGWXMLDecoder::XMLParser parser;
+ if (!parser.init()) {
+ ldpp_dout(op, 0) << "ERROR: failed to initialize xml parser" << dendl;
+ return -EINVAL;
+ }
+ return forward_iam_request_to_master(
+ op, site, s->user->get_info(), bl_post_body, parser, s->info, s->err, y);
+}
+
int RGWRestOIDCProvider::verify_permission(optional_yield y)
{
if (verify_user_permission(this, s, resource, action)) {
}
-RGWCreateOIDCProvider::RGWCreateOIDCProvider()
- : RGWRestOIDCProvider(rgw::IAM::iamCreateOIDCProvider, RGW_CAP_WRITE)
-{
-}
inline constexpr int MAX_OIDC_NUM_CLIENT_IDS = 100;
inline constexpr int MAX_OIDC_CLIENT_ID_LEN = 255;
void RGWCreateOIDCProvider::execute(optional_yield y)
{
+ const rgw::SiteConfig& site = *s->penv.site;
+ if (!site.is_meta_master()) {
+ op_ret = forward_oidc_iam_request(this, s, bl_post_body, y);
+ if (op_ret < 0) {
+ ldpp_dout(this, -1)
+ << "ERROR: forward_iam_request_to_master failed with error code: "
+ << op_ret << dendl;
+ return;
+ }
+ }
+
constexpr bool exclusive = true;
op_ret = driver->store_oidc_provider(this, y, info, exclusive);
if (op_ret == 0) {
}
-RGWDeleteOIDCProvider::RGWDeleteOIDCProvider()
- : RGWRestOIDCProvider(rgw::IAM::iamDeleteOIDCProvider, RGW_CAP_WRITE)
-{
-}
-
int RGWDeleteOIDCProvider::init_processing(optional_yield y)
{
std::string_view account;
void RGWDeleteOIDCProvider::execute(optional_yield y)
{
+ const rgw::SiteConfig& site = *s->penv.site;
+ if (!site.is_meta_master()) {
+ op_ret = forward_oidc_iam_request(this, s, bl_post_body, y);
+ if (op_ret < 0) {
+ ldpp_dout(this, -1)
+ << "ERROR: forward_iam_request_to_master failed with error code: "
+ << op_ret << dendl;
+ return;
+ }
+ }
op_ret = driver->delete_oidc_provider(this, y, resource.account, url);
if (op_ret < 0 && op_ret != -ENOENT && op_ret != -EINVAL) {
}
}
-RGWGetOIDCProvider::RGWGetOIDCProvider()
- : RGWRestOIDCProvider(rgw::IAM::iamGetOIDCProvider, RGW_CAP_READ)
-{
-}
int RGWGetOIDCProvider::init_processing(optional_yield y)
{
}
-RGWListOIDCProviders::RGWListOIDCProviders()
- : RGWRestOIDCProvider(rgw::IAM::iamListOIDCProviders, RGW_CAP_READ)
-{
-}
void RGWListOIDCProviders::execute(optional_yield y)
{
}
}
-RGWAddClientIdToOIDCProvider::RGWAddClientIdToOIDCProvider()
- : RGWRestOIDCProvider(rgw::IAM::iamAddClientIdToOIDCProvider, RGW_CAP_WRITE)
-{
-}
-
int RGWAddClientIdToOIDCProvider::init_processing(optional_yield y)
{
std::string_view account;
}
return;
}
+ const rgw::SiteConfig& site = *s->penv.site;
+ if (!site.is_meta_master()) {
+ op_ret = forward_oidc_iam_request(this, s, bl_post_body, y);
+ if (op_ret < 0) {
+ ldpp_dout(this, -1)
+ << "ERROR: forward_iam_request_to_master failed with error code: "
+ << op_ret << dendl;
+ return;
+ }
+ }
if(std::find(info.client_ids.begin(), info.client_ids.end(), client_id) != info.client_ids.end()) {
op_ret = -EEXIST;
}
}
-RGWRemoveCientIdFromOIDCProvider::RGWRemoveCientIdFromOIDCProvider()
- : RGWRestOIDCProvider(rgw::IAM::iamRemoveClientIdFromOIDCProvider, RGW_CAP_WRITE)
-{
-}
-
-int RGWRemoveCientIdFromOIDCProvider::init_processing(optional_yield y)
+int
+RGWRemoveClientIdFromOIDCProvider::init_processing(optional_yield y)
{
std::string_view account;
if (const auto& acc = s->auth.identity->get_account(); acc) {
return 0;
}
-void RGWRemoveCientIdFromOIDCProvider::execute(optional_yield y)
+void
+RGWRemoveClientIdFromOIDCProvider::execute(optional_yield y)
{
RGWOIDCProviderInfo info;
op_ret = driver->load_oidc_provider(this, y, resource.account, url, info);
}
return;
}
+ const rgw::SiteConfig& site = *s->penv.site;
+ if (!site.is_meta_master()) {
+ op_ret = forward_oidc_iam_request(this, s, bl_post_body, y);
+ if (op_ret < 0) {
+ ldpp_dout(this, -1)
+ << "ERROR: forward_iam_request_to_master failed with error code: "
+ << op_ret << dendl;
+ return;
+ }
+ }
auto position = std::find(info.client_ids.begin(), info.client_ids.end(), client_id);
}
}
-RGWUpdateOIDCProviderThumbprint::RGWUpdateOIDCProviderThumbprint()
- : RGWRestOIDCProvider(rgw::IAM::iamUpdateOIDCProviderThumbprint, RGW_CAP_WRITE)
-{
-}
-
int RGWUpdateOIDCProviderThumbprint::init_processing(optional_yield y)
{
std::string_view account;
}
return;
}
+ const rgw::SiteConfig& site = *s->penv.site;
+ if (!site.is_meta_master()) {
+ op_ret = forward_oidc_iam_request(this, s, bl_post_body, y);
+ if (op_ret < 0) {
+ ldpp_dout(this, -1)
+ << "ERROR: forward_iam_request_to_master failed with error code: "
+ << op_ret << dendl;
+ return;
+ }
+ }
info.thumbprints = std::move(thumbprints);
#pragma once
+#include "rgw_arn.h"
#include "rgw_rest.h"
#include "rgw_oidc_provider.h"
};
class RGWCreateOIDCProvider : public RGWRestOIDCProvider {
+ bufferlist bl_post_body;
RGWOIDCProviderInfo info;
public:
- RGWCreateOIDCProvider();
+ explicit
+ RGWCreateOIDCProvider(const bufferlist& bl_post_body)
+ : RGWRestOIDCProvider(rgw::IAM::iamCreateOIDCProvider, RGW_CAP_WRITE),
+ bl_post_body(bl_post_body)
+ {
+ }
int init_processing(optional_yield y) override;
void execute(optional_yield y) override;
};
class RGWDeleteOIDCProvider : public RGWRestOIDCProvider {
+ bufferlist bl_post_body;
std::string url;
public:
- RGWDeleteOIDCProvider();
+ explicit
+ RGWDeleteOIDCProvider(const bufferlist& bl_post_body)
+ : RGWRestOIDCProvider(rgw::IAM::iamDeleteOIDCProvider, RGW_CAP_WRITE),
+ bl_post_body(bl_post_body)
+ {
+ }
int init_processing(optional_yield y) override;
void execute(optional_yield y) override;
class RGWGetOIDCProvider : public RGWRestOIDCProvider {
std::string url;
- public:
- RGWGetOIDCProvider();
+
+public:
+ RGWGetOIDCProvider()
+ : RGWRestOIDCProvider(rgw::IAM::iamGetOIDCProvider, RGW_CAP_READ)
+ {
+ }
int init_processing(optional_yield y) override;
void execute(optional_yield y) override;
};
class RGWListOIDCProviders : public RGWRestOIDCProvider {
- public:
- RGWListOIDCProviders();
+public:
+ RGWListOIDCProviders()
+ : RGWRestOIDCProvider(rgw::IAM::iamListOIDCProviders, RGW_CAP_READ) {}
void execute(optional_yield y) override;
const char* name() const override { return "list_oidc_providers"; }
};
class RGWAddClientIdToOIDCProvider : public RGWRestOIDCProvider {
+ bufferlist bl_post_body;
std::string url;
std::string client_id;
+
public:
- RGWAddClientIdToOIDCProvider();
+ explicit
+ RGWAddClientIdToOIDCProvider(const bufferlist& bl_post_body)
+ : RGWRestOIDCProvider(
+ rgw::IAM::iamAddClientIdToOIDCProvider, RGW_CAP_WRITE),
+ bl_post_body(bl_post_body)
+ {
+ }
- int init_processing(optional_yield y);
+ int init_processing(optional_yield y) override;
void execute(optional_yield y) override;
const char* name() const override { return "add_client_id_to_oidc_provider"; }
RGWOpType get_type() override { return RGW_OP_ADD_CLIENTID_TO_OIDC_PROVIDER; }
};
-class RGWRemoveCientIdFromOIDCProvider : public RGWRestOIDCProvider {
+class RGWRemoveClientIdFromOIDCProvider : public RGWRestOIDCProvider {
+ bufferlist bl_post_body;
std::string url;
std::string client_id;
+
public:
- RGWRemoveCientIdFromOIDCProvider();
+ explicit
+ RGWRemoveClientIdFromOIDCProvider(const bufferlist& bl_post_body)
+ : RGWRestOIDCProvider(
+ rgw::IAM::iamRemoveClientIdFromOIDCProvider, RGW_CAP_WRITE),
+ bl_post_body(bl_post_body)
+ {
+ }
- int init_processing(optional_yield y);
+ int init_processing(optional_yield y) override;
void execute(optional_yield y) override;
const char* name() const override { return "remove_client_id_from_oidc_provider"; }
RGWOpType get_type() override { return RGW_OP_REMOVE_CLIENTID_FROM_OIDC_PROVIDER; }
};
class RGWUpdateOIDCProviderThumbprint : public RGWRestOIDCProvider {
+ bufferlist bl_post_body;
std::string url;
std::vector<std::string> thumbprints;
+
public:
- RGWUpdateOIDCProviderThumbprint();
+ explicit
+ RGWUpdateOIDCProviderThumbprint(const bufferlist& bl_post_body)
+ : RGWRestOIDCProvider(
+ rgw::IAM::iamUpdateOIDCProviderThumbprint, RGW_CAP_WRITE),
+ bl_post_body(bl_post_body)
+ {
+ }
- int init_processing(optional_yield y);
+ int init_processing(optional_yield y) override;
void execute(optional_yield y) override;
const char* name() const override { return "update_oidc_provider_thumbprint"; }
RGWOpType get_type() override { return RGW_OP_UPDATE_OIDC_PROVIDER_THUMBPRINT; }
projects / ceph.git / commitdiff