From: Casey Bodley Date: Thu, 11 Jan 2024 23:41:03 +0000 (-0500) Subject: rgw/rest: simplify RGWRestUserPolicy hierarchy X-Git-Tag: testing/wip-yuriw-testing-20240416.150233~10^2~106 X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=e1371735dad0c740ab2145b760f2928a1d0fe791;p=ceph-ci.git rgw/rest: simplify RGWRestUserPolicy hierarchy base class constructor takes `uint64_t action` instead of overriding the virtual `get_op()` on each subclass constructor takes `uint32_t perm` instead of deriving separate base classes RGWUserPolicyRead/Write for check_caps() permission Signed-off-by: Casey Bodley (cherry picked from commit 6d61c397a84efde7e99ed7c00d2216990f0d9884) --- diff --git a/src/rgw/rgw_rest_user_policy.cc b/src/rgw/rgw_rest_user_policy.cc index e43434d730f..6ef3ab04a17 100644 --- a/src/rgw/rgw_rest_user_policy.cc +++ b/src/rgw/rgw_rest_user_policy.cc @@ -22,6 +22,11 @@ #define dout_subsys ceph_subsys_rgw +RGWRestUserPolicy::RGWRestUserPolicy(uint64_t action, uint32_t perm) + : action(action), perm(perm) +{ +} + void RGWRestUserPolicy::send_response() { if (op_ret) { @@ -62,6 +67,11 @@ int RGWRestUserPolicy::init_processing(optional_yield y) return r; } +int RGWRestUserPolicy::check_caps(const RGWUserCaps& caps) +{ + return caps.check_cap("user-policy", perm); +} + int RGWRestUserPolicy::verify_permission(optional_yield y) { if (s->auth.identity->is_anonymous()) { @@ -72,27 +82,16 @@ int RGWRestUserPolicy::verify_permission(optional_yield y) return 0; } - uint64_t op = get_op(); - if (! verify_user_permission(this, s, user_arn, op)) { + if (! verify_user_permission(this, s, user_arn, action)) { return -EACCES; } return 0; } -int RGWUserPolicyRead::check_caps(const RGWUserCaps& caps) -{ - return caps.check_cap("user-policy", RGW_CAP_READ); -} -int RGWUserPolicyWrite::check_caps(const RGWUserCaps& caps) +RGWPutUserPolicy::RGWPutUserPolicy() + : RGWRestUserPolicy(rgw::IAM::iamPutUserPolicy, RGW_CAP_WRITE) { - return caps.check_cap("user-policy", RGW_CAP_WRITE); -} - - -uint64_t RGWPutUserPolicy::get_op() -{ - return rgw::IAM::iamPutUserPolicy; } int RGWPutUserPolicy::get_params() @@ -108,7 +107,7 @@ int RGWPutUserPolicy::get_params() return -EINVAL; } - return RGWUserPolicyWrite::get_params(); + return RGWRestUserPolicy::get_params(); } void RGWPutUserPolicy::execute(optional_yield y) @@ -170,9 +169,10 @@ void RGWPutUserPolicy::execute(optional_yield y) } } -uint64_t RGWGetUserPolicy::get_op() + +RGWGetUserPolicy::RGWGetUserPolicy() + : RGWRestUserPolicy(rgw::IAM::iamGetUserPolicy, RGW_CAP_READ) { - return rgw::IAM::iamGetUserPolicy; } int RGWGetUserPolicy::get_params() @@ -182,7 +182,7 @@ int RGWGetUserPolicy::get_params() return -EINVAL; } - return RGWUserPolicyRead::get_params(); + return RGWRestUserPolicy::get_params(); } void RGWGetUserPolicy::execute(optional_yield y) @@ -217,9 +217,10 @@ void RGWGetUserPolicy::execute(optional_yield y) s->formatter->close_section(); } -uint64_t RGWListUserPolicies::get_op() + +RGWListUserPolicies::RGWListUserPolicies() + : RGWRestUserPolicy(rgw::IAM::iamListUserPolicies, RGW_CAP_READ) { - return rgw::IAM::iamListUserPolicies; } void RGWListUserPolicies::execute(optional_yield y) @@ -249,9 +250,10 @@ void RGWListUserPolicies::execute(optional_yield y) s->formatter->close_section(); // ListUserPoliciesResponse } -uint64_t RGWDeleteUserPolicy::get_op() + +RGWDeleteUserPolicy::RGWDeleteUserPolicy() + : RGWRestUserPolicy(rgw::IAM::iamDeleteUserPolicy, RGW_CAP_WRITE) { - return rgw::IAM::iamDeleteUserPolicy; } int RGWDeleteUserPolicy::get_params() @@ -261,7 +263,7 @@ int RGWDeleteUserPolicy::get_params() return -EINVAL; } - return RGWUserPolicyWrite::get_params(); + return RGWRestUserPolicy::get_params(); } void RGWDeleteUserPolicy::execute(optional_yield y) diff --git a/src/rgw/rgw_rest_user_policy.h b/src/rgw/rgw_rest_user_policy.h index 9db69aa5fd0..d14d2f51573 100644 --- a/src/rgw/rgw_rest_user_policy.h +++ b/src/rgw/rgw_rest_user_policy.h @@ -9,6 +9,10 @@ class RGWRestUserPolicy : public RGWRESTOp { protected: + RGWRestUserPolicy(uint64_t action, uint32_t perm); + + uint64_t action; + uint32_t perm; std::unique_ptr user; rgw::ARN user_arn; std::string policy_name; @@ -20,58 +24,42 @@ protected: public: int init_processing(optional_yield y) override; + int check_caps(const RGWUserCaps& caps) override; int verify_permission(optional_yield y) override; - virtual uint64_t get_op() = 0; void send_response() override; }; -class RGWUserPolicyRead : public RGWRestUserPolicy { -public: - RGWUserPolicyRead() = default; - int check_caps(const RGWUserCaps& caps) override; -}; - -class RGWUserPolicyWrite : public RGWRestUserPolicy { -public: - RGWUserPolicyWrite() = default; - int check_caps(const RGWUserCaps& caps) override; -}; - -class RGWPutUserPolicy : public RGWUserPolicyWrite { +class RGWPutUserPolicy : public RGWRestUserPolicy { int get_params() override; public: - RGWPutUserPolicy() = default; + RGWPutUserPolicy(); void execute(optional_yield y) override; const char* name() const override { return "put_user_policy"; } - uint64_t get_op() override; RGWOpType get_type() override { return RGW_OP_PUT_USER_POLICY; } }; -class RGWGetUserPolicy : public RGWUserPolicyRead { +class RGWGetUserPolicy : public RGWRestUserPolicy { int get_params() override; public: - RGWGetUserPolicy() = default; + RGWGetUserPolicy(); void execute(optional_yield y) override; const char* name() const override { return "get_user_policy"; } - uint64_t get_op() override; RGWOpType get_type() override { return RGW_OP_GET_USER_POLICY; } }; -class RGWListUserPolicies : public RGWUserPolicyRead { +class RGWListUserPolicies : public RGWRestUserPolicy { public: - RGWListUserPolicies() = default; + RGWListUserPolicies(); void execute(optional_yield y) override; const char* name() const override { return "list_user_policies"; } - uint64_t get_op() override; RGWOpType get_type() override { return RGW_OP_LIST_USER_POLICIES; } }; -class RGWDeleteUserPolicy : public RGWUserPolicyWrite { +class RGWDeleteUserPolicy : public RGWRestUserPolicy { int get_params() override; public: - RGWDeleteUserPolicy() = default; + RGWDeleteUserPolicy(); void execute(optional_yield y) override; const char* name() const override { return "delete_user_policy"; } - uint64_t get_op() override; RGWOpType get_type() override { return RGW_OP_DELETE_USER_POLICY; } };