if (ret < 0) {
if (s->system_request) {
dout(2) << "overriding permissions due to system operation" << dendl;
- } else if (s->auth.identity->is_admin_of(s->user->user_id)) {
+ } else if (s->auth.identity->is_admin_of(s->user->get_id())) {
dout(2) << "overriding permissions due to admin operation" << dendl;
} else {
abort_req(s, op, ret);
if (ret < 0) {
if (s->system_request) {
dout(2) << "overriding permissions due to system operation" << dendl;
- } else if (s->auth.identity->is_admin_of(s->user->user_id)) {
+ } else if (s->auth.identity->is_admin_of(s->user->get_id())) {
dout(2) << "overriding permissions due to admin operation" << dendl;
} else {
abort_req(s, op, ret);
s->perm_mask = RGW_PERM_FULL_CONTROL;
// populate the owner info
- s->owner.set_id(s->user->user_id);
- s->owner.set_name(s->user->display_name);
+ s->owner.set_id(s->user->get_id());
+ s->owner.set_name(s->user->get_display_name());
return 0;
} /* RGWHandler_Lib::authorize */
#include "rgw_user.h"
#include "rgw_http_client.h"
#include "rgw_keystone.h"
+#include "rgw_sal.h"
#include "include/str_list.h"
const uint32_t type;
public:
DummyIdentityApplier(CephContext* const cct,
- const rgw_user& auth_id,
+ const sal::RGWUser* user,
const int perm_mask,
- const bool is_admin,
- const uint32_t type)
+ const bool is_admin)
: cct(cct),
- id(auth_id),
+ id(user->get_id()),
perm_mask(perm_mask),
is_admin(is_admin),
- type(type) {
+ type(user->get_type()) {
}
uint32_t get_perms_from_aclspec(const DoutPrefixProvider* dpp, const aclspec_t& aclspec) const override {
return std::unique_ptr<rgw::auth::Identity>(
new DummyIdentityApplier(s->cct,
- s->user->user_id,
+ s->user,
s->perm_mask,
/* System user has admin permissions by default - it's supposed to pass
* through any security check. */
- s->system_request,
- s->user->type));
+ s->system_request));
}
} /* namespace auth */
/* Account used by a given RGWOp is decoupled from identity employed
* in the authorization phase (RGWOp::verify_permissions). */
- applier->load_acct_info(dpp, *s->user);
+ applier->load_acct_info(dpp, s->user->get_info());
s->perm_mask = applier->get_perm_mask();
/* This is the single place where we pass req_state as a pointer
for (auto it : role_policies) {
try {
bufferlist bl = bufferlist::static_from_string(it);
- const rgw::IAM::Policy p(s->cct, s->user->user_id.tenant, bl);
+ const rgw::IAM::Policy p(s->cct, s->user->get_tenant(), bl);
s->iam_user_policies.push_back(std::move(p));
} catch (rgw::IAM::PolicyParseException& e) {
//Control shouldn't reach here as the policy has already been
}
-req_state::req_state(CephContext* _cct, RGWEnv* e, RGWUserInfo* u, uint64_t id)
+req_state::req_state(CephContext* _cct, RGWEnv* e, rgw::sal::RGWUser* u, uint64_t id)
: cct(_cct), user(u),
info(_cct, e), id(id)
{
}
}
-int RGWUserCaps::check_cap(const string& cap, uint32_t perm)
+int RGWUserCaps::check_cap(const string& cap, uint32_t perm) const
{
- map<string, uint32_t>::iterator iter = caps.find(cap);
+ auto iter = caps.find(cap);
if ((iter == caps.end()) ||
(iter->second & perm) != perm) {
class Formatter;
}
+namespace rgw::sal {
+ class RGWUser;
+}
+
using ceph::crypto::MD5;
decode(caps, bl);
DECODE_FINISH(bl);
}
- int check_cap(const string& cap, uint32_t perm);
+ int check_cap(const string& cap, uint32_t perm) const;
bool is_valid_cap_type(const string& tp);
void dump(Formatter *f) const;
void dump(Formatter *f, const char *name) const;
bool has_bad_meta{false};
- RGWUserInfo *user;
+ rgw::sal::RGWUser *user;
struct {
/* TODO(rzarzynski): switch out to the static_ptr for both members. */
/// optional coroutine context
optional_yield yield{null_yield};
- req_state(CephContext* _cct, RGWEnv* e, RGWUserInfo* u, uint64_t id);
+ req_state(CephContext* _cct, RGWEnv* e, rgw::sal::RGWUser* u, uint64_t id);
~req_state();
bool is_err() const { return err.is_err(); }
bucket_owner.set_id(user);
bucket_owner.set_name(user_info->display_name);
if (bucket_exists) {
- ret = rgw_op_get_bucket_policy_from_attr(cct, store->ctl()->user, bucket_info,
+ ret = rgw_op_get_bucket_policy_from_attr(cct, store, bucket_info,
bucket_attrs, &old_policy);
if (ret >= 0) {
if (old_policy.get_owner().get_id().compare(user) != 0) {
{
LookupFHResult fhr{nullptr, 0};
std::string bucket_name{path};
- RGWStatBucketRequest req(cct, get_user(), bucket_name, bs);
+ rgw::sal::RGWRadosUser ruser(rgwlib.get_store(), user);
+ RGWStatBucketRequest req(cct, &ruser, bucket_name, bs);
int rc = rgwlib.get_fe()->execute_req(&req);
if ((rc == 0) &&
* object locator w/o trailing slash */
std::string obj_path = parent->format_child_name(path, false);
+ rgw::sal::RGWRadosUser ruser(rgwlib.get_store(), user);
for (auto ix : { 0, 1, 2 }) {
switch (ix) {
if (type == RGW_FS_TYPE_DIRECTORY)
continue;
- RGWStatObjRequest req(cct, get_user(),
+ RGWStatObjRequest req(cct, &ruser,
parent->bucket_name(), obj_path,
RGWStatObjRequest::FLAG_NONE);
int rc = rgwlib.get_fe()->execute_req(&req);
continue;
obj_path += "/";
- RGWStatObjRequest req(cct, get_user(),
+ RGWStatObjRequest req(cct, &ruser,
parent->bucket_name(), obj_path,
RGWStatObjRequest::FLAG_NONE);
int rc = rgwlib.get_fe()->execute_req(&req);
case 2:
{
std::string object_name{path};
- RGWStatLeafRequest req(cct, get_user(), parent, object_name);
+ RGWStatLeafRequest req(cct, &ruser, parent, object_name);
int rc = rgwlib.get_fe()->execute_req(&req);
if ((rc == 0) &&
(req.get_ret() == 0)) {
if (rgw_fh->deleted())
return -ESTALE;
- RGWReadRequest req(get_context(), get_user(), rgw_fh, offset, length,
+ rgw::sal::RGWRadosUser ruser(rgwlib.get_store(), user);
+ RGWReadRequest req(get_context(), &ruser, rgw_fh, offset, length,
buffer);
int rc = rgwlib.get_fe()->execute_req(&req);
if (rgw_fh->deleted())
return -ESTALE;
- RGWReadRequest req(get_context(), get_user(), rgw_fh, offset, length,
+ rgw::sal::RGWRadosUser ruser(rgwlib.get_store(), user);
+ RGWReadRequest req(get_context(), &ruser, rgw_fh, offset, length,
buffer);
int rc = rgwlib.get_fe()->execute_req(&req);
/* LOCKED */
}
+ rgw::sal::RGWRadosUser ruser(rgwlib.get_store(), user);
if (parent->is_root()) {
/* a bucket may have an object storing Unix attributes, check
* for and delete it */
} else {
/* delete object w/key "<bucket>/" (uxattrs), if any */
string oname{"/"};
- RGWDeleteObjRequest req(cct, get_user(), bkt_fh->bucket_name(), oname);
+ RGWDeleteObjRequest req(cct, &ruser, bkt_fh->bucket_name(), oname);
rc = rgwlib.get_fe()->execute_req(&req);
/* don't care if ENOENT */
unref(bkt_fh);
}
string bname{name};
- RGWDeleteBucketRequest req(cct, get_user(), bname);
+ RGWDeleteBucketRequest req(cct, &ruser, bname);
rc = rgwlib.get_fe()->execute_req(&req);
if (! rc) {
rc = req.get_ret();
}
oname += "/";
}
- RGWDeleteObjRequest req(cct, get_user(), parent->bucket_name(),
+ RGWDeleteObjRequest req(cct, &ruser, parent->bucket_name(),
oname);
rc = rgwlib.get_fe()->execute_req(&req);
if (! rc) {
/* XXX initial implementation: try-copy, and delete if copy
* succeeds */
int rc = -EINVAL;
+ rgw::sal::RGWRadosUser ruser(rgwlib.get_store(), user);
real_time t;
switch (ix) {
case 0:
{
- RGWCopyObjRequest req(cct, get_user(), src_fh, dst_fh, src_name,
+ RGWCopyObjRequest req(cct, &ruser, src_fh, dst_fh, src_name,
dst_name);
int rc = rgwlib.get_fe()->execute_req(&req);
if ((rc != 0) ||
{
int rc, rc2;
rgw_file_handle *lfh;
+ rgw::sal::RGWRadosUser ruser(rgwlib.get_store(), user);
rc = rgw_lookup(get_fs(), parent->get_fh(), name, &lfh,
nullptr /* st */, 0 /* mask */,
return mkr;
}
- RGWCreateBucketRequest req(get_context(), get_user(), bname);
+ RGWCreateBucketRequest req(get_context(), &ruser, bname);
/* save attrs */
req.emplace_attr(RGW_ATTR_UNIX_KEY1, std::move(ux_key));
return mkr;
}
- RGWPutObjRequest req(get_context(), get_user(), parent->bucket_name(),
+ RGWPutObjRequest req(get_context(), &ruser, parent->bucket_name(),
dir_name, bl);
/* save attrs */
/* create it */
buffer::list bl;
- RGWPutObjRequest req(cct, get_user(), parent->bucket_name(), obj_name, bl);
+ rgw::sal::RGWRadosUser ruser(rgwlib.get_store(), user);
+ RGWPutObjRequest req(cct, &ruser, parent->bucket_name(), obj_name, bl);
MkObjResult mkr{nullptr, -EINVAL};
rc = rgwlib.get_fe()->execute_req(&req);
buffer::copy(link_path, strlen(link_path)));
#endif
- RGWPutObjRequest req(get_context(), get_user(), parent->bucket_name(),
+ rgw::sal::RGWRadosUser ruser(rgwlib.get_store(), user);
+ RGWPutObjRequest req(get_context(), &ruser, parent->bucket_name(),
obj_name, bl);
/* save attrs */
obj_name += "/";
}
- RGWSetAttrsRequest req(cct, get_user(), rgw_fh->bucket_name(), obj_name);
+ rgw::sal::RGWRadosUser ruser(rgwlib.get_store(), user);
+ RGWSetAttrsRequest req(cct, &ruser, rgw_fh->bucket_name(), obj_name);
rgw_fh->create_stat(st, mask);
rgw_fh->encode_attrs(ux_key, ux_attrs);
if (rc == -ENOENT) {
/* special case: materialize placeholder dir */
buffer::list bl;
- RGWPutObjRequest req(get_context(), get_user(), rgw_fh->bucket_name(),
+ RGWPutObjRequest req(get_context(), &ruser, rgw_fh->bucket_name(),
obj_name, bl);
rgw_fh->encode_attrs(ux_key, ux_attrs); /* because std::moved */
<< " update old versioned fh : " << obj_name
<< dendl;
- RGWSetAttrsRequest req(cct, get_user(), rgw_fh->bucket_name(), obj_name);
+ rgw::sal::RGWRadosUser ruser(rgwlib.get_store(), user);
+ RGWSetAttrsRequest req(cct, &ruser, rgw_fh->bucket_name(), obj_name);
rgw_fh->encode_attrs(ux_key, ux_attrs);
bool RGWFileHandle::has_children() const
{
+ rgw::sal::RGWRadosUser ruser(rgwlib.get_store(), *fs->get_user());
if (unlikely(! is_dir()))
return false;
- RGWRMdirCheck req(fs->get_context(), fs->get_user(), this);
+ RGWRMdirCheck req(fs->get_context(), &ruser, this);
int rc = rgwlib.get_fe()->execute_req(&req);
if (! rc) {
return req.valid && req.has_children;
int rc = 0;
struct timespec now;
CephContext* cct = fs->get_context();
+ rgw::sal::RGWRadosUser ruser(rgwlib.get_store(), *fs->get_user());
lsubdout(cct, rgw, 10)
<< __func__ << " readdir called on "
}
if (is_root()) {
- RGWListBucketsRequest req(cct, fs->get_user(), this, rcb, cb_arg,
+ RGWListBucketsRequest req(cct, &ruser, this, rcb, cb_arg,
offset);
rc = rgwlib.get_fe()->execute_req(&req);
if (! rc) {
*eof = req.eof();
}
} else {
- RGWReaddirRequest req(cct, fs->get_user(), this, rcb, cb_arg, offset);
+ RGWReaddirRequest req(cct, &ruser, this, rcb, cb_arg, offset);
rc = rgwlib.get_fe()->execute_req(&req);
if (! rc) {
(void) clock_gettime(CLOCK_MONOTONIC_COARSE, &now); /* !LOCKED */
{
using std::get;
using WriteCompletion = RGWLibFS::WriteCompletion;
+ rgw::sal::RGWRadosUser ruser(rgwlib.get_store(), *fs->get_user());
lock_guard guard(mtx);
/* start */
std::string object_name = relative_object_name();
f->write_req =
- new RGWWriteRequest(fs->get_context(), fs->get_user(), this,
+ new RGWWriteRequest(fs->get_context(), &ruser, this,
bucket_name(), object_name);
rc = rgwlib.get_fe()->start_req(f->write_req);
if (rc < 0) {
{
RGWLibFS *fs = static_cast<RGWLibFS*>(rgw_fs->fs_private);
struct rados_cluster_stat_t stats;
+ rgw::sal::RGWRadosUser ruser(rgwlib.get_store(), *fs->get_user());
- RGWGetClusterStatReq req(fs->get_context(), fs->get_user(), stats);
+ RGWGetClusterStatReq req(fs->get_context(), &ruser, stats);
int rc = rgwlib.get_fe()->execute_req(&req);
if (rc < 0) {
lderr(fs->get_context()) << "ERROR: getting total cluster usage"
CephContext* cct = static_cast<CephContext*>(rgw_fs->rgw);
RGWLibFS *fs = static_cast<RGWLibFS*>(rgw_fs->fs_private);
RGWFileHandle* rgw_fh = get_rgwfh(fh);
+ rgw::sal::RGWRadosUser ruser(rgwlib.get_store(), *fs->get_user());
if (! rgw_fh->is_file())
return -EINVAL;
}
std::string oname = rgw_fh->relative_object_name();
- RGWPutObjRequest req(cct, fs->get_user(), rgw_fh->bucket_name(),
+ RGWPutObjRequest req(cct, &ruser, rgw_fh->bucket_name(),
oname, bl);
int rc = rgwlib.get_fe()->execute_req(&req);
uint32_t d_count;
bool rcb_eof; // caller forced early stop in readdir cycle
- RGWListBucketsRequest(CephContext* _cct, RGWUserInfo *_user,
+ RGWListBucketsRequest(CephContext* _cct, rgw::sal::RGWUser *_user,
RGWFileHandle* _rgw_fh, rgw_readdir_cb _rcb,
void* _cb_arg, RGWFileHandle::readdir_offset& _offset)
: RGWLibRequest(_cct, _user), rgw_fh(_rgw_fh), offset(_offset),
// woo
s->user = user;
- s->bucket_tenant = user->user_id.tenant;
+ s->bucket_tenant = user->get_tenant();
return 0;
}
uint32_t d_count;
bool rcb_eof; // caller forced early stop in readdir cycle
- RGWReaddirRequest(CephContext* _cct, RGWUserInfo *_user,
+ RGWReaddirRequest(CephContext* _cct, rgw::sal::RGWUser *_user,
RGWFileHandle* _rgw_fh, rgw_readdir_cb _rcb,
void* _cb_arg, RGWFileHandle::readdir_offset& _offset)
: RGWLibRequest(_cct, _user), rgw_fh(_rgw_fh), offset(_offset),
// woo
s->user = user;
- s->bucket_tenant = user->user_id.tenant;
+ s->bucket_tenant = user->get_tenant();
prefix = rgw_fh->relative_object_name();
if (prefix.length() > 0)
bool valid;
bool has_children;
- RGWRMdirCheck (CephContext* _cct, RGWUserInfo *_user,
+ RGWRMdirCheck (CephContext* _cct, rgw::sal::RGWUser *_user,
const RGWFileHandle* _rgw_fh)
: RGWLibRequest(_cct, _user), rgw_fh(_rgw_fh), valid(false),
has_children(false) {
s->info.domain = ""; /* XXX ? */
s->user = user;
- s->bucket_tenant = user->user_id.tenant;
+ s->bucket_tenant = user->get_tenant();
prefix = rgw_fh->relative_object_name();
if (prefix.length() > 0)
public:
const std::string& bucket_name;
- RGWCreateBucketRequest(CephContext* _cct, RGWUserInfo *_user,
+ RGWCreateBucketRequest(CephContext* _cct, rgw::sal::RGWUser *_user,
std::string& _bname)
: RGWLibRequest(_cct, _user), bucket_name(_bname) {
op = this;
// woo
s->user = user;
- s->bucket_tenant = user->user_id.tenant;
+ s->bucket_tenant = user->get_tenant();
return 0;
}
public:
const std::string& bucket_name;
- RGWDeleteBucketRequest(CephContext* _cct, RGWUserInfo *_user,
+ RGWDeleteBucketRequest(CephContext* _cct, rgw::sal::RGWUser *_user,
std::string& _bname)
: RGWLibRequest(_cct, _user), bucket_name(_bname) {
op = this;
// woo
s->user = user;
- s->bucket_tenant = user->user_id.tenant;
+ s->bucket_tenant = user->get_tenant();
return 0;
}
buffer::list& bl; /* XXX */
size_t bytes_written;
- RGWPutObjRequest(CephContext* _cct, RGWUserInfo *_user,
+ RGWPutObjRequest(CephContext* _cct, rgw::sal::RGWUser *_user,
const std::string& _bname, const std::string& _oname,
buffer::list& _bl)
: RGWLibRequest(_cct, _user), bucket_name(_bname), obj_name(_oname),
// woo
s->user = user;
- s->bucket_tenant = user->user_id.tenant;
+ s->bucket_tenant = user->get_tenant();
return 0;
}
size_t read_resid; /* initialize to len, <= sizeof(ulp_buffer) */
bool do_hexdump = false;
- RGWReadRequest(CephContext* _cct, RGWUserInfo *_user,
+ RGWReadRequest(CephContext* _cct, rgw::sal::RGWUser *_user,
RGWFileHandle* _rgw_fh, uint64_t off, uint64_t len,
void *_ulp_buffer)
: RGWLibRequest(_cct, _user), rgw_fh(_rgw_fh), ulp_buffer(_ulp_buffer),
// woo
s->user = user;
- s->bucket_tenant = user->user_id.tenant;
+ s->bucket_tenant = user->get_tenant();
return 0;
}
const std::string& bucket_name;
const std::string& obj_name;
- RGWDeleteObjRequest(CephContext* _cct, RGWUserInfo *_user,
+ RGWDeleteObjRequest(CephContext* _cct, rgw::sal::RGWUser *_user,
const std::string& _bname, const std::string& _oname)
: RGWLibRequest(_cct, _user), bucket_name(_bname), obj_name(_oname) {
op = this;
// woo
s->user = user;
- s->bucket_tenant = user->user_id.tenant;
+ s->bucket_tenant = user->get_tenant();
return 0;
}
static constexpr uint32_t FLAG_NONE = 0x000;
- RGWStatObjRequest(CephContext* _cct, RGWUserInfo *_user,
+ RGWStatObjRequest(CephContext* _cct, rgw::sal::RGWUser *_user,
const std::string& _bname, const std::string& _oname,
uint32_t _flags)
: RGWLibRequest(_cct, _user), bucket_name(_bname), obj_name(_oname),
// woo
s->user = user;
- s->bucket_tenant = user->user_id.tenant;
+ s->bucket_tenant = user->get_tenant();
return 0;
}
std::map<std::string, buffer::list> attrs;
RGWLibFS::BucketStats& bs;
- RGWStatBucketRequest(CephContext* _cct, RGWUserInfo *_user,
+ RGWStatBucketRequest(CephContext* _cct, rgw::sal::RGWUser *_user,
const std::string& _path,
RGWLibFS::BucketStats& _stats)
: RGWLibRequest(_cct, _user), bs(_stats) {
// woo
s->user = user;
- s->bucket_tenant = user->user_id.tenant;
+ s->bucket_tenant = user->get_tenant();
return 0;
}
bool is_dir;
bool exact_matched;
- RGWStatLeafRequest(CephContext* _cct, RGWUserInfo *_user,
+ RGWStatLeafRequest(CephContext* _cct, rgw::sal::RGWUser *_user,
RGWFileHandle* _rgw_fh, const std::string& _path)
: RGWLibRequest(_cct, _user), rgw_fh(_rgw_fh), path(_path),
matched(false), is_dir(false), exact_matched(false) {
// woo
s->user = user;
- s->bucket_tenant = user->user_id.tenant;
+ s->bucket_tenant = user->get_tenant();
prefix = rgw_fh->relative_object_name();
if (prefix.length() > 0)
size_t bytes_written;
bool eio;
- RGWWriteRequest(CephContext* _cct, RGWUserInfo *_user, RGWFileHandle* _fh,
+ RGWWriteRequest(CephContext* _cct, rgw::sal::RGWUser *_user, RGWFileHandle* _fh,
const std::string& _bname, const std::string& _oname)
: RGWLibContinuedReq(_cct, _user),
bucket_name(_bname), obj_name(_oname),
// woo
s->user = user;
- s->bucket_tenant = user->user_id.tenant;
+ s->bucket_tenant = user->get_tenant();
return 0;
}
const std::string& src_name;
const std::string& dst_name;
- RGWCopyObjRequest(CephContext* _cct, RGWUserInfo *_user,
+ RGWCopyObjRequest(CephContext* _cct, rgw::sal::RGWUser *_user,
RGWFileHandle* _src_parent, RGWFileHandle* _dst_parent,
const std::string& _src_name, const std::string& _dst_name)
: RGWLibRequest(_cct, _user), src_parent(_src_parent),
// woo
s->user = user;
- s->bucket_tenant = user->user_id.tenant;
+ s->bucket_tenant = user->get_tenant();
return 0;
}
const std::string& bucket_name;
const std::string& obj_name;
- RGWSetAttrsRequest(CephContext* _cct, RGWUserInfo *_user,
+ RGWSetAttrsRequest(CephContext* _cct, rgw::sal::RGWUser *_user,
const std::string& _bname, const std::string& _oname)
: RGWLibRequest(_cct, _user), bucket_name(_bname), obj_name(_oname) {
op = this;
// woo
s->user = user;
- s->bucket_tenant = user->user_id.tenant;
+ s->bucket_tenant = user->get_tenant();
return 0;
}
public RGWGetClusterStat {
public:
struct rados_cluster_stat_t& stats_req;
- RGWGetClusterStatReq(CephContext* _cct,RGWUserInfo *_user,
+ RGWGetClusterStatReq(CephContext* _cct,rgw::sal::RGWUser *_user,
rados_cluster_stat_t& _stats):
RGWLibRequest(_cct, _user), stats_req(_stats){
op = this;
public RGWHandler_Lib {
public:
CephContext* cct;
- RGWUserInfo* user;
+ rgw::sal::RGWUser* user;
boost::optional<RGWSysObjectCtx> sysobj_ctx;
/* unambiguiously return req_state */
inline struct req_state* get_state() { return this->RGWRequest::s; }
- RGWLibRequest(CephContext* _cct, RGWUserInfo* _user)
+ RGWLibRequest(CephContext* _cct, rgw::sal::RGWUser* _user)
: RGWRequest(rgwlib.get_store()->getRados()->get_new_req_id()), cct(_cct),
user(_user)
{}
- RGWUserInfo* get_user() { return user; }
+ rgw::sal::RGWUser* get_user() { return user; }
int postauth_init() override { return 0; }
RGWObjectCtx rados_ctx;
public:
- RGWLibContinuedReq(CephContext* _cct, RGWUserInfo* _user)
+ RGWLibContinuedReq(CephContext* _cct, rgw::sal::RGWUser* _user)
: RGWLibRequest(_cct, _user), io_ctx(),
rstate(_cct, &io_ctx.get_env(), _user, id),
rados_ctx(rgwlib.get_store(), &rstate)
if (!bucket_name.empty()) {
user = s->bucket_owner.get_id();
if (s->bucket_info.requester_pays) {
- payer = s->user->user_id;
+ payer = s->user->get_id();
}
} else {
- user = s->user->user_id;
+ user = s->user->get_id();
}
bool error = s->err.is_err();
}
}
- entry.user = s->user->user_id.to_str();
+ entry.user = s->user->get_id().to_str();
if (s->object_acl)
entry.object_owner = s->object_acl->get_owner().get_id();
entry.bucket_owner = s->bucket_owner.get_id();
rgw_pubsub_s3_record& record) {
record.eventTime = mtime;
record.eventName = to_string(event_type);
- record.userIdentity = s->user->user_id.id; // user that triggered the change
+ record.userIdentity = s->user->get_id().id; // user that triggered the change
record.x_amz_request_id = s->req_id; // request ID of the original change
record.x_amz_id_2 = s->host_id; // RGW on which the change was made
// configurationId is filled from subscription configuration
const std::string& etag,
EventType event_type,
rgw::sal::RGWRadosStore* store) {
- RGWUserPubSub ps_user(store, s->user->user_id);
+ RGWUserPubSub ps_user(store, s->user->get_id());
RGWUserPubSub::Bucket ps_bucket(&ps_user, s->bucket);
rgw_pubsub_bucket_topics bucket_topics;
auto rc = ps_bucket.get_topics(&bucket_topics);
* Returns: 0 on success, -ERR# otherwise.
*/
int rgw_op_get_bucket_policy_from_attr(CephContext *cct,
- RGWUserCtl *user_ctl,
+ rgw::sal::RGWRadosStore *store,
RGWBucketInfo& bucket_info,
map<string, bufferlist>& bucket_attrs,
RGWAccessControlPolicy *policy)
return ret;
} else {
ldout(cct, 0) << "WARNING: couldn't find acl header for bucket, generating default" << dendl;
- RGWUserInfo uinfo;
+ rgw::sal::RGWRadosUser user(store);
/* object exists, but policy is broken */
- int r = user_ctl->get_info_by_uid(bucket_info.owner, &uinfo, null_yield);
+ int r = user.get_by_id(bucket_info.owner, null_yield);
if (r < 0)
return r;
- policy->create_default(bucket_info.owner, uinfo.display_name);
+ policy->create_default(bucket_info.owner, user.get_display_name());
}
return 0;
}
} else if (ret == -ENODATA) {
/* object exists, but policy is broken */
ldout(cct, 0) << "WARNING: couldn't find acl header for object, generating default" << dendl;
- RGWUserInfo uinfo;
- ret = store->ctl()->user->get_info_by_uid(bucket_info.owner, &uinfo, y);
+ rgw::sal::RGWRadosUser user(store);
+ ret = user.get_by_id(bucket_info.owner, y);
if (ret < 0)
return ret;
- policy->create_default(bucket_info.owner, uinfo.display_name);
+ policy->create_default(bucket_info.owner, user.get_display_name());
}
if (storage_class) {
return store->getRados()->set_attrs(s->obj_ctx, s->bucket_info, read_op.state.obj, attrs, NULL, s->yield);
}
-static int read_bucket_policy(RGWUserCtl *user_ctl,
+static int read_bucket_policy(rgw::sal::RGWRadosStore *store,
struct req_state *s,
RGWBucketInfo& bucket_info,
map<string, bufferlist>& bucket_attrs,
return 0;
}
- int ret = rgw_op_get_bucket_policy_from_attr(s->cct, user_ctl, bucket_info, bucket_attrs, policy);
+ int ret = rgw_op_get_bucket_policy_from_attr(s->cct, store, bucket_info, bucket_attrs, policy);
if (ret == -ENOENT) {
ret = -ERR_NO_SUCH_BUCKET;
}
/* object does not exist checking the bucket's ACL to make sure
that we send a proper error code */
RGWAccessControlPolicy bucket_policy(s->cct);
- ret = rgw_op_get_bucket_policy_from_attr(s->cct, store->ctl()->user, bucket_info, bucket_attrs, &bucket_policy);
+ ret = rgw_op_get_bucket_policy_from_attr(s->cct, store, bucket_info, bucket_attrs, &bucket_policy);
if (ret < 0) {
return ret;
}
const rgw_user& bucket_owner = bucket_policy.get_owner().get_id();
- if (bucket_owner.compare(s->user->user_id) != 0 &&
+ if (bucket_owner.compare(s->user->get_id()) != 0 &&
! s->auth.identity->is_admin_of(bucket_owner)) {
if (policy) {
auto r = policy->eval(s->env, *s->auth.identity, rgw::IAM::s3ListBucket, ARN(bucket));
{
int ret = 0;
rgw_obj_key obj;
- RGWUserInfo bucket_owner_info;
auto obj_ctx = store->svc()->sysobj->init_obj_ctx();
string bi = s->info.args.get(RGW_SYS_PARAM_PREFIX "bucket-instance");
/* We aren't allocating the account policy for those operations using
* the Swift's infrastructure that don't really need req_state::user.
* Typical example here is the implementation of /info. */
- if (!s->user->user_id.empty()) {
+ if (!s->user->get_id().empty()) {
s->user_acl = std::make_unique<RGWAccessControlPolicy_SWIFTAcct>(s->cct);
}
s->bucket_acl = std::make_unique<RGWAccessControlPolicy_SWIFT>(s->cct);
rgw_user uid;
std::string display_name;
} acct_acl_user = {
- s->user->user_id,
- s->user->display_name,
+ s->user->get_id(),
+ s->user->get_display_name(),
};
if (!s->bucket_name.empty()) {
s->bucket = s->bucket_info.bucket;
if (s->bucket_exists) {
- ret = read_bucket_policy(store->ctl()->user, s, s->bucket_info, s->bucket_attrs,
+ ret = read_bucket_policy(store, s, s->bucket_info, s->bucket_attrs,
s->bucket_acl.get(), s->bucket);
acct_acl_user = {
s->bucket_info.owner,
ret = 0;
} else if (ret < 0) {
ldpp_dout(s, 0) << "NOTICE: couldn't get user attrs for handling ACL "
- "(user_id=" << s->user->user_id << ", ret=" << ret << ")" << dendl;
+ "(user_id=" << s->user->get_id() << ", ret=" << ret << ")" << dendl;
return ret;
}
}
// We don't need user policies in case of STS token returned by AssumeRole,
// hence the check for user type
- if (! s->user->user_id.empty() && s->auth.identity->get_identity_type() != TYPE_ROLE) {
+ if (! s->user->get_id().empty() && s->auth.identity->get_identity_type() != TYPE_ROLE) {
try {
map<string, bufferlist> uattrs;
- if (ret = store->ctl()->user->get_attrs_by_uid(s->user->user_id, &uattrs, s->yield); ! ret) {
+ if (ret = store->ctl()->user->get_attrs_by_uid(s->user->get_id(), &uattrs, s->yield); ! ret) {
if (s->iam_user_policies.empty()) {
- s->iam_user_policies = get_iam_user_policy_from_attr(s->cct, store, uattrs, s->user->user_id.tenant);
+ s->iam_user_policies = get_iam_user_policy_from_attr(s->cct, store, uattrs, s->user->get_tenant());
} else {
// This scenario can happen when a STS token has a policy, then we need to append other user policies
// to the existing ones. (e.g. token returned by GetSessionToken)
- auto user_policies = get_iam_user_policy_from_attr(s->cct, store, uattrs, s->user->user_id.tenant);
+ auto user_policies = get_iam_user_policy_from_attr(s->cct, store, uattrs, s->user->get_tenant());
s->iam_user_policies.insert(s->iam_user_policies.end(), user_policies.begin(), user_policies.end());
}
} else {
// What to do about aws::userid? One can have multiple access
// keys so that isn't really suitable. Do we have a durable
// identifier that can persist through name changes?
- s->env.emplace("aws:username", s->user->user_id.id);
+ s->env.emplace("aws:username", s->user->get_id().id);
}
i = m.find("HTTP_X_AMZ_SECURITY_TOKEN");
uint32_t required_mask = op_mask();
ldpp_dout(this, 20) << "required_mask= " << required_mask
- << " user.op_mask=" << s->user->op_mask << dendl;
+ << " user.op_mask=" << s->user->get_info().op_mask << dendl;
- if ((s->user->op_mask & required_mask) != required_mask) {
+ if ((s->user->get_info().op_mask & required_mask) != required_mask) {
return -EPERM;
}
return 0;
/* init quota related stuff */
- if (!(s->user->op_mask & RGW_OP_TYPE_MODIFY)) {
+ if (!(s->user->get_info().op_mask & RGW_OP_TYPE_MODIFY)) {
return 0;
}
return 0;
}
- RGWUserInfo owner_info;
- RGWUserInfo *uinfo;
+ rgw::sal::RGWRadosUser owner_user(store);
+ rgw::sal::RGWUser *user;
- if (s->user->user_id == s->bucket_owner.get_id()) {
- uinfo = s->user;
+ if (s->user->get_id() == s->bucket_owner.get_id()) {
+ user = s->user;
} else {
- int r = store->ctl()->user->get_info_by_uid(s->bucket_info.owner, &owner_info, s->yield);
+ int r = owner_user.get_by_id(s->bucket_info.owner, s->yield);
if (r < 0)
return r;
- uinfo = &owner_info;
+ user = &owner_user;
}
if (s->bucket_info.quota.enabled) {
bucket_quota = s->bucket_info.quota;
- } else if (uinfo->bucket_quota.enabled) {
- bucket_quota = uinfo->bucket_quota;
+ } else if (user->get_info().bucket_quota.enabled) {
+ bucket_quota = user->get_info().bucket_quota;
} else {
bucket_quota = store->svc()->quota->get_bucket_quota();
}
- if (uinfo->user_quota.enabled) {
- user_quota = uinfo->user_quota;
+ if (user->get_info().user_quota.enabled) {
+ user_quota = user->get_info().user_quota;
} else {
user_quota = store->svc()->quota->get_user_quota();
}
* stored inside different accounts. */
if (s->system_request) {
ldpp_dout(this, 2) << "overriding permissions due to system operation" << dendl;
- } else if (s->auth.identity->is_admin_of(s->user->user_id)) {
+ } else if (s->auth.identity->is_admin_of(s->user->get_id())) {
ldpp_dout(this, 2) << "overriding permissions due to admin operation" << dendl;
} else if (!verify_object_permission(this, s, part, s->user_acl.get(), bucket_acl,
&obj_policy, bucket_policy, s->iam_user_policies, action)) {
if (bucket_name.compare(s->bucket.name) != 0) {
map<string, bufferlist> bucket_attrs;
auto obj_ctx = store->svc()->sysobj->init_obj_ctx();
- int r = store->getRados()->get_bucket_info(store->svc(), s->user->user_id.tenant,
+ int r = store->getRados()->get_bucket_info(store->svc(), s->user->get_tenant(),
bucket_name, bucket_info, NULL,
s->yield, &bucket_attrs);
if (r < 0) {
bucket = bucket_info.bucket;
pbucket_info = &bucket_info;
bucket_acl = &_bucket_acl;
- r = read_bucket_policy(store->ctl()->user, s, bucket_info, bucket_attrs, bucket_acl, bucket);
+ r = read_bucket_policy(store, s, bucket_info, bucket_attrs, bucket_acl, bucket);
if (r < 0) {
ldpp_dout(this, 0) << "failed to read bucket policy" << dendl;
return r;
RGWBucketInfo bucket_info;
map<string, bufferlist> bucket_attrs;
auto obj_ctx = store->svc()->sysobj->init_obj_ctx();
- int r = store->getRados()->get_bucket_info(store->svc(), s->user->user_id.tenant,
+ int r = store->getRados()->get_bucket_info(store->svc(), s->user->get_tenant(),
bucket_name, bucket_info, nullptr,
s->yield, &bucket_attrs);
if (r < 0) {
}
bucket = bucket_info.bucket;
bucket_acl = &_bucket_acl;
- r = read_bucket_policy(store->ctl()->user, s, bucket_info, bucket_attrs, bucket_acl,
+ r = read_bucket_policy(store, s, bucket_info, bucket_attrs, bucket_acl,
bucket);
if (r < 0) {
ldpp_dout(this, 0) << "failed to read bucket ACL for bucket "
rgw::Partition partition = rgw::Partition::aws;
rgw::Service service = rgw::Service::s3;
- if (!verify_user_permission(this, s, ARN(partition, service, "", s->user->user_id.tenant, "*"), rgw::IAM::s3ListAllMyBuckets)) {
+ if (!verify_user_permission(this, s, ARN(partition, service, "", s->user->get_tenant(), "*"), rgw::IAM::s3ListAllMyBuckets)) {
return -EACCES;
}
}
if (supports_account_metadata()) {
- op_ret = store->ctl()->user->get_attrs_by_uid(s->user->user_id, &attrs, s->yield);
+ op_ret = store->ctl()->user->get_attrs_by_uid(s->user->get_id(), &attrs, s->yield);
if (op_ret < 0) {
goto send_end;
}
read_count = max_buckets;
}
- rgw::sal::RGWRadosUser user(store, s->user->user_id);
+ rgw::sal::RGWRadosUser user(store, s->user->get_id());
op_ret = user.list_buckets(marker, end_marker, read_count, should_get_stats(), buckets);
/* hmm.. something wrong here.. the user was authenticated, so it
should exist */
ldpp_dout(this, 10) << "WARNING: failed on rgw_get_user_buckets uid="
- << s->user->user_id << dendl;
+ << s->user->get_id() << dendl;
break;
}
RGWUsageIter usage_iter;
while (is_truncated) {
- op_ret = store->getRados()->read_usage(s->user->user_id, s->bucket_name, start_epoch, end_epoch, max_entries,
+ op_ret = store->getRados()->read_usage(s->user->get_id(), s->bucket_name, start_epoch, end_epoch, max_entries,
&is_truncated, usage_iter, usage);
if (op_ret == -ENOENT) {
}
}
- op_ret = rgw_user_sync_all_stats(store, s->user->user_id);
+ op_ret = rgw_user_sync_all_stats(store, s->user->get_id());
if (op_ret < 0) {
ldpp_dout(this, 0) << "ERROR: failed to sync user stats" << dendl;
return;
}
- op_ret = rgw_user_get_all_buckets_stats(store, s->user->user_id, buckets_usage);
+ op_ret = rgw_user_get_all_buckets_stats(store, s->user->get_id(), buckets_usage);
if (op_ret < 0) {
ldpp_dout(this, 0) << "ERROR: failed to get user's buckets stats" << dendl;
return;
}
- op_ret = store->ctl()->user->read_stats(s->user->user_id, &stats);
+ op_ret = store->ctl()->user->read_stats(s->user->get_id(), &stats);
if (op_ret < 0) {
ldpp_dout(this, 0) << "ERROR: can't read user header" << dendl;
return;
do {
- op_ret = rgw_read_user_buckets(store, s->user->user_id, buckets, marker,
+ op_ret = rgw_read_user_buckets(store, s->user->get_id(), buckets, marker,
string(), max_buckets, true);
if (op_ret < 0) {
/* hmm.. something wrong here.. the user was authenticated, so it
should exist */
ldpp_dout(this, 10) << "WARNING: failed on rgw_get_user_buckets uid="
- << s->user->user_id << dendl;
+ << s->user->get_id() << dendl;
break;
} else {
/* We need to have stats for all our policies - even if a given policy
return;
}
- rgw::sal::RGWRadosUser user(store, s->user->user_id);
+ rgw::sal::RGWRadosUser user(store, s->user->get_id());
bucket = new rgw::sal::RGWRadosBucket(store, user, s->bucket);
op_ret = bucket->update_container_stats();
}
return -EACCES;
}
- if (s->user->user_id.tenant != s->bucket_tenant) {
+ if (s->user->get_tenant() != s->bucket_tenant) {
ldpp_dout(this, 10) << "user cannot create a bucket in a different tenant"
- << " (user_id.tenant=" << s->user->user_id.tenant
+ << " (user_id.tenant=" << s->user->get_tenant()
<< " requested=" << s->bucket_tenant << ")"
<< dendl;
return -EACCES;
}
- if (s->user->max_buckets < 0) {
+ if (s->user->get_max_buckets() < 0) {
return -EPERM;
}
- if (s->user->max_buckets) {
+ if (s->user->get_max_buckets()) {
rgw::sal::RGWBucketList buckets;
string marker;
- op_ret = rgw_read_user_buckets(store, s->user->user_id, buckets,
- marker, string(), s->user->max_buckets,
+ op_ret = rgw_read_user_buckets(store, s->user->get_id(), buckets,
+ marker, string(), s->user->get_max_buckets(),
false);
if (op_ret < 0) {
return op_ret;
}
- if ((int)buckets.count() >= s->user->max_buckets) {
+ if ((int)buckets.count() >= s->user->get_max_buckets()) {
return -ERR_TOO_MANY_BUCKETS;
}
}
}
ldpp_dout(s, 0) << "sending request to master zonegroup" << dendl;
bufferlist response;
- string uid_str = s->user->user_id.to_str();
+ string uid_str = s->user->get_id().to_str();
#define MAX_REST_RESPONSE (128 * 1024) // we expect a very small response
int ret = store->svc()->zone->get_master_conn()->forward(rgw_user(uid_str), (forward_info ? *forward_info : s->info),
objv, MAX_REST_RESPONSE, &in_data, &response);
string bucket_name = rgw_make_bucket_entry_name(s->bucket_tenant, s->bucket_name);
rgw_raw_obj obj(store->svc()->zone->get_zone_params().domain_root, bucket_name);
obj_version objv, *pobjv = NULL;
- rgw::sal::RGWRadosUser user(store, *s->user);
op_ret = get_params();
if (op_ret < 0)
s->bucket.tenant = s->bucket_tenant;
s->bucket.name = s->bucket_name;
rgw::sal::RGWBucket* bucket = NULL;
- op_ret = store->get_bucket(user, s->bucket, &bucket);
+ op_ret = store->get_bucket(*s->user, s->bucket, &bucket);
if (op_ret < 0 && op_ret != -ENOENT)
return;
s->bucket_exists = (op_ret != -ENOENT);
- s->bucket_owner.set_id(s->user->user_id);
- s->bucket_owner.set_name(user.get_display_name());
+ s->bucket_owner.set_id(s->user->get_id());
+ s->bucket_owner.set_name(s->user->get_display_name());
if (s->bucket_exists) {
s->bucket_info = bucket->get_info();
s->bucket_attrs = bucket->get_attrs();
delete bucket;
- int r = rgw_op_get_bucket_policy_from_attr(s->cct, store->ctl()->user, s->bucket_info,
+ int r = rgw_op_get_bucket_policy_from_attr(s->cct, store, s->bucket_info,
s->bucket_attrs, &old_policy);
if (r >= 0) {
- if (old_policy.get_owner().get_id().compare(s->user->user_id) != 0) {
+ if (old_policy.get_owner().get_id().compare(s->user->get_id()) != 0) {
op_ret = -EEXIST;
return;
}
rgw_bucket bucket;
bucket.tenant = s->bucket_tenant;
bucket.name = s->bucket_name;
- op_ret = store->svc()->zone->select_bucket_placement(*(s->user), zonegroup_id,
+ op_ret = store->svc()->zone->select_bucket_placement(s->user->get_info(),
+ zonegroup_id,
placement_rule,
&selected_placement_rule, nullptr);
if (selected_placement_rule != s->bucket_info.placement_rule) {
}
- op_ret = store->getRados()->create_bucket(*(s->user), s->bucket, zonegroup_id,
+ op_ret = store->getRados()->create_bucket(s->user->get_info(), s->bucket, zonegroup_id,
placement_rule, s->bucket_info.swift_ver_location,
pquota_info, attrs,
info, pobjv, &ep_objv, creation_time,
* If all is ok then update the user's list of buckets.
* Otherwise inform client about a name conflict.
*/
- if (info.owner.compare(s->user->user_id) != 0) {
+ if (info.owner.compare(s->user->get_id()) != 0) {
op_ret = -EEXIST;
return;
}
s->bucket = info.bucket;
}
- op_ret = store->ctl()->bucket->link_bucket(s->user->user_id, s->bucket,
+ op_ret = store->ctl()->bucket->link_bucket(s->user->get_id(), s->bucket,
info.creation_time, s->yield, false);
if (op_ret && !existed && op_ret != -EEXIST) {
/* if it exists (or previously existed), don't remove it! */
- op_ret = store->ctl()->bucket->unlink_bucket(s->user->user_id, s->bucket, s->yield);
+ op_ret = store->ctl()->bucket->unlink_bucket(s->user->get_id(), s->bucket, s->yield);
if (op_ret < 0) {
ldpp_dout(this, 0) << "WARNING: failed to unlink bucket: ret=" << op_ret
<< dendl;
binfo, nullptr, s->yield, &battrs);
if (op_ret < 0) {
return;
- } else if (binfo.owner.compare(s->user->user_id) != 0) {
+ } else if (binfo.owner.compare(s->user->get_id()) != 0) {
/* New bucket doesn't belong to the account we're operating on. */
op_ret = -EEXIST;
return;
}
}
- op_ret = store->ctl()->bucket->sync_user_stats(s->user->user_id, s->bucket_info);
+ op_ret = store->ctl()->bucket->sync_user_stats(s->user->get_id(), s->bucket_info);
if ( op_ret < 0) {
ldpp_dout(this, 1) << "WARNING: failed to sync user stats before bucket delete: op_ret= " << op_ret << dendl;
}
return op_ret;
}
- op_ret = store->ctl()->user->get_attrs_by_uid(s->user->user_id, &orig_attrs,
+ op_ret = store->ctl()->user->get_attrs_by_uid(s->user->get_id(), &orig_attrs,
s->yield,
&acct_op_tracker);
if (op_ret < 0) {
{
/* Params have been extracted earlier. See init_processing(). */
RGWUserInfo new_uinfo;
- op_ret = store->ctl()->user->get_info_by_uid(s->user->user_id, &new_uinfo, s->yield,
+ op_ret = store->ctl()->user->get_info_by_uid(s->user->get_id(), &new_uinfo, s->yield,
RGWUserCtl::GetParams()
.set_objv_tracker(&acct_op_tracker));
if (op_ret < 0) {
* optimize-out some operations. */
op_ret = store->ctl()->user->store_info(new_uinfo, s->yield,
RGWUserCtl::PutParams()
- .set_old_info(s->user)
+ .set_old_info(&s->user->get_info())
.set_objv_tracker(&acct_op_tracker)
.set_attrs(&attrs));
}
store->getRados()->set_atomic(s->obj_ctx, dest_obj);
/* check dest bucket permissions */
- op_ret = read_bucket_policy(store->ctl()->user, s, dest_bucket_info, dest_attrs,
+ op_ret = read_bucket_policy(store, s, dest_bucket_info, dest_attrs,
&dest_bucket_policy, dest_bucket);
if (op_ret < 0) {
return op_ret;
}
op_ret = store->getRados()->copy_obj(obj_ctx,
- s->user->user_id,
- &s->info,
- source_zone,
- dst_obj,
- src_obj,
- dest_bucket_info,
- src_bucket_info,
- s->dest_placement,
- &src_mtime,
- &mtime,
- mod_ptr,
- unmod_ptr,
- high_precision_time,
- if_match,
- if_nomatch,
- attrs_mod,
- copy_if_newer,
- attrs, RGWObjCategory::Main,
- olh_epoch,
- (delete_at ? *delete_at : real_time()),
- (version_id.empty() ? NULL : &version_id),
- &s->req_id, /* use req_id as tag */
- &etag,
- copy_obj_progress_cb, (void *)this,
- this,
- s->yield);
+ s->user->get_id(),
+ &s->info,
+ source_zone,
+ dst_obj,
+ src_obj,
+ dest_bucket_info,
+ src_bucket_info,
+ s->dest_placement,
+ &src_mtime,
+ &mtime,
+ mod_ptr,
+ unmod_ptr,
+ high_precision_time,
+ if_match,
+ if_nomatch,
+ attrs_mod,
+ copy_if_newer,
+ attrs, RGWObjCategory::Main,
+ olh_epoch,
+ (delete_at ? *delete_at : real_time()),
+ (version_id.empty() ? NULL : &version_id),
+ &s->req_id, /* use req_id as tag */
+ &etag,
+ copy_obj_progress_cb, (void *)this,
+ this,
+ s->yield);
const auto ret = rgw::notify::publish(s, mtime, etag, rgw::notify::ObjectCreatedCopy, store);
if (ret < 0) {
ACLOwner& bucket_owner /* out */)
{
RGWAccessControlPolicy bacl(store->ctx());
- int ret = read_bucket_policy(store->ctl()->user, s, binfo, battrs, &bacl, binfo.bucket);
+ int ret = read_bucket_policy(store, s, binfo, battrs, &bacl, binfo.bucket);
if (ret < 0) {
return false;
}
ACLOwner bowner;
RGWObjVersionTracker ot;
- rgw_bucket b(rgw_bucket_key(s->user->user_id.tenant, path.bucket_name));
+ rgw_bucket b(rgw_bucket_key(s->user->get_tenant(), path.bucket_name));
int ret = store->ctl()->bucket->read_bucket_info(b, &binfo, s->yield,
RGWBucketCtl::BucketInstance::GetParams()
return -EACCES;
}
- if (s->user->user_id.tenant != s->bucket_tenant) {
+ if (s->user->get_tenant() != s->bucket_tenant) {
ldpp_dout(this, 10) << "user cannot create a bucket in a different tenant"
- << " (user_id.tenant=" << s->user->user_id.tenant
+ << " (user_id.tenant=" << s->user->get_tenant()
<< " requested=" << s->bucket_tenant << ")" << dendl;
return -EACCES;
}
- if (s->user->max_buckets < 0) {
+ if (s->user->get_max_buckets() < 0) {
return -EPERM;
}
int RGWBulkUploadOp::handle_dir_verify_permission()
{
- if (s->user->max_buckets > 0) {
+ if (s->user->get_max_buckets() > 0) {
rgw::sal::RGWBucketList buckets;
std::string marker;
- op_ret = rgw_read_user_buckets(store, s->user->user_id, buckets,
- marker, std::string(), s->user->max_buckets,
+ op_ret = rgw_read_user_buckets(store, s->user->get_user(), buckets,
+ marker, std::string(), s->user->get_max_buckets(),
false);
if (op_ret < 0) {
return op_ret;
}
- if (buckets.count() >= static_cast<size_t>(s->user->max_buckets)) {
+ if (buckets.count() >= static_cast<size_t>(s->user->get_max_buckets())) {
return -ERR_TOO_MANY_BUCKETS;
}
}
if (bucket_exists) {
RGWAccessControlPolicy old_policy(s->cct);
- int r = rgw_op_get_bucket_policy_from_attr(s->cct, store->ctl()->user, binfo,
+ int r = rgw_op_get_bucket_policy_from_attr(s->cct, store, binfo,
battrs, &old_policy);
if (r >= 0) {
- if (old_policy.get_owner().get_id().compare(s->user->user_id) != 0) {
+ if (old_policy.get_owner().get_id().compare(s->user->get_user()) != 0) {
op_ret = -EEXIST;
return op_ret;
}
rgw_bucket bucket;
bucket.tenant = s->bucket_tenant;
bucket.name = s->bucket_name;
- op_ret = store->svc()->zone->select_bucket_placement(*(s->user),
+ op_ret = store->svc()->zone->select_bucket_placement(s->user->get_info(),
store->svc()->zone->get_zonegroup().get_id(),
placement_rule,
&selected_placement_rule,
/* Create metadata: ACLs. */
std::map<std::string, ceph::bufferlist> attrs;
RGWAccessControlPolicy policy;
- policy.create_default(s->user->user_id, s->user->display_name);
+ policy.create_default(s->user->get_id(), s->user->get_display_name());
ceph::bufferlist aclbl;
policy.encode(aclbl);
attrs.emplace(RGW_ATTR_ACL, std::move(aclbl));
RGWBucketInfo out_info;
- op_ret = store->getRados()->create_bucket(*(s->user),
+ op_ret = store->getRados()->create_bucket(s->user->get_info(),
bucket,
store->svc()->zone->get_zonegroup().get_id(),
placement_rule, binfo.swift_ver_location,
* If all is ok then update the user's list of buckets.
* Otherwise inform client about a name conflict.
*/
- if (out_info.owner.compare(s->user->user_id) != 0) {
+ if (out_info.owner.compare(s->user->get_id()) != 0) {
op_ret = -EEXIST;
ldpp_dout(this, 20) << "conflicting bucket name" << dendl;
return op_ret;
bucket = out_info.bucket;
}
- op_ret = store->ctl()->bucket->link_bucket(s->user->user_id, bucket,
+ op_ret = store->ctl()->bucket->link_bucket(s->user->get_id(), bucket,
out_info.creation_time,
s->yield, false);
if (op_ret && !existed && op_ret != -EEXIST) {
/* if it exists (or previously existed), don't remove it! */
- op_ret = store->ctl()->bucket->unlink_bucket(s->user->user_id, bucket, s->yield);
+ op_ret = store->ctl()->bucket->unlink_bucket(s->user->get_id(), bucket, s->yield);
if (op_ret < 0) {
ldpp_dout(this, 0) << "WARNING: failed to unlink bucket: ret=" << op_ret << dendl;
}
ACLOwner& bucket_owner /* out */)
{
RGWAccessControlPolicy bacl(store->ctx());
- op_ret = read_bucket_policy(store->ctl()->user, s, binfo, battrs, &bacl, binfo.bucket);
+ op_ret = read_bucket_policy(store, s, binfo, battrs, &bacl, binfo.bucket);
if (op_ret < 0) {
ldpp_dout(this, 20) << "cannot read_policy() for bucket" << dendl;
return false;
RGWBucketInfo binfo;
std::map<std::string, ceph::bufferlist> battrs;
ACLOwner bowner;
- op_ret = store->getRados()->get_bucket_info(store->svc(), s->user->user_id.tenant,
+ op_ret = store->getRados()->get_bucket_info(store->svc(), s->user->get_tenant(),
bucket_name, binfo, nullptr, s->yield, &battrs);
if (op_ret == -ENOENT) {
ldpp_dout(this, 20) << "non existent directory=" << bucket_name << dendl;
/* Create metadata: ACLs. */
RGWAccessControlPolicy policy;
- policy.create_default(s->user->user_id, s->user->display_name);
+ policy.create_default(s->user->get_id(), s->user->get_display_name());
ceph::bufferlist aclbl;
policy.encode(aclbl);
attrs.emplace(RGW_ATTR_ACL, std::move(aclbl));
#include "rgw_quota.h"
#include "rgw_putobj.h"
#include "rgw_multi.h"
+#include "rgw_sal.h"
#include "rgw_lc.h"
#include "rgw_torrent.h"
}
int rgw_op_get_bucket_policy_from_attr(CephContext *cct,
- RGWUserCtl *user_ctl,
+ rgw::sal::RGWRadosStore *store,
RGWBucketInfo& bucket_info,
map<string, bufferlist>& bucket_attrs,
RGWAccessControlPolicy *policy);
void init(rgw::sal::RGWRadosStore *store, struct req_state *s, RGWHandler *h) override {
RGWOp::init(store, s, h);
- rgw::sal::RGWRadosUser user(store, s->user->user_id);
- bucket = new rgw::sal::RGWRadosBucket(store, user, s->bucket);
+ bucket = new rgw::sal::RGWRadosBucket(store, *s->user, s->bucket);
}
virtual int get_params() = 0;
void send_response() override = 0;
return caps.check_cap("admin", RGW_CAP_READ);
}
int verify_permission() override {
- return check_caps(s->user->caps);
+ return check_caps(s->user->get_info().caps);
}
void pre_exec() override;
void execute() override;
jf.dump_string("params", s->info.request_params.c_str());
jf.dump_string("request_uri_aws4", s->info.request_uri_aws4.c_str());
jf.dump_string("object_name", s->object.name.c_str());
- jf.dump_object("user_info", *s->user);
+ jf.dump_object("user_info", s->user->get_info());
jf.dump_object("bucket_info", s->bucket_info);
jf.close_section();
jf.close_section();
if (ret < 0) {
if (s->system_request) {
dout(2) << "overriding permissions due to system operation" << dendl;
- } else if (s->auth.identity->is_admin_of(s->user->user_id)) {
+ } else if (s->auth.identity->is_admin_of(s->user->get_id())) {
dout(2) << "overriding permissions due to admin operation" << dendl;
} else {
return ret;
RGWEnv& rgw_env = client_io->get_env();
- RGWUserInfo userinfo;
+ rgw::sal::RGWRadosUser user;
- struct req_state rstate(g_ceph_context, &rgw_env, &userinfo, req->id);
+ struct req_state rstate(g_ceph_context, &rgw_env, &user, req->id);
struct req_state *s = &rstate;
RGWObjectCtx rados_ctx(store, s);
should_log = mgr->get_logging();
ldpp_dout(s, 2) << "getting op " << s->op << dendl;
- op = handler->get_op(store);
+ op = handler->get_op();
if (!op) {
abort_early(s, NULL, -ERR_METHOD_NOT_ALLOWED, handler);
goto done;
goto done;
}
- if (s->user->suspended) {
- dout(10) << "user is suspended, uid=" << s->user->user_id << dendl;
+ if (s->user->get_info().suspended) {
+ dout(10) << "user is suspended, uid=" << s->user->get_id() << dendl;
abort_early(s, op, -ERR_USER_SUSPENDED, handler);
goto done;
}
dump_trans_id(s);
if ((!s->is_err()) &&
- (s->bucket_info.owner != s->user->user_id) &&
+ (s->bucket_info.owner != s->user->get_id()) &&
(s->bucket_info.requester_pays)) {
dump_header(s, "x-amz-request-charged", "requester");
}
int RGWRESTOp::verify_permission()
{
- return check_caps(s->user->caps);
+ return check_caps(s->user->get_info().caps);
}
-RGWOp* RGWHandler_REST::get_op(rgw::sal::RGWRadosStore* store)
+RGWOp* RGWHandler_REST::get_op(void)
{
RGWOp *op;
switch (s->op) {
{
if (op->get_type() == RGW_OP_CREATE_BUCKET) {
// We don't need user policies in case of STS token returned by AssumeRole, hence the check for user type
- if (! s->user->user_id.empty() && s->auth.identity->get_identity_type() != TYPE_ROLE) {
+ if (! s->user->get_id().empty() && s->auth.identity->get_identity_type() != TYPE_ROLE) {
try {
map<string, bufferlist> uattrs;
- if (auto ret = store->ctl()->user->get_attrs_by_uid(s->user->user_id, &uattrs, null_yield); ! ret) {
+ if (auto ret = store->ctl()->user->get_attrs_by_uid(s->user->get_id(), &uattrs, null_yield); ! ret) {
if (s->iam_user_policies.empty()) {
- s->iam_user_policies = get_iam_user_policy_from_attr(s->cct, store, uattrs, s->user->user_id.tenant);
+ s->iam_user_policies = get_iam_user_policy_from_attr(s->cct, store, uattrs, s->user->get_tenant());
} else {
// This scenario can happen when a STS token has a policy, then we need to append other user policies
// to the existing ones. (e.g. token returned by GetSessionToken)
- auto user_policies = get_iam_user_policy_from_attr(s->cct, store, uattrs, s->user->user_id.tenant);
+ auto user_policies = get_iam_user_policy_from_attr(s->cct, store, uattrs, s->user->get_tenant());
s->iam_user_policies.insert(s->iam_user_policies.end(), user_policies.begin(), user_policies.end());
}
}
flusher.init(s, this);
}
void send_response() override;
- virtual int check_caps(RGWUserCaps& caps)
+ virtual int check_caps(const RGWUserCaps& caps)
{ return -EPERM; } /* should to be implemented! */
int verify_permission() override;
dmc::client_id dmclock_client() override { return dmc::client_id::admin; }
int init_permissions(RGWOp* op) override;
int read_permissions(RGWOp* op) override;
- virtual RGWOp* get_op(rgw::sal::RGWRadosStore* store);
+ virtual RGWOp* get_op(void);
virtual void put_op(RGWOp* op);
};
public:
RGWOp_Bucket_Info() {}
- int check_caps(RGWUserCaps& caps) override {
+ int check_caps(const RGWUserCaps& caps) override {
return caps.check_cap("buckets", RGW_CAP_READ);
}
public:
RGWOp_Get_Policy() {}
- int check_caps(RGWUserCaps& caps) override {
+ int check_caps(const RGWUserCaps& caps) override {
return caps.check_cap("buckets", RGW_CAP_READ);
}
public:
RGWOp_Check_Bucket_Index() {}
- int check_caps(RGWUserCaps& caps) override {
+ int check_caps(const RGWUserCaps& caps) override {
return caps.check_cap("buckets", RGW_CAP_WRITE);
}
public:
RGWOp_Bucket_Link() {}
- int check_caps(RGWUserCaps& caps) override {
+ int check_caps(const RGWUserCaps& caps) override {
return caps.check_cap("buckets", RGW_CAP_WRITE);
}
public:
RGWOp_Bucket_Unlink() {}
- int check_caps(RGWUserCaps& caps) override {
+ int check_caps(const RGWUserCaps& caps) override {
return caps.check_cap("buckets", RGW_CAP_WRITE);
}
public:
RGWOp_Bucket_Remove() {}
- int check_caps(RGWUserCaps& caps) override {
+ int check_caps(const RGWUserCaps& caps) override {
return caps.check_cap("buckets", RGW_CAP_WRITE);
}
public:
RGWOp_Set_Bucket_Quota() {}
- int check_caps(RGWUserCaps& caps) override {
+ int check_caps(const RGWUserCaps& caps) override {
return caps.check_cap("buckets", RGW_CAP_WRITE);
}
public:
RGWOp_Sync_Bucket() {}
- int check_caps(RGWUserCaps& caps) override {
+ int check_caps(const RGWUserCaps& caps) override {
return caps.check_cap("buckets", RGW_CAP_WRITE);
}
public:
RGWOp_Object_Remove() {}
- int check_caps(RGWUserCaps& caps) override {
+ int check_caps(const RGWUserCaps& caps) override {
return caps.check_cap("buckets", RGW_CAP_WRITE);
}
explicit RGWOp_ZoneGroupMap_Get(bool _old_format):old_format(_old_format) {}
~RGWOp_ZoneGroupMap_Get() override {}
- int check_caps(RGWUserCaps& caps) override {
+ int check_caps(const RGWUserCaps& caps) override {
return caps.check_cap("zone", RGW_CAP_READ);
}
int verify_permission() override {
- return check_caps(s->user->caps);
+ return check_caps(s->user->get_caps());
}
void execute() override;
void send_response() override;
public:
RGWOp_ZoneConfig_Get() {}
- int check_caps(RGWUserCaps& caps) override {
+ int check_caps(const RGWUserCaps& caps) override {
return caps.check_cap("zone", RGW_CAP_READ);
}
int verify_permission() override {
- return check_caps(s->user->caps);
+ return check_caps(s->user->get_caps());
}
void execute() override {} /* store already has the info we need, just need to send response */
void send_response() override ;
class RGWOp_MDLog_Status : public RGWRESTOp {
rgw_meta_sync_status status;
public:
- int check_caps(RGWUserCaps& caps) override {
+ int check_caps(const RGWUserCaps& caps) override {
return caps.check_cap("mdlog", RGW_CAP_READ);
}
int verify_permission() override {
- return check_caps(s->user->caps);
+ return check_caps(s->user->get_caps());
}
void execute() override;
void send_response() override;
class RGWOp_BILog_Status : public RGWRESTOp {
std::vector<rgw_bucket_shard_sync_info> status;
public:
- int check_caps(RGWUserCaps& caps) override {
+ int check_caps(const RGWUserCaps& caps) override {
return caps.check_cap("bilog", RGW_CAP_READ);
}
int verify_permission() override {
- return check_caps(s->user->caps);
+ return check_caps(s->user->get_caps());
}
void execute() override;
void send_response() override;
class RGWOp_DATALog_Status : public RGWRESTOp {
rgw_data_sync_status status;
public:
- int check_caps(RGWUserCaps& caps) override {
+ int check_caps(const RGWUserCaps& caps) override {
return caps.check_cap("datalog", RGW_CAP_READ);
}
int verify_permission() override {
- return check_caps(s->user->caps);
+ return check_caps(s->user->get_caps());
}
void execute() override ;
void send_response() override;
RGWOp_BILog_List() : sent_header(false) {}
~RGWOp_BILog_List() override {}
- int check_caps(RGWUserCaps& caps) override {
+ int check_caps(const RGWUserCaps& caps) override {
return caps.check_cap("bilog", RGW_CAP_READ);
}
int verify_permission() override {
- return check_caps(s->user->caps);
+ return check_caps(s->user->get_caps());
}
void send_response() override;
virtual void send_response(list<rgw_bi_log_entry>& entries, string& marker);
RGWOp_BILog_Info() : bucket_ver(), master_ver(), syncstopped(false) {}
~RGWOp_BILog_Info() override {}
- int check_caps(RGWUserCaps& caps) override {
+ int check_caps(const RGWUserCaps& caps) override {
return caps.check_cap("bilog", RGW_CAP_READ);
}
int verify_permission() override {
- return check_caps(s->user->caps);
+ return check_caps(s->user->get_caps());
}
void send_response() override;
void execute() override;
RGWOp_BILog_Delete() {}
~RGWOp_BILog_Delete() override {}
- int check_caps(RGWUserCaps& caps) override {
+ int check_caps(const RGWUserCaps& caps) override {
return caps.check_cap("bilog", RGW_CAP_WRITE);
}
void execute() override;
RGWOp_MDLog_List() : truncated(false) {}
~RGWOp_MDLog_List() override {}
- int check_caps(RGWUserCaps& caps) override {
+ int check_caps(const RGWUserCaps& caps) override {
return caps.check_cap("mdlog", RGW_CAP_READ);
}
int verify_permission() override {
- return check_caps(s->user->caps);
+ return check_caps(s->user->get_caps());
}
void execute() override;
void send_response() override;
RGWOp_MDLog_Info() : num_objects(0) {}
~RGWOp_MDLog_Info() override {}
- int check_caps(RGWUserCaps& caps) override {
+ int check_caps(const RGWUserCaps& caps) override {
return caps.check_cap("mdlog", RGW_CAP_READ);
}
int verify_permission() override {
- return check_caps(s->user->caps);
+ return check_caps(s->user->get_caps());
}
void execute() override;
void send_response() override;
RGWOp_MDLog_ShardInfo() {}
~RGWOp_MDLog_ShardInfo() override {}
- int check_caps(RGWUserCaps& caps) override {
+ int check_caps(const RGWUserCaps& caps) override {
return caps.check_cap("mdlog", RGW_CAP_READ);
}
int verify_permission() override {
- return check_caps(s->user->caps);
+ return check_caps(s->user->get_caps());
}
void execute() override;
void send_response() override;
RGWOp_MDLog_Lock() {}
~RGWOp_MDLog_Lock() override {}
- int check_caps(RGWUserCaps& caps) override {
+ int check_caps(const RGWUserCaps& caps) override {
return caps.check_cap("mdlog", RGW_CAP_WRITE);
}
void execute() override;
RGWOp_MDLog_Unlock() {}
~RGWOp_MDLog_Unlock() override {}
- int check_caps(RGWUserCaps& caps) override {
+ int check_caps(const RGWUserCaps& caps) override {
return caps.check_cap("mdlog", RGW_CAP_WRITE);
}
void execute() override;
RGWOp_MDLog_Notify() {}
~RGWOp_MDLog_Notify() override {}
- int check_caps(RGWUserCaps& caps) override {
+ int check_caps(const RGWUserCaps& caps) override {
return caps.check_cap("mdlog", RGW_CAP_WRITE);
}
void execute() override;
RGWOp_MDLog_Delete() {}
~RGWOp_MDLog_Delete() override {}
- int check_caps(RGWUserCaps& caps) override {
+ int check_caps(const RGWUserCaps& caps) override {
return caps.check_cap("mdlog", RGW_CAP_WRITE);
}
void execute() override;
RGWOp_DATALog_List() : truncated(false), extra_info(false) {}
~RGWOp_DATALog_List() override {}
- int check_caps(RGWUserCaps& caps) override {
+ int check_caps(const RGWUserCaps& caps) override {
return caps.check_cap("datalog", RGW_CAP_READ);
}
int verify_permission() override {
- return check_caps(s->user->caps);
+ return check_caps(s->user->get_caps());
}
void execute() override;
void send_response() override;
RGWOp_DATALog_Info() : num_objects(0) {}
~RGWOp_DATALog_Info() override {}
- int check_caps(RGWUserCaps& caps) override {
+ int check_caps(const RGWUserCaps& caps) override {
return caps.check_cap("datalog", RGW_CAP_READ);
}
int verify_permission() override {
- return check_caps(s->user->caps);
+ return check_caps(s->user->get_caps());
}
void execute() override;
void send_response() override;
RGWOp_DATALog_ShardInfo() {}
~RGWOp_DATALog_ShardInfo() override {}
- int check_caps(RGWUserCaps& caps) override {
+ int check_caps(const RGWUserCaps& caps) override {
return caps.check_cap("datalog", RGW_CAP_READ);
}
int verify_permission() override {
- return check_caps(s->user->caps);
+ return check_caps(s->user->get_caps());
}
void execute() override;
void send_response() override;
RGWOp_DATALog_Notify() {}
~RGWOp_DATALog_Notify() override {}
- int check_caps(RGWUserCaps& caps) override {
+ int check_caps(const RGWUserCaps& caps) override {
return caps.check_cap("datalog", RGW_CAP_WRITE);
}
void execute() override;
RGWOp_DATALog_Delete() {}
~RGWOp_DATALog_Delete() override {}
- int check_caps(RGWUserCaps& caps) override {
+ int check_caps(const RGWUserCaps& caps) override {
return caps.check_cap("datalog", RGW_CAP_WRITE);
}
void execute() override;
RGWOp_Metadata_List() {}
~RGWOp_Metadata_List() override {}
- int check_caps(RGWUserCaps& caps) override {
+ int check_caps(const RGWUserCaps& caps) override {
return caps.check_cap("metadata", RGW_CAP_READ);
}
void execute() override;
RGWOp_Metadata_Get() {}
~RGWOp_Metadata_Get() override {}
- int check_caps(RGWUserCaps& caps) override {
+ int check_caps(const RGWUserCaps& caps) override {
return caps.check_cap("metadata", RGW_CAP_READ);
}
void execute() override;
RGWOp_Metadata_Put() {}
~RGWOp_Metadata_Put() override {}
- int check_caps(RGWUserCaps& caps) override {
+ int check_caps(const RGWUserCaps& caps) override {
return caps.check_cap("metadata", RGW_CAP_WRITE);
}
void execute() override;
RGWOp_Metadata_Delete() {}
~RGWOp_Metadata_Delete() override {}
- int check_caps(RGWUserCaps& caps) override {
+ int check_caps(const RGWUserCaps& caps) override {
return caps.check_cap("metadata", RGW_CAP_WRITE);
}
void execute() override;
// the topic ARN will be sent in the reply
const rgw::ARN arn(rgw::Partition::aws, rgw::Service::sns,
store->svc()->zone->get_zonegroup().get_name(),
- s->user->user_id.tenant, topic_name);
+ s->user->get_tenant(), topic_name);
topic_arn = arn.to_string();
return 0;
}
class RGWOp_Period_Get : public RGWOp_Period_Base {
public:
void execute() override;
- int check_caps(RGWUserCaps& caps) override {
+ int check_caps(const RGWUserCaps& caps) override {
return caps.check_cap("zone", RGW_CAP_READ);
}
int verify_permission() override {
- return check_caps(s->user->caps);
+ return check_caps(s->user->get_caps());
}
const char* name() const override { return "get_period"; }
};
class RGWOp_Period_Post : public RGWOp_Period_Base {
public:
void execute() override;
- int check_caps(RGWUserCaps& caps) override {
+ int check_caps(const RGWUserCaps& caps) override {
return caps.check_cap("zone", RGW_CAP_WRITE);
}
int verify_permission() override {
- return check_caps(s->user->caps);
+ return check_caps(s->user->get_caps());
}
const char* name() const override { return "post_period"; }
};
class RGWOp_Realm_Get : public RGWRESTOp {
std::unique_ptr<RGWRealm> realm;
public:
- int check_caps(RGWUserCaps& caps) override {
+ int check_caps(const RGWUserCaps& caps) override {
return caps.check_cap("zone", RGW_CAP_READ);
}
int verify_permission() override {
- return check_caps(s->user->caps);
+ return check_caps(s->user->get_caps());
}
void execute() override;
void send_response() override;
std::string default_id;
std::list<std::string> realms;
public:
- int check_caps(RGWUserCaps& caps) override {
+ int check_caps(const RGWUserCaps& caps) override {
return caps.check_cap("zone", RGW_CAP_READ);
}
int verify_permission() override {
- return check_caps(s->user->caps);
+ return check_caps(s->user->get_caps());
}
void execute() override;
void send_response() override;
}
string role_name = s->info.args.get("RoleName");
- RGWRole role(s->cct, store->getRados()->pctl, role_name, s->user->user_id.tenant);
+ RGWRole role(s->cct, store->getRados()->pctl, role_name, s->user->get_tenant());
if (op_ret = role.get(); op_ret < 0) {
if (op_ret == -ENOENT) {
op_ret = -ERR_NO_ROLE_FOUND;
return op_ret;
}
- if (int ret = check_caps(s->user->caps); ret == 0) {
+ if (int ret = check_caps(s->user->get_caps()); ret == 0) {
_role = std::move(role);
return ret;
}
s,
rgw::ARN(resource_name,
"role",
- s->user->user_id.tenant, true),
+ s->user->get_tenant(), true),
op)) {
return -EACCES;
}
end_header(s, this);
}
-int RGWRoleRead::check_caps(RGWUserCaps& caps)
+int RGWRoleRead::check_caps(const RGWUserCaps& caps)
{
return caps.check_cap("roles", RGW_CAP_READ);
}
-int RGWRoleWrite::check_caps(RGWUserCaps& caps)
+int RGWRoleWrite::check_caps(const RGWUserCaps& caps)
{
return caps.check_cap("roles", RGW_CAP_WRITE);
}
return -EACCES;
}
- if (int ret = check_caps(s->user->caps); ret == 0) {
+ if (int ret = check_caps(s->user->get_caps()); ret == 0) {
return ret;
}
s,
rgw::ARN(resource_name,
"role",
- s->user->user_id.tenant, true),
+ s->user->get_tenant(), true),
get_op())) {
return -EACCES;
}
bufferlist bl = bufferlist::static_from_string(trust_policy);
try {
- const rgw::IAM::Policy p(s->cct, s->user->user_id.tenant, bl);
+ const rgw::IAM::Policy p(s->cct, s->user->get_tenant(), bl);
}
catch (rgw::IAM::PolicyParseException& e) {
ldout(s->cct, 20) << "failed to parse policy: " << e.what() << dendl;
return;
}
RGWRole role(s->cct, store->getRados()->pctl, role_name, role_path, trust_policy,
- s->user->user_id.tenant, max_session_duration);
+ s->user->get_tenant(), max_session_duration);
op_ret = role.create(true);
if (op_ret == -EEXIST) {
return -EACCES;
}
- if (int ret = check_caps(s->user->caps); ret == 0) {
+ if (int ret = check_caps(s->user->get_caps()); ret == 0) {
return ret;
}
s,
rgw::ARN(resource_name,
"role",
- s->user->user_id.tenant, true),
+ s->user->get_tenant(), true),
get_op())) {
return -EACCES;
}
if (op_ret < 0) {
return;
}
- RGWRole role(s->cct, store->getRados()->pctl, role_name, s->user->user_id.tenant);
+ RGWRole role(s->cct, store->getRados()->pctl, role_name, s->user->get_tenant());
op_ret = role.get();
if (op_ret == -ENOENT) {
return -EACCES;
}
- if (int ret = check_caps(s->user->caps); ret == 0) {
+ if (int ret = check_caps(s->user->get_caps()); ret == 0) {
return ret;
}
return;
}
vector<RGWRole> result;
- op_ret = RGWRole::get_roles_by_path_prefix(store->getRados(), s->cct, path_prefix, s->user->user_id.tenant, result);
+ op_ret = RGWRole::get_roles_by_path_prefix(store->getRados(), s->cct, path_prefix, s->user->get_tenant(), result);
if (op_ret == 0) {
s->formatter->open_array_section("ListRolesResponse");
}
bufferlist bl = bufferlist::static_from_string(perm_policy);
try {
- const rgw::IAM::Policy p(s->cct, s->user->user_id.tenant, bl);
+ const rgw::IAM::Policy p(s->cct, s->user->get_tenant(), bl);
}
catch (rgw::IAM::PolicyParseException& e) {
ldout(s->cct, 20) << "failed to parse policy: " << e.what() << dendl;
class RGWRoleRead : public RGWRestRole {
public:
RGWRoleRead() = default;
- int check_caps(RGWUserCaps& caps) override;
+ int check_caps(const RGWUserCaps& caps) override;
};
class RGWRoleWrite : public RGWRestRole {
public:
RGWRoleWrite() = default;
- int check_caps(RGWUserCaps& caps) override;
+ int check_caps(const RGWUserCaps& caps) override;
};
class RGWCreateRole : public RGWRoleWrite {
if (! op_ret) {
list_all_buckets_start(s);
- dump_owner(s, s->user->user_id, s->user->display_name);
+ dump_owner(s, s->user->get_id(), s->user->get_display_name());
s->formatter->open_array_section("Buckets");
sent_data = true;
}
s->formatter->dump_string("StorageClass", storage_class.c_str());
}
if (fetchOwner == true) {
- dump_owner(s, s->user->user_id, s->user->display_name);
+ dump_owner(s, s->user->get_id(), s->user->get_display_name());
}
s->formatter->close_section();
}
auto& storage_class = rgw_placement_rule::get_canonical_storage_class(iter->meta.storage_class);
s->formatter->dump_string("StorageClass", storage_class.c_str());
if (fetchOwner == true) {
- dump_owner(s, s->user->user_id, s->user->display_name);
+ dump_owner(s, s->user->get_id(), s->user->get_display_name());
}
if (s->system_request) {
s->formatter->dump_string("RgwxTag", iter->tag);
return -EACCES;
} else {
/* Populate the owner info. */
- s->owner.set_id(s->user->user_id);
- s->owner.set_name(s->user->display_name);
+ s->owner.set_id(s->user->get_id());
+ s->owner.set_name(s->user->get_display_name());
ldpp_dout(this, 20) << "Successful Signature Verification!" << dendl;
}
s->formatter->dump_string("Key", mp.get_key());
}
s->formatter->dump_string("UploadId", mp.get_upload_id());
- dump_owner(s, s->user->user_id, s->user->display_name, "Initiator");
- dump_owner(s, s->user->user_id, s->user->display_name);
+ dump_owner(s, s->user->get_id(), s->user->get_display_name(), "Initiator");
+ dump_owner(s, s->user->get_id(), s->user->get_display_name());
s->formatter->dump_string("StorageClass", "STANDARD");
dump_time(s, "Initiated", &iter->obj.meta.mtime);
s->formatter->close_section();
if (isSTSEnabled) {
RGWHandler_REST_STS sts_handler(auth_registry, post_body);
sts_handler.init(store, s, s->cio);
- auto op = sts_handler.get_op(store);
+ auto op = sts_handler.get_op();
if (op) {
return op;
}
if (isIAMEnabled) {
RGWHandler_REST_IAM iam_handler(auth_registry, post_body);
iam_handler.init(store, s, s->cio);
- auto op = iam_handler.get_op(store);
+ auto op = iam_handler.get_op();
if (op) {
return op;
}
if (isPSEnabled) {
RGWHandler_REST_PSTopic_AWS topic_handler(auth_registry, post_body);
topic_handler.init(store, s, s->cio);
- auto op = topic_handler.get_op(store);
+ auto op = topic_handler.get_op();
if (op) {
return op;
}
{
struct req_init_state *t = &s->init_state;
- rgw_parse_url_bucket(t->url_bucket, s->user->user_id.tenant,
+ rgw_parse_url_bucket(t->url_bucket, s->user->get_tenant(),
s->bucket_tenant, s->bucket_name);
dout(10) << "s->object=" << (!s->object.empty() ? s->object : rgw_obj_key("<NULL>"))
}
if (!t->src_bucket.empty()) {
- rgw_parse_url_bucket(t->src_bucket, s->user->user_id.tenant,
+ rgw_parse_url_bucket(t->src_bucket, s->user->get_tenant(),
s->src_tenant_name, s->src_bucket_name);
ret = rgw_validate_tenant_name(s->src_tenant_name);
if (ret)
const char *mfa = s->info.env->get("HTTP_X_AMZ_MFA");
if (mfa) {
- ret = verify_mfa(store, s->user, string(mfa), &s->mfa_verified, s);
+ ret = verify_mfa(store, &s->user->get_info(), string(mfa), &s->mfa_verified, s);
}
return 0;
const auto ret = rgw::auth::Strategy::apply(dpp, auth_registry.get_s3_main(), s);
if (ret == 0) {
/* Populate the owner info. */
- s->owner.set_id(s->user->user_id);
- s->owner.set_name(s->user->display_name);
+ s->owner.set_id(s->user->get_id());
+ s->owner.set_name(s->user->get_display_name());
}
return ret;
}
int RGWREST_STS::verify_permission()
{
- STS::STSService _sts(s->cct, store, s->user->user_id, s->auth.identity.get());
+ STS::STSService _sts(s->cct, store, s->user->get_id(), s->auth.identity.get());
sts = std::move(_sts);
string rArn = s->info.args.get("RoleArn");
//Parse the policy
//TODO - This step should be part of Role Creation
try {
- const rgw::IAM::Policy p(s->cct, s->user->user_id.tenant, bl);
+ const rgw::IAM::Policy p(s->cct, s->user->get_tenant(), bl);
//Check if the input role arn is there as one of the Principals in the policy,
// If yes, then return 0, else -EPERM
auto p_res = p.eval_principal(s->env, *s->auth.identity);
rgw::Service service = rgw::Service::s3;
if (!verify_user_permission(this,
s,
- rgw::ARN(partition, service, "", s->user->user_id.tenant, ""),
+ rgw::ARN(partition, service, "", s->user->get_tenant(), ""),
rgw::IAM::stsGetSessionToken)) {
return -EACCES;
}
return;
}
- STS::STSService sts(s->cct, store, s->user->user_id, s->auth.identity.get());
+ STS::STSService sts(s->cct, store, s->user->get_id(), s->auth.identity.get());
STS::GetSessionTokenRequest req(duration, serialNumber, tokenCode);
const auto& [ret, creds] = sts.getSessionToken(req);
if (! policy.empty()) {
bufferlist bl = bufferlist::static_from_string(policy);
try {
- const rgw::IAM::Policy p(s->cct, s->user->user_id.tenant, bl);
+ const rgw::IAM::Policy p(s->cct, s->user->get_tenant(), bl);
}
catch (rgw::IAM::PolicyParseException& e) {
ldout(s->cct, 20) << "failed to parse policy: " << e.what() << "policy" << policy << dendl;
if (! policy.empty()) {
bufferlist bl = bufferlist::static_from_string(policy);
try {
- const rgw::IAM::Policy p(s->cct, s->user->user_id.tenant, bl);
+ const rgw::IAM::Policy p(s->cct, s->user->get_tenant(), bl);
}
catch (rgw::IAM::PolicyParseException& e) {
ldout(s->cct, 20) << "failed to parse policy: " << e.what() << "policy" << policy << dendl;
/* Dump TempURL-related stuff */
if (s->perm_mask == RGW_PERM_FULL_CONTROL) {
- auto iter = s->user->temp_url_keys.find(0);
- if (iter != std::end(s->user->temp_url_keys) && ! iter->second.empty()) {
+ auto iter = s->user->get_info().temp_url_keys.find(0);
+ if (iter != std::end(s->user->get_info().temp_url_keys) && ! iter->second.empty()) {
dump_header(s, "X-Account-Meta-Temp-Url-Key", iter->second);
}
- iter = s->user->temp_url_keys.find(1);
- if (iter != std::end(s->user->temp_url_keys) && ! iter->second.empty()) {
+ iter = s->user->get_info().temp_url_keys.find(1);
+ if (iter != std::end(s->user->get_info().temp_url_keys) && ! iter->second.empty()) {
dump_header(s, "X-Account-Meta-Temp-Url-Key-2", iter->second);
}
}
if (! op_ret) {
dump_start(s);
s->formatter->open_array_section_with_attrs("account",
- FormatterAttrs("name", s->user->display_name.c_str(), NULL));
+ FormatterAttrs("name", s->user->get_display_name().c_str(), NULL));
sent_data = true;
}
void RGWStatAccount_ObjStore_SWIFT::execute()
{
RGWStatAccount_ObjStore::execute();
- op_ret = store->ctl()->user->get_attrs_by_uid(s->user->user_id, &attrs, s->yield);
+ op_ret = store->ctl()->user->get_attrs_by_uid(s->user->get_id(), &attrs, s->yield);
}
void RGWStatAccount_ObjStore_SWIFT::send_response()
if (read_list || write_list) {
RGWAccessControlPolicy_SWIFT swift_policy(s->cct);
const auto r = swift_policy.create(store->ctl()->user,
- s->user->user_id,
- s->user->display_name,
+ s->user->get_id(),
+ s->user->get_display_name(),
read_list,
write_list,
*rw_mask);
}
if (!has_policy) {
- policy.create_default(s->user->user_id, s->user->display_name);
+ policy.create_default(s->user->get_id(), s->user->get_display_name());
}
location_constraint = store->svc()->zone->get_zonegroup().api_name;
if (bucket_name.compare(s->bucket.name) != 0) {
RGWBucketInfo bucket_info;
map<string, bufferlist> bucket_attrs;
- r = store->getRados()->get_bucket_info(store->svc(), s->user->user_id.tenant,
+ r = store->getRados()->get_bucket_info(store->svc(), s->user->get_id().tenant,
bucket_name, bucket_info, nullptr,
s->yield, &bucket_attrs);
if (r < 0) {
}
}
- policy.create_default(s->user->user_id, s->user->display_name);
+ policy.create_default(s->user->get_id(), s->user->get_display_name());
int r = get_delete_at_param(s, delete_at);
if (r < 0) {
if (acl_attr) {
RGWAccessControlPolicy_SWIFTAcct swift_acct_policy(s->cct);
const bool r = swift_acct_policy.create(store->ctl()->user,
- s->user->user_id,
- s->user->display_name,
+ s->user->get_id(),
+ s->user->get_display_name(),
string(acl_attr));
if (r != true) {
return -EINVAL;
int RGWCopyObj_ObjStore_SWIFT::init_dest_policy()
{
- dest_policy.create_default(s->user->user_id, s->user->display_name);
+ dest_policy.create_default(s->user->get_id(), s->user->get_display_name());
return 0;
}
/* Dump X-Copied-From-Account. */
/* XXX tenant */
- dump_header(s, "X-Copied-From-Account", url_encode(s->user->user_id.id));
+ dump_header(s, "X-Copied-From-Account", url_encode(s->user->get_id().id));
/* Dump X-Copied-From-Last-Modified. */
dump_time_header(s, "X-Copied-From-Last-Modified", src_mtime);
const std::string form_signature = get_part_str(ctrl_parts, "signature");
try {
- get_owner_info(s, *s->user);
+ get_owner_info(s, s->user->get_info());
s->auth.identity = rgw::auth::transform_old_authinfo(s);
} catch (...) {
ldpp_dout(this, 5) << "cannot get user_info of account's owner" << dendl;
return false;
}
- for (const auto& kv : s->user->temp_url_keys) {
+ for (const auto& kv : s->user->get_info().temp_url_keys) {
const int temp_url_key_num = kv.first;
const string& temp_url_key = kv.second;
return ret;
}
- policy.create_default(s->user->user_id, s->user->display_name);
+ policy.create_default(s->user->get_id(), s->user->get_display_name());
/* Let's start parsing the HTTP body by parsing each form part step-
* by-step till encountering the first part with file data. */
struct req_init_state* t = &s->init_state;
/* XXX Stub this until Swift Auth sets account into URL. */
- s->bucket_tenant = s->user->user_id.tenant;
+ s->bucket_tenant = s->user->get_tenant();
s->bucket_name = t->url_bucket;
dout(10) << "s->object=" <<
* We don't allow cross-tenant copy at present. It requires account
* names in the URL for Swift.
*/
- s->src_tenant_name = s->user->user_id.tenant;
+ s->src_tenant_name = s->user->get_tenant();
s->src_bucket_name = t->src_bucket;
ret = validate_bucket_name(s->src_bucket_name);
public:
RGWOp_Usage_Get() {}
- int check_caps(RGWUserCaps& caps) override {
+ int check_caps(const RGWUserCaps& caps) override {
return caps.check_cap("usage", RGW_CAP_READ);
}
void execute() override;
public:
RGWOp_Usage_Delete() {}
- int check_caps(RGWUserCaps& caps) override {
+ int check_caps(const RGWUserCaps& caps) override {
return caps.check_cap("usage", RGW_CAP_WRITE);
}
void execute() override;
public:
RGWOp_User_List() {}
- int check_caps(RGWUserCaps& caps) override {
+ int check_caps(const RGWUserCaps& caps) override {
return caps.check_cap("users", RGW_CAP_READ);
}
public:
RGWOp_User_Info() {}
- int check_caps(RGWUserCaps& caps) override {
+ int check_caps(const RGWUserCaps& caps) override {
return caps.check_cap("users", RGW_CAP_READ);
}
public:
RGWOp_User_Create() {}
- int check_caps(RGWUserCaps& caps) override {
+ int check_caps(const RGWUserCaps& caps) override {
return caps.check_cap("users", RGW_CAP_WRITE);
}
RESTArgs::get_bool(s, "exclusive", false, &exclusive);
RESTArgs::get_string(s, "op-mask", op_mask_str, &op_mask_str);
- if (!s->user->system && system) {
+ if (!s->user->get_info().system && system) {
ldout(s->cct, 0) << "cannot set system flag by non-system user" << dendl;
http_ret = -EINVAL;
return;
public:
RGWOp_User_Modify() {}
- int check_caps(RGWUserCaps& caps) override {
+ int check_caps(const RGWUserCaps& caps) override {
return caps.check_cap("users", RGW_CAP_WRITE);
}
RESTArgs::get_bool(s, "system", false, &system);
RESTArgs::get_string(s, "op-mask", op_mask_str, &op_mask_str);
- if (!s->user->system && system) {
+ if (!s->user->get_info().system && system) {
ldout(s->cct, 0) << "cannot set system flag by non-system user" << dendl;
http_ret = -EINVAL;
return;
public:
RGWOp_User_Remove() {}
- int check_caps(RGWUserCaps& caps) override {
+ int check_caps(const RGWUserCaps& caps) override {
return caps.check_cap("users", RGW_CAP_WRITE);
}
public:
RGWOp_Subuser_Create() {}
- int check_caps(RGWUserCaps& caps) override {
+ int check_caps(const RGWUserCaps& caps) override {
return caps.check_cap("users", RGW_CAP_WRITE);
}
public:
RGWOp_Subuser_Modify() {}
- int check_caps(RGWUserCaps& caps) override {
+ int check_caps(const RGWUserCaps& caps) override {
return caps.check_cap("users", RGW_CAP_WRITE);
}
public:
RGWOp_Subuser_Remove() {}
- int check_caps(RGWUserCaps& caps) override {
+ int check_caps(const RGWUserCaps& caps) override {
return caps.check_cap("users", RGW_CAP_WRITE);
}
public:
RGWOp_Key_Create() {}
- int check_caps(RGWUserCaps& caps) override {
+ int check_caps(const RGWUserCaps& caps) override {
return caps.check_cap("users", RGW_CAP_WRITE);
}
public:
RGWOp_Key_Remove() {}
- int check_caps(RGWUserCaps& caps) override {
+ int check_caps(const RGWUserCaps& caps) override {
return caps.check_cap("users", RGW_CAP_WRITE);
}
public:
RGWOp_Caps_Add() {}
- int check_caps(RGWUserCaps& caps) override {
+ int check_caps(const RGWUserCaps& caps) override {
return caps.check_cap("users", RGW_CAP_WRITE);
}
public:
RGWOp_Caps_Remove() {}
- int check_caps(RGWUserCaps& caps) override {
+ int check_caps(const RGWUserCaps& caps) override {
return caps.check_cap("users", RGW_CAP_WRITE);
}
public:
RGWOp_Quota_Info() {}
- int check_caps(RGWUserCaps& caps) override {
+ int check_caps(const RGWUserCaps& caps) override {
return caps.check_cap("users", RGW_CAP_READ);
}
public:
RGWOp_Quota_Set() {}
- int check_caps(RGWUserCaps& caps) override {
+ int check_caps(const RGWUserCaps& caps) override {
return caps.check_cap("users", RGW_CAP_WRITE);
}
return -EACCES;
}
- if(int ret = check_caps(s->user->caps); ret == 0) {
+ if(int ret = check_caps(s->user->get_caps()); ret == 0) {
return ret;
}
return true;
}
-int RGWUserPolicyRead::check_caps(RGWUserCaps& caps)
+int RGWUserPolicyRead::check_caps(const RGWUserCaps& caps)
{
return caps.check_cap("user-policy", RGW_CAP_READ);
}
-int RGWUserPolicyWrite::check_caps(RGWUserCaps& caps)
+int RGWUserPolicyWrite::check_caps(const RGWUserCaps& caps)
{
return caps.check_cap("user-policy", RGW_CAP_WRITE);
}
}
try {
- const Policy p(s->cct, s->user->user_id.tenant, bl);
+ const Policy p(s->cct, s->user->get_tenant(), bl);
map<string, string> policies;
if (auto it = uattrs.find(RGW_ATTR_USER_POLICY); it != uattrs.end()) {
bufferlist out_bl = uattrs[RGW_ATTR_USER_POLICY];
class RGWUserPolicyRead : public RGWRestUserPolicy {
public:
RGWUserPolicyRead() = default;
- int check_caps(RGWUserCaps& caps) override;
+ int check_caps(const RGWUserCaps& caps) override;
};
class RGWUserPolicyWrite : public RGWRestUserPolicy {
public:
RGWUserPolicyWrite() = default;
- int check_caps(RGWUserCaps& caps) override;
+ int check_caps(const RGWUserCaps& caps) override;
};
class RGWPutUserPolicy : public RGWUserPolicyWrite {
bool is_truncated = false;
int ret;
- ret = store->ctl()->user->list_buckets(user, marker, end_marker, max, need_stats, &ulist,
- &is_truncated);
+ ret = store->ctl()->user->list_buckets(info.user_id, marker, end_marker, max,
+ need_stats, &ulist, &is_truncated);
if (ret < 0)
return ret;
return NULL;
}
-std::string& RGWRadosUser::get_display_name()
+int RGWRadosUser::get_by_id(rgw_user id, optional_yield y)
+
{
- return info.display_name;
+ return store->ctl()->user->get_info_by_uid(id, &info, y);
}
RGWObject *RGWRadosBucket::create_object(const rgw_obj_key &key)
int RGWRadosBucket::sync_user_stats()
{
- return store->ctl()->bucket->sync_user_stats(user.user, info, &ent);
+ return store->ctl()->bucket->sync_user_stats(user.info.user_id, info, &ent);
}
int RGWRadosBucket::update_container_stats(void)
class RGWUser {
protected:
- rgw_user user;
RGWUserInfo info;
public:
- RGWUser() : user() {}
- RGWUser(const rgw_user& _u) : user(_u) {}
- RGWUser(const RGWUserInfo& _i) : user(_i.user_id), info(_i) {}
+ RGWUser() : info() {}
+ RGWUser(const rgw_user& _u) : info() { info.user_id = _u; }
+ RGWUser(const RGWUserInfo& _i) : info(_i) {}
virtual ~RGWUser() = default;
virtual int list_buckets(const string& marker, const string& end_marker,
uint64_t max, bool need_stats, RGWBucketList& buckets) = 0;
virtual RGWBucket* add_bucket(rgw_bucket& bucket, ceph::real_time creation_time) = 0;
friend class RGWBucket;
- virtual std::string& get_display_name() = 0;
+ virtual std::string& get_display_name() { return info.display_name; }
- std::string& get_tenant() { return user.tenant; }
+ std::string& get_tenant() { return info.user_id.tenant; }
+ const rgw_user& get_id() const { return info.user_id; }
+ uint32_t get_type() const { return info.type; }
+ int32_t get_max_buckets() const { return info.max_buckets; }
+ const RGWUserCaps& get_caps() const { return info.caps; }
/* xxx dang temporary; will be removed when User is complete */
- rgw_user& get_user() { return user; }
+ rgw_user& get_user() { return info.user_id; }
+ RGWUserInfo& get_info() { return info; }
};
class RGWBucket {
public:
RGWRadosUser(RGWRadosStore *_st, const rgw_user& _u) : RGWUser(_u), store(_st) { }
RGWRadosUser(RGWRadosStore *_st, const RGWUserInfo& _i) : RGWUser(_i), store(_st) { }
+ RGWRadosUser(RGWRadosStore *_st) : store(_st) { }
RGWRadosUser() {}
int list_buckets(const string& marker, const string& end_marker,
uint64_t max, bool need_stats, RGWBucketList& buckets);
RGWBucket* add_bucket(rgw_bucket& bucket, ceph::real_time creation_time);
- virtual std::string& get_display_name() override;
+
+ /* Placeholders */
+ int get_by_id(rgw_user id, optional_yield y);
friend class RGWRadosBucket;
};
list<pair<string, string> > conds;
- if (!s->user->system) {
- conds.push_back(make_pair("permissions", s->user->user_id.to_str()));
+ if (!s->user->get_info().system) {
+ conds.push_back(make_pair("permissions", s->user->get_id().to_str()));
}
if (!s->bucket_name.empty()) {
// the topic ARN will be sent in the reply
const rgw::ARN arn(rgw::Partition::aws, rgw::Service::sns,
store->svc()->zone->get_zonegroup().get_name(),
- s->user->user_id.tenant, topic_name);
+ s->user->get_tenant(), topic_name);
topic_arn = arn.to_string();
return 0;
}
std::cout << "creating: " << bucket_name << ":" << obj_name
<< std::endl;
}
- RGWPutObjRequest req(cct, fs_private->get_user(), bucket_name, obj_name,
+ rgw::sal::RGWRadosUser ruser(rgwlib.get_store(), *fs_private->get_user());
+ RGWPutObjRequest req(cct, &ruser, bucket_name, obj_name,
bl);
int rc = rgwlib.get_fe()->execute_req(&req);
int rc2 = req.get_ret();
TEST_F(IPPolicyTest, IPEnvironment) {
// Unfortunately RGWCivetWeb is too tightly tied to civetweb to test RGWCivetWeb::init_env.
RGWEnv rgw_env;
- RGWUserInfo user;
rgw::sal::RGWRadosStore store;
+ rgw::sal::RGWRadosUser user(&store);
rgw_env.set("REMOTE_ADDR", "192.168.1.1");
rgw_env.set("HTTP_HOST", "1.2.3.4");
req_state rgw_req_state(cct.get(), &rgw_env, &user, 0);
projects / ceph.git / commitdiff