From: Radoslaw Zarzynski Date: Wed, 3 Feb 2016 18:38:25 +0000 (+0100) Subject: rgw: handle Keystone API version with dedicated enum. X-Git-Tag: v10.1.0~352^2~5 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=92764d423a0d9e97ed6f197194b59b0865a37586;p=ceph.git rgw: handle Keystone API version with dedicated enum. Signed-off-by: Radoslaw Zarzynski --- diff --git a/src/common/config_opts.h b/src/common/config_opts.h index 5a6d1ce3a49..3190d19eaf7 100644 --- a/src/common/config_opts.h +++ b/src/common/config_opts.h @@ -1188,7 +1188,7 @@ OPTION(rgw_keystone_admin_password, OPT_STR, "") // keystone admin user passwor OPTION(rgw_keystone_admin_tenant, OPT_STR, "") // keystone admin user tenant (for keystone v2.0) OPTION(rgw_keystone_admin_project, OPT_STR, "") // keystone admin user project (for keystone v3) OPTION(rgw_keystone_admin_domain, OPT_STR, "") // keystone admin user domain -OPTION(rgw_keystone_api_version, OPT_STR, "2.0") // Version of Keystone API to use ("2.0" or "3") +OPTION(rgw_keystone_api_version, OPT_INT, 2) // Version of Keystone API to use (2 or 3) OPTION(rgw_keystone_accepted_roles, OPT_STR, "Member, admin") // roles required to serve requests OPTION(rgw_keystone_token_cache_size, OPT_INT, 10000) // max number of entries in keystone token cache OPTION(rgw_keystone_revocation_interval, OPT_INT, 15 * 60) // seconds between tokens revocation check diff --git a/src/rgw/rgw_json_enc.cc b/src/rgw/rgw_json_enc.cc index e7c6615cd20..57c76770adc 100644 --- a/src/rgw/rgw_json_enc.cc +++ b/src/rgw/rgw_json_enc.cc @@ -1094,10 +1094,14 @@ void KeystoneToken::User::decode_json(JSONObj *obj) void KeystoneToken::decode_json(JSONObj *root_obj) { - if (version == "2.0") { + JSONDecoder::decode_json("user", user, root_obj, true); + + if (version == KeystoneApiVersion::VER_2) { JSONDecoder::decode_json("token", token, root_obj, true); - } - if (version == "3") { + + roles = user.roles_v2; + project = token.tenant_v2; + } else if (version == KeystoneApiVersion::VER_3) { string expires_iso8601; struct tm t; @@ -1112,12 +1116,6 @@ void KeystoneToken::decode_json(JSONObj *root_obj) JSONDecoder::decode_json("roles", roles, root_obj, true); JSONDecoder::decode_json("project", project, root_obj, true); } - - JSONDecoder::decode_json("user", user, root_obj, true); - if (version == "2.0") { - roles = user.roles_v2; - project = token.tenant_v2; - } } void rgw_slo_entry::decode_json(JSONObj *obj) diff --git a/src/rgw/rgw_keystone.cc b/src/rgw/rgw_keystone.cc index 5188ec81b5a..2171d1ec7e9 100644 --- a/src/rgw/rgw_keystone.cc +++ b/src/rgw/rgw_keystone.cc @@ -14,7 +14,23 @@ #define dout_subsys ceph_subsys_rgw -bool KeystoneToken::has_role(const string& r) { +KeystoneApiVersion KeystoneService::get_api_version() +{ + const int keystone_version = g_ceph_context->_conf->rgw_keystone_api_version; + + if (keystone_version == 3) { + return KeystoneApiVersion::VER_3; + } else if (keystone_version == 2) { + return KeystoneApiVersion::VER_2; + } else { + dout(0) << "ERROR: wrong Keystone API version: " << keystone_version + << "; falling back to v2" << dendl; + return KeystoneApiVersion::VER_2; + } +} + +bool KeystoneToken::has_role(const string& r) +{ list::iterator iter; for (iter = roles.begin(); iter != roles.end(); ++iter) { if (fnmatch(r.c_str(), ((*iter).name.c_str()), 0) == 0) { @@ -33,10 +49,9 @@ int KeystoneToken::parse(CephContext *cct, bufferlist& bl) } try { - if (version == "2.0") { + if (version == KeystoneApiVersion::VER_2) { JSONDecoder::decode_json("access", *this, &parser); - } - if (version == "3") { + } else if (version == KeystoneApiVersion::VER_3) { JSONDecoder::decode_json("token", *this, &parser); } } catch (JSONDecoder::err& err) { diff --git a/src/rgw/rgw_keystone.h b/src/rgw/rgw_keystone.h index 23e76720a13..af829e33541 100644 --- a/src/rgw/rgw_keystone.h +++ b/src/rgw/rgw_keystone.h @@ -6,9 +6,19 @@ #include "rgw_common.h" +enum class KeystoneApiVersion { + VER_2, + VER_3 +}; + +class KeystoneService { +public: + static KeystoneApiVersion get_api_version(); +}; + class KeystoneToken { protected: - string version; + KeystoneApiVersion version; public: class Domain { @@ -56,8 +66,9 @@ public: list roles; public: - KeystoneToken() : version("") {}; - KeystoneToken(string _version) : version(_version) {}; + // FIXME: default ctor needs to be eradicated here + KeystoneToken() : version(KeystoneApiVersion::VER_2) {}; + KeystoneToken(KeystoneApiVersion _version) : version(_version) {}; time_t get_expires() { return token.expires; } string get_domain_id() {return project.domain.id;}; string get_domain_name() {return project.domain.name;}; diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc index 1e5c883e89d..3a0203eae3f 100644 --- a/src/rgw/rgw_rest_s3.cc +++ b/src/rgw/rgw_rest_s3.cc @@ -2673,7 +2673,7 @@ int RGW_Auth_S3_Keystone_ValidateToken::validate_s3token( string keystone_version = cct->_conf->rgw_keystone_api_version; if (keystone_url[keystone_url.size() - 1] != '/') keystone_url.append("/"); - if (keystone_version == "3") { + if (KeystoneService::get_api_version() == KeystoneApiVersion::VER_3) { keystone_url.append("v3/s3tokens"); } else { diff --git a/src/rgw/rgw_rest_s3.h b/src/rgw/rgw_rest_s3.h index e0ce93609fb..97dbaf4b1ab 100644 --- a/src/rgw/rgw_rest_s3.h +++ b/src/rgw/rgw_rest_s3.h @@ -357,7 +357,7 @@ private: public: explicit RGW_Auth_S3_Keystone_ValidateToken(CephContext *_cct) : RGWHTTPClient(_cct), - response(KeystoneToken(_cct->_conf->rgw_keystone_api_version)) { + response(KeystoneToken(KeystoneService::get_api_version())) { get_str_list(cct->_conf->rgw_keystone_accepted_roles, roles_list); } diff --git a/src/rgw/rgw_swift.cc b/src/rgw/rgw_swift.cc index 9660fa5f0b1..3dd51e6b1c8 100644 --- a/src/rgw/rgw_swift.cc +++ b/src/rgw/rgw_swift.cc @@ -287,8 +287,9 @@ int RGWSwift::get_keystone_admin_token(CephContext * const cct, RGWGetKeystoneAdminToken token_req(cct, &token_bl); token_req.append_header("Content-Type", "application/json"); JSONFormatter jf; - std::string keystone_version = cct->_conf->rgw_keystone_api_version; - if (keystone_version == "2.0") { + + const auto keystone_version = KeystoneService::get_api_version(); + if (keystone_version == KeystoneApiVersion::VER_2) { KeystoneAdminTokenRequestVer2 req_serializer(cct); req_serializer.dump(&jf); @@ -305,7 +306,7 @@ int RGWSwift::get_keystone_admin_token(CephContext * const cct, return -EINVAL; token = t.token.id; return 0; - } else if (keystone_version == "3") { + } else if (keystone_version == KeystoneApiVersion::VER_3) { KeystoneAdminTokenRequestVer3 req_serializer(cct); req_serializer.dump(&jf); @@ -337,11 +338,11 @@ int RGWSwift::check_revoked() if (get_keystone_url(url) < 0) return -EINVAL; req.append_header("X-Auth-Token", token); - std::string keystone_version = cct->_conf->rgw_keystone_api_version; - if (keystone_version == "2.0") { + + const auto keystone_version = KeystoneService::get_api_version(); + if (keystone_version == KeystoneApiVersion::VER_2) { url.append("v2.0/tokens/revoked"); - } - if (keystone_version == "3") { + } else if (keystone_version == KeystoneApiVersion::VER_3) { url.append("v3/auth/tokens/OS-PKI/revoked"); } req.set_send_length(0); @@ -510,7 +511,7 @@ static bool decode_pki_token(CephContext *cct, const string& token, bufferlist& int RGWSwift::validate_keystone_token(RGWRados *store, const string& token, struct rgw_swift_auth_info *info, RGWUserInfo& rgw_user) { - KeystoneToken t(g_conf->rgw_keystone_api_version); + KeystoneToken t(KeystoneService::get_api_version()); string token_id; get_token_id(token, token_id); @@ -554,12 +555,12 @@ int RGWSwift::validate_keystone_token(RGWRados *store, const string& token, stru validate.append_header("X-Auth-Token", admin_token); - std::string keystone_version = cct->_conf->rgw_keystone_api_version; - if (keystone_version == "2.0") { + const auto keystone_version = KeystoneService::get_api_version(); + if (keystone_version == KeystoneApiVersion::VER_2) { url.append("v2.0/tokens/"); url.append(token); } - if (keystone_version == "3") { + if (keystone_version == KeystoneApiVersion::VER_3) { url.append("v3/auth/tokens"); validate.append_header("X-Subject-Token", token); }