From: Radoslaw Zarzynski Date: Fri, 20 May 2016 13:28:52 +0000 (+0200) Subject: rgw, optimization: switch to std::string& when possible in the new auth. X-Git-Tag: v11.0.0~283^2~9 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=fb352093634bc0858f75866e62da5e8db4fbb9d8;p=ceph.git rgw, optimization: switch to std::string& when possible in the new auth. Signed-off-by: Radoslaw Zarzynski --- diff --git a/src/rgw/rgw_acl.cc b/src/rgw/rgw_acl.cc index bbd19a71781f..f43e87b0feb3 100644 --- a/src/rgw/rgw_acl.cc +++ b/src/rgw/rgw_acl.cc @@ -79,7 +79,7 @@ int RGWAccessControlList::get_referer_perm(const std::string http_referer, /* FIXME: C++11 doesn't have std::rbegin nor std::rend. We would like to * switch when C++14 becomes available. */ const auto iter = std::find_if(referer_list.crbegin(), referer_list.crend(), - [http_referer](const ACLReferer& r) -> bool { + [&http_referer](const ACLReferer& r) -> bool { return r.is_match(http_referer); } ); diff --git a/src/rgw/rgw_acl_swift.cc b/src/rgw/rgw_acl_swift.cc index eb0afe4cc1ce..7f0759213b2b 100644 --- a/src/rgw/rgw_acl_swift.cc +++ b/src/rgw/rgw_acl_swift.cc @@ -214,7 +214,7 @@ void RGWAccessControlPolicy_SWIFTAcct::add_grants(RGWRados * const store, const std::vector& uids, const int perm) { - for (const auto uid : uids) { + for (const auto& uid : uids) { ACLGrant grant; RGWUserInfo grant_user; @@ -290,7 +290,7 @@ void RGWAccessControlPolicy_SWIFTAcct::to_str(std::string& acl_str) const std::vector readonly; /* Parition the grant map into three not-overlapping groups. */ - for (const auto item : get_acl().get_grant_map()) { + for (const auto& item : get_acl().get_grant_map()) { const ACLGrant& grant = item.second; const int perm = grant.get_permission().get_permissions(); diff --git a/src/rgw/rgw_auth.cc b/src/rgw/rgw_auth.cc index 1089fd283df0..a89dedcb011c 100644 --- a/src/rgw/rgw_auth.cc +++ b/src/rgw/rgw_auth.cc @@ -149,7 +149,7 @@ std::string RGWRemoteAuthApplier::to_str() const return ss.str(); } -void RGWRemoteAuthApplier::create_account(const rgw_user acct_user, +void RGWRemoteAuthApplier::create_account(const rgw_user& acct_user, RGWUserInfo& user_info) const /* out */ { rgw_user new_acct_user = acct_user; @@ -310,7 +310,7 @@ bool RGWKeystoneAuthEngine::is_applicable() const noexcept return false == cct->_conf->rgw_keystone_url.empty(); } -KeystoneToken RGWKeystoneAuthEngine::decode_pki_token(const std::string token) const +KeystoneToken RGWKeystoneAuthEngine::decode_pki_token(const std::string& token) const { bufferlist token_body_bl; int ret = rgw_decode_b64_cms(cct, token, token_body_bl); @@ -330,7 +330,7 @@ KeystoneToken RGWKeystoneAuthEngine::decode_pki_token(const std::string token) c return token_body; } -KeystoneToken RGWKeystoneAuthEngine::get_from_keystone(const std::string token) const +KeystoneToken RGWKeystoneAuthEngine::get_from_keystone(const std::string& token) const { bufferlist token_body_bl; RGWValidateKeystoneToken validate(cct, &token_body_bl); @@ -380,7 +380,7 @@ RGWKeystoneAuthEngine::get_creds_info(const KeystoneToken& token, { /* Check whether the user has an admin status. */ bool is_admin = false; - for (const auto admin_role : admin_roles) { + for (const auto& admin_role : admin_roles) { if (token.has_role(admin_role)) { is_admin = true; break; @@ -399,8 +399,8 @@ RGWKeystoneAuthEngine::get_creds_info(const KeystoneToken& token, }; } -static inline const std::string make_spec_item(const std::string tenant, - const std::string id) +static inline const std::string make_spec_item(const std::string& tenant, + const std::string& id) { return tenant + ":" + id; } @@ -409,12 +409,12 @@ RGWKeystoneAuthEngine::acl_strategy_t RGWKeystoneAuthEngine::get_acl_strategy(const KeystoneToken& token) const { /* The primary identity is constructed upon UUIDs. */ - const auto tenant_uuid = token.get_project_id(); - const auto user_uuid = token.get_user_id(); + const auto& tenant_uuid = token.get_project_id(); + const auto& user_uuid = token.get_user_id(); /* For Keystone v2 an alias may be also used. */ - const auto tenant_name = token.get_project_name(); - const auto user_name = token.get_user_name(); + const auto& tenant_name = token.get_project_name(); + const auto& user_name = token.get_user_name(); /* Construct all possible combinations including Swift's wildcards. */ const std::vector allowed_items = { @@ -465,7 +465,7 @@ RGWAuthApplier::aplptr_t RGWKeystoneAuthEngine::authenticate() const /* Token ID is a concept that makes dealing with PKI tokens more effective. * Instead of storing several kilobytes, a short hash can be burried. */ - const auto token_id = rgw_get_token_id(token); + const auto& token_id = rgw_get_token_id(token); ldout(cct, 20) << "token_id=" << token_id << dendl; /* Check cache first. */ @@ -499,7 +499,7 @@ RGWAuthApplier::aplptr_t RGWKeystoneAuthEngine::authenticate() const } /* Check for necessary roles. */ - for (const auto role : roles.plain) { + for (const auto& role : roles.plain) { if (t.has_role(role) == true) { ldout(cct, 0) << "validated token: " << t.get_project_name() << ":" << t.get_user_name() diff --git a/src/rgw/rgw_auth.h b/src/rgw/rgw_auth.h index 993319a54249..67abdfe80b14 100644 --- a/src/rgw/rgw_auth.h +++ b/src/rgw/rgw_auth.h @@ -116,8 +116,8 @@ public: const bool is_admin; public: - AuthInfo(const rgw_user acct_user, - const std::string acct_name, + AuthInfo(const rgw_user& acct_user, + const std::string& acct_name, const uint32_t perm_mask, const bool is_admin) : acct_user(acct_user), @@ -141,14 +141,14 @@ protected: const AuthInfo info; - virtual void create_account(const rgw_user acct_user, + virtual void create_account(const rgw_user& acct_user, RGWUserInfo& user_info) const; /* out */ public: RGWRemoteAuthApplier(CephContext * const cct, RGWRados * const store, acl_strategy_t&& extra_acl_strategy, - const AuthInfo info) + const AuthInfo& info) : RGWAuthApplier(cct), store(store), extra_acl_strategy(std::move(extra_acl_strategy)), @@ -291,8 +291,8 @@ protected: const RGWRemoteAuthApplier::Factory * const apl_factory; /* Helper methods. */ - KeystoneToken decode_pki_token(const std::string token) const; - KeystoneToken get_from_keystone(const std::string token) const; + KeystoneToken decode_pki_token(const std::string& token) const; + KeystoneToken get_from_keystone(const std::string& token) const; acl_strategy_t get_acl_strategy(const KeystoneToken& token) const; RGWRemoteAuthApplier::AuthInfo get_creds_info(const KeystoneToken& token, const std::vector& admin_roles diff --git a/src/rgw/rgw_keystone.h b/src/rgw/rgw_keystone.h index 2449dae7a265..e2a3bfa80ba3 100644 --- a/src/rgw/rgw_keystone.h +++ b/src/rgw/rgw_keystone.h @@ -114,12 +114,12 @@ public: // FIXME: default ctor needs to be eradicated here KeystoneToken() = default; time_t get_expires() const { return token.expires; } - string get_domain_id() const {return project.domain.id;}; - string get_domain_name() const {return project.domain.name;}; - string get_project_id() const {return project.id;}; - string get_project_name() const {return project.name;}; - string get_user_id() const {return user.id;}; - string get_user_name() const {return user.name;}; + const std::string& get_domain_id() const {return project.domain.id;}; + const std::string& get_domain_name() const {return project.domain.name;}; + const std::string& get_project_id() const {return project.id;}; + const std::string& get_project_name() const {return project.name;}; + const std::string& get_user_id() const {return user.id;}; + const std::string& get_user_name() const {return user.name;}; bool has_role(const string& r) const; bool expired() { uint64_t now = ceph_clock_now(NULL).sec(); diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc index 56b915ebe35b..7ded6c68255f 100644 --- a/src/rgw/rgw_rest_s3.cc +++ b/src/rgw/rgw_rest_s3.cc @@ -3006,7 +3006,7 @@ int RGW_Auth_S3_Keystone_ValidateToken::validate_s3token( /* check if we have a valid role */ bool found = false; - for (const auto role : accepted_roles) { + for (const auto& role : accepted_roles) { if (response.has_role(role) == true) { found = true; break; diff --git a/src/rgw/rgw_swift_auth.cc b/src/rgw/rgw_swift_auth.cc index 7f56a3d646d4..7f41287a3736 100644 --- a/src/rgw/rgw_swift_auth.cc +++ b/src/rgw/rgw_swift_auth.cc @@ -29,7 +29,7 @@ using namespace ceph::crypto; void RGWTempURLAuthApplier::modify_request_state(req_state * s) const /* in/out */ { bool inline_exists = false; - string filename = s->info.args.get("filename"); + const string& filename = s->info.args.get("filename"); s->info.args.get("inline", &inline_exists); if (inline_exists) { @@ -309,7 +309,7 @@ RGWAuthApplier::aplptr_t RGWExternalTokenAuthEngine::authenticate() const if (0 == swift_groups.size()) { return nullptr; } else { - swift_user = swift_groups[0]; + swift_user = std::move(swift_groups[0]); } } catch (std::out_of_range) { /* The X-Auth-Groups header isn't present in the response. */ diff --git a/src/rgw/rgw_swift_auth.h b/src/rgw/rgw_swift_auth.h index c6a1b1c3c1e6..0f559fddf9a6 100644 --- a/src/rgw/rgw_swift_auth.h +++ b/src/rgw/rgw_swift_auth.h @@ -116,7 +116,9 @@ public: RGWXAuthTokenExtractor(const req_state * const s) : s(s) { } - std::string get_token() const { + std::string get_token() const override { + /* Returning a reference here would end in GCC complaining about a reference + * to temporary. */ return s->info.env->get("HTTP_X_AUTH_TOKEN", ""); } };