From: Radoslaw Zarzynski <rzarzynski@mirantis.com>
Date: Wed, 19 Apr 2017 17:38:25 +0000 (+0200)
Subject: rgw: extend rgw::auth::Completer to handle commiting modifications to req_state.
X-Git-Tag: v12.1.0~155^2~36
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=2d4e000675e066747de111752ec79271529f18aa;p=ceph.git

rgw: extend rgw::auth::Completer to handle commiting modifications to req_state.

Signed-off-by: Radoslaw Zarzynski <rzarzynski@mirantis.com>
---

diff --git a/src/rgw/rgw_auth.h b/src/rgw/rgw_auth.h
index 819a33803854..e38baf31dc00 100644
--- a/src/rgw/rgw_auth.h
+++ b/src/rgw/rgw_auth.h
@@ -103,8 +103,8 @@ public:
   virtual void load_acct_info(RGWUserInfo& user_info) const = 0; /* out */
 
   /* Apply any changes to request state. This method will be most useful for
-   * TempURL of Swift API or AWSv4. */
-  virtual void modify_request_state(req_state * s) const {}      /* in/out */
+   * TempURL of Swift API. */
+  virtual void modify_request_state(req_state* s) const {}      /* in/out */
 };
 
 
@@ -126,7 +126,10 @@ public:
  *  E. execute-commit - commit the modifications from point C. */
 class Completer {
 public:
-  typedef std::unique_ptr<Completer> cmplptr_t;
+  /* It's expected that Completers would tend to implement many interfaces
+   * and be used not only in req_state::auth::completer. Ref counting their
+   * instances woild be helpful. */
+  typedef std::shared_ptr<Completer> cmplptr_t;
 
   virtual ~Completer() = default;
 
@@ -134,6 +137,10 @@ public:
    * the completion succeeded. On error throws rgw::auth::Exception storing
    * the reason. */
   virtual bool complete() = 0;
+
+  /* Apply any changes to request state. The initial use case was injecting
+   * the AWSv4 filter over rgw::io::RestfulClient in req_state. */
+  virtual void modify_request_state(req_state* s) = 0;     /* in/out */
 };
 
 
diff --git a/src/rgw/rgw_common.h b/src/rgw/rgw_common.h
index a0de9b33a2c9..c36f377bd51b 100644
--- a/src/rgw/rgw_common.h
+++ b/src/rgw/rgw_common.h
@@ -1776,7 +1776,7 @@ struct req_state {
      * through a well-defined interface. For more details, see rgw_auth.h. */
     std::unique_ptr<rgw::auth::Identity> identity;
 
-    std::unique_ptr<rgw::auth::Completer> completer;
+    std::shared_ptr<rgw::auth::Completer> completer;
 
     /* A container for credentials of the S3's browser upload. It's necessary
      * because: 1) the ::authenticate() method of auth engines and strategies
diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc
index e1fc2a4d6f89..c7d0a6243606 100644
--- a/src/rgw/rgw_rest_s3.cc
+++ b/src/rgw/rgw_rest_s3.cc
@@ -1780,11 +1780,21 @@ int RGWPostObj_ObjStore_S3::get_policy()
 
         try {
           auto applier = result.get_applier();
+          auto completer = result.get_completer();
 
           applier->load_acct_info(*s->user);
           s->perm_mask = applier->get_perm_mask();
+
+          /* This is the signle place where we pass req_state as a pointer
+           * to non-const and thus its modification is allowed. In the time
+           * of writing only RGWTempURLEngine needed that feature. */
           applier->modify_request_state(s);
+          if (completer) {
+            completer->modify_request_state(s);
+          }
+
           s->auth.identity = std::move(applier);
+          s->auth.completer = std::move(completer);
 
           s->owner.set_id(s->user->user_id);
           s->owner.set_name(s->user->display_name);
@@ -3715,13 +3725,21 @@ int RGW_Auth_S3::authorize_v2(RGWRados* const store,
     }
     try {
       auto applier = result.get_applier();
+      auto completer = result.get_completer();
 
       applier->load_acct_info(*s->user);
       s->perm_mask = applier->get_perm_mask();
+
+      /* This is the signle place where we pass req_state as a pointer
+       * to non-const and thus its modification is allowed. In the time
+       * of writing only RGWTempURLEngine needed that feature. */
       applier->modify_request_state(s);
+      if (completer) {
+        completer->modify_request_state(s);
+      }
 
       s->auth.identity = std::move(applier);
-      s->auth.completer = result.get_completer();
+      s->auth.completer = std::move(completer);
 
       /* Populate the owner info. */
       s->owner.set_id(s->user->user_id);
diff --git a/src/rgw/rgw_rest_swift.cc b/src/rgw/rgw_rest_swift.cc
index f745e8d4913e..9c7720be8bc7 100644
--- a/src/rgw/rgw_rest_swift.cc
+++ b/src/rgw/rgw_rest_swift.cc
@@ -2489,6 +2489,7 @@ int RGWHandler_REST_SWIFT::authorize()
 
     try {
       rgw::auth::IdentityApplier::aplptr_t applier = result.get_applier();
+      rgw::auth::Completer::cmplptr_t completer = result.get_completer();
 
       /* Account used by a given RGWOp is decoupled from identity employed
        * in the authorization phase (RGWOp::verify_permissions). */
@@ -2499,9 +2500,12 @@ int RGWHandler_REST_SWIFT::authorize()
        * to non-const and thus its modification is allowed. In the time
        * of writing only RGWTempURLEngine needed that feature. */
       applier->modify_request_state(s);
+      if (completer) {
+        completer->modify_request_state(s);
+      }
 
       s->auth.identity = std::move(applier);
-      s->auth.completer = std::move(result.get_completer());
+      s->auth.completer = std::move(completer);
 
       return 0;
     } catch (int err) {