From: Yehuda Sadeh Date: Wed, 17 Jan 2018 00:53:31 +0000 (-0800) Subject: rgw: aws sync: sync acls X-Git-Tag: v13.1.0~270^2~24 X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=9daa49e915351c4af9139dbc7f1aaf8dcc813cc5;p=ceph-ci.git rgw: aws sync: sync acls still not transforming acls according to configuration Signed-off-by: Yehuda Sadeh --- diff --git a/src/rgw/rgw_sync_module_aws.cc b/src/rgw/rgw_sync_module_aws.cc index fe6b2df8cbd..491dc5537cb 100644 --- a/src/rgw/rgw_sync_module_aws.cc +++ b/src/rgw/rgw_sync_module_aws.cc @@ -564,6 +564,33 @@ public: ldout(sync_env->cct, 20) << __func__ << ":" << " headers=" << headers << " extra_data.length()=" << extra_data.length() << dendl; + if (extra_data.length() > 0) { + JSONParser jp; + if (!jp.parse(extra_data.c_str(), extra_data.length())) { + ldout(sync_env->cct, 0) << "ERROR: failed to parse response extra data. len=" << extra_data.length() << " data=" << extra_data.c_str() << dendl; + return -EIO; + } + + map src_attrs; + + JSONDecoder::decode_json("attrs", src_attrs, &jp); + + info->acls.set_ctx(sync_env->cct); + auto aiter = src_attrs.find(RGW_ATTR_ACL); + if (aiter != src_attrs.end()) { + bufferlist& bl = aiter->second; + bufferlist::iterator bliter = bl.begin(); + try { + info->acls.decode(bliter); + } catch (buffer::error& err) { + ldout(sync_env->cct, 0) << "ERROR: failed to decode policy off extra data" << dendl; + return -EIO; + } + } else { + ldout(sync_env->cct, 0) << "WARNING: acl attrs not provided in extra data" << dendl; + } + } + return 0; } @@ -612,11 +639,87 @@ public: void send_ready(const rgw_rest_obj& rest_obj) override { RGWRESTStreamS3PutObj *r = (RGWRESTStreamS3PutObj *)req; - RGWAccessControlPolicy policy; + map new_attrs = rest_obj.attrs; + + auto acl = rest_obj.acls.get_acl(); + + map > access_map; + + for (auto& grant : acl.get_grant_map()) { + auto& grantee = grant.first; + auto& perm = grant.second; + + string type; + + switch (perm.get_type().get_type()) { + case ACL_TYPE_CANON_USER: + type = "id"; + break; + case ACL_TYPE_EMAIL_USER: + type = "emailAddress"; + break; + case ACL_TYPE_GROUP: + type = "uri"; + break; + default: + continue; + } + + string tv = type + "=" + grantee; + + int flags = perm.get_permission().get_permissions(); + if ((flags & RGW_PERM_FULL_CONTROL) == RGW_PERM_FULL_CONTROL) { + access_map[flags].push_back(tv); + continue; + } + + for (int i = 1; i <= RGW_PERM_WRITE_ACP; i <<= 1) { + if (flags & i) { + access_map[i].push_back(tv); + } + } + } + + for (auto aiter : access_map) { + int grant_type = aiter.first; + + string header_str("x-amz-grant-"); + + switch (grant_type) { + case RGW_PERM_READ: + header_str.append("read"); + break; + case RGW_PERM_WRITE: + header_str.append("write"); + break; + case RGW_PERM_READ_ACP: + header_str.append("read-acp"); + break; + case RGW_PERM_WRITE_ACP: + header_str.append("write-acp"); + break; + case RGW_PERM_FULL_CONTROL: + header_str.append("full-control"); + break; + } + + string s; + + for (auto viter : aiter.second) { + if (!s.empty()) { + s.append(", "); + } + s.append(viter); + } + + new_attrs[header_str] = s; + } r->set_send_length(rest_obj.content_len); - r->send_ready(conn->get_key(), rest_obj.attrs, policy, false); + RGWAccessControlPolicy policy; + + r->send_ready(conn->get_key(), new_attrs, policy, false); } void handle_headers(const map& headers) {