From: Yehuda Sadeh Date: Thu, 2 Jun 2016 11:28:30 +0000 (-0700) Subject: rgw: can set negative max_buckets on RGWUserInfo X-Git-Tag: v11.0.0~328^2 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=refs%2Fpull%2F9457%2Fhead;p=ceph.git rgw: can set negative max_buckets on RGWUserInfo This can be used to disable user's bucket creation Fixes: http://tracker.ceph.com/issues/14534 Signed-off-by: Yehuda Sadeh --- diff --git a/src/common/config_opts.h b/src/common/config_opts.h index ae0e20772a5e..267aff753df0 100644 --- a/src/common/config_opts.h +++ b/src/common/config_opts.h @@ -1411,7 +1411,7 @@ OPTION(rgw_multipart_part_upload_limit, OPT_INT, 10000) // parts limit in multip OPTION(rgw_max_slo_entries, OPT_INT, 1000) // default number of max entries in slo OPTION(rgw_olh_pending_timeout_sec, OPT_INT, 3600) // time until we retire a pending olh change -OPTION(rgw_user_max_buckets, OPT_U32, 1000) // global option to set max buckets count for all user +OPTION(rgw_user_max_buckets, OPT_INT, 1000) // global option to set max buckets count for all user OPTION(rgw_objexp_gc_interval, OPT_U32, 60 * 10) // maximum time between round of expired objects garbage collecting OPTION(rgw_objexp_time_step, OPT_U32, 4096) // number of seconds for rounding the timestamps diff --git a/src/rgw/rgw_admin.cc b/src/rgw/rgw_admin.cc index 520fcc7986a8..7a43cdfcfbe7 100644 --- a/src/rgw/rgw_admin.cc +++ b/src/rgw/rgw_admin.cc @@ -2009,6 +2009,7 @@ int main(int argc, char **argv) int remove_bad = false; int check_head_obj_locator = false; int max_buckets = -1; + bool max_buckets_specified = false; map categories; string caps; int check_objects = false; @@ -2147,6 +2148,7 @@ int main(int argc, char **argv) cerr << "ERROR: failed to parse max buckets: " << err << std::endl; return EINVAL; } + max_buckets_specified = true; } else if (ceph_argparse_witharg(args, i, &val, "--max-entries", (char*)NULL)) { max_entries = (int)strict_strtol(val.c_str(), 10, &err); if (!err.empty()) { @@ -3636,7 +3638,7 @@ int main(int argc, char **argv) if (gen_secret_key) user_op.set_gen_secret(); // assume that a key pair should be created - if (max_buckets >= 0) + if (max_buckets_specified) user_op.set_max_buckets(max_buckets); if (system_specified) diff --git a/src/rgw/rgw_common.h b/src/rgw/rgw_common.h index 11948c5b3c7f..5841962aae4e 100644 --- a/src/rgw/rgw_common.h +++ b/src/rgw/rgw_common.h @@ -539,7 +539,7 @@ struct RGWUserInfo map swift_keys; map subusers; __u8 suspended; - uint32_t max_buckets; + int32_t max_buckets; uint32_t op_mask; RGWUserCaps caps; __u8 system; diff --git a/src/rgw/rgw_op.cc b/src/rgw/rgw_op.cc index 082d128b816f..61983fd4a654 100644 --- a/src/rgw/rgw_op.cc +++ b/src/rgw/rgw_op.cc @@ -1793,6 +1793,9 @@ int RGWCreateBucket::verify_permission() << dendl; return -EACCES; } + if (s->user->max_buckets < 0) { + return -EPERM; + } if (s->user->max_buckets) { RGWUserBuckets buckets; diff --git a/src/rgw/rgw_rest_user.cc b/src/rgw/rgw_rest_user.cc index 2547c6639329..e72f5acb5acb 100644 --- a/src/rgw/rgw_rest_user.cc +++ b/src/rgw/rgw_rest_user.cc @@ -82,8 +82,8 @@ void RGWOp_User_Create::execute() bool system; bool exclusive; - uint32_t max_buckets; - uint32_t default_max_buckets = s->cct->_conf->rgw_user_max_buckets; + int32_t max_buckets; + int32_t default_max_buckets = s->cct->_conf->rgw_user_max_buckets; RGWUserAdminOpState op_state; @@ -98,7 +98,7 @@ void RGWOp_User_Create::execute() RESTArgs::get_string(s, "user-caps", caps, &caps); RESTArgs::get_bool(s, "generate-key", true, &gen_key); RESTArgs::get_bool(s, "suspended", false, &suspended); - RESTArgs::get_uint32(s, "max-buckets", default_max_buckets, &max_buckets); + RESTArgs::get_int32(s, "max-buckets", default_max_buckets, &max_buckets); RESTArgs::get_bool(s, "system", false, &system); RESTArgs::get_bool(s, "exclusive", false, &exclusive); @@ -183,7 +183,7 @@ void RGWOp_User_Modify::execute() bool suspended; bool system; - uint32_t max_buckets; + int32_t max_buckets; RGWUserAdminOpState op_state; @@ -197,7 +197,7 @@ void RGWOp_User_Modify::execute() RESTArgs::get_string(s, "user-caps", caps, &caps); RESTArgs::get_bool(s, "generate-key", false, &gen_key); RESTArgs::get_bool(s, "suspended", false, &suspended); - RESTArgs::get_uint32(s, "max-buckets", RGW_DEFAULT_MAX_BUCKETS, &max_buckets); + RESTArgs::get_int32(s, "max-buckets", RGW_DEFAULT_MAX_BUCKETS, &max_buckets); RESTArgs::get_string(s, "key-type", key_type_str, &key_type_str); RESTArgs::get_bool(s, "system", false, &system); diff --git a/src/rgw/rgw_user.h b/src/rgw/rgw_user.h index 4ede53c677b1..269ae90dc30f 100644 --- a/src/rgw/rgw_user.h +++ b/src/rgw/rgw_user.h @@ -157,7 +157,7 @@ struct RGWUserAdminOpState { rgw_user user_id; std::string user_email; std::string display_name; - uint32_t max_buckets; + int32_t max_buckets; __u8 suspended; __u8 system; __u8 exclusive; @@ -335,7 +335,7 @@ struct RGWUserAdminOpState { info = user_info; } - void set_max_buckets(uint32_t mb) { + void set_max_buckets(int32_t mb) { max_buckets = mb; max_buckets_specified = true; } @@ -410,7 +410,7 @@ struct RGWUserAdminOpState { __u8 get_suspension_status() { return suspended; } int32_t get_key_type() {return key_type; } uint32_t get_subuser_perm() { return perm_mask; } - uint32_t get_max_buckets() { return max_buckets; } + int32_t get_max_buckets() { return max_buckets; } uint32_t get_op_mask() { return op_mask; } RGWQuotaInfo& get_bucket_quota() { return bucket_quota; } RGWQuotaInfo& get_user_quota() { return user_quota; }