From 018ec46be3eeef4e46e4bebae4628cba5a8930b7 Mon Sep 17 00:00:00 2001 From: Casey Bodley Date: Sat, 30 Dec 2023 23:35:53 -0500 Subject: [PATCH] rgw/sal: add interfaces for account roles Signed-off-by: Casey Bodley (cherry picked from commit e47d08efa84bbb9cd99cfdd53b814786d9025bdd) --- src/rgw/driver/rados/rgw_sal_rados.cc | 75 +++++++++++++++++++++++++++ src/rgw/driver/rados/rgw_sal_rados.h | 17 ++++++ src/rgw/rgw_sal.h | 28 ++++++++++ src/rgw/rgw_sal_dbstore.cc | 28 ++++++++++ src/rgw/rgw_sal_dbstore.h | 17 ++++++ src/rgw/rgw_sal_filter.cc | 29 +++++++++++ src/rgw/rgw_sal_filter.h | 16 ++++++ src/rgw/rgw_sal_fwd.h | 2 + 8 files changed, 212 insertions(+) diff --git a/src/rgw/driver/rados/rgw_sal_rados.cc b/src/rgw/driver/rados/rgw_sal_rados.cc index 5b3ddfefec7..79431b3521e 100644 --- a/src/rgw/driver/rados/rgw_sal_rados.cc +++ b/src/rgw/driver/rados/rgw_sal_rados.cc @@ -70,6 +70,7 @@ #include "account.h" #include "buckets.h" +#include "roles.h" #include "users.h" #include "rgw_pubsub.h" #include "topic.h" @@ -1199,6 +1200,80 @@ int RadosStore::load_owner_by_email(const DoutPrefixProvider* dpp, return 0; } +int RadosStore::load_account_role_by_name(const DoutPrefixProvider* dpp, + optional_yield y, + std::string_view account_id, + std::string_view rolename, + std::unique_ptr* role) +{ + std::string id; + librados::Rados& rados = *getRados()->get_rados_handle(); + const RGWZoneParams& zone = svc()->zone->get_zone_params(); + const rgw_raw_obj& obj = rgwrados::account::get_roles_obj(zone, account_id); + int r = rgwrados::roles::get(dpp, y, rados, obj, rolename, id); + if (r < 0) { + ldpp_dout(dpp, 20) << "failed to find account rolename " << rolename + << ": " << cpp_strerror(r) << dendl; + return r; + } + + std::unique_ptr p = get_role(id); + r = p->read_info(dpp, y); + if (r < 0) { + ldpp_dout(dpp, 20) << "failed to load account role " << id + << ": " << cpp_strerror(r) << dendl; + return r; + } + *role = std::move(p); + return 0; +} + +int RadosStore::count_account_roles(const DoutPrefixProvider* dpp, + optional_yield y, + std::string_view account_id, + uint32_t& count) +{ + librados::Rados& rados = *getRados()->get_rados_handle(); + const RGWZoneParams& zone = svc()->zone->get_zone_params(); + const rgw_raw_obj& obj = rgwrados::account::get_roles_obj(zone, account_id); + return rgwrados::account::resource_count(dpp, y, rados, obj, count); +} + +int RadosStore::list_account_roles(const DoutPrefixProvider* dpp, + optional_yield y, + std::string_view account_id, + std::string_view path_prefix, + std::string_view marker, + uint32_t max_items, + RoleList& listing) +{ + // fetch the list of role ids from cls_role + librados::Rados& rados = *getRados()->get_rados_handle(); + const RGWZoneParams& zone = svc()->zone->get_zone_params(); + const rgw_raw_obj& obj = rgwrados::account::get_roles_obj(zone, account_id); + std::vector ids; + int r = rgwrados::roles::list(dpp, y, rados, obj, marker, path_prefix, + max_items, ids, listing.next_marker); + if (r < 0) { + return r; + } + + // load the role metadata for each + for (const auto& id : ids) { + std::unique_ptr role = get_role(id); + r = role->read_info(dpp, y); + if (r == -ENOENT) { + continue; + } + if (r < 0) { + return r; + } + listing.roles.push_back(std::move(role->get_info())); + } + + return 0; +} + int RadosStore::load_account_user_by_name(const DoutPrefixProvider* dpp, optional_yield y, std::string_view account_id, diff --git a/src/rgw/driver/rados/rgw_sal_rados.h b/src/rgw/driver/rados/rgw_sal_rados.h index b152fadc3c8..7702fd3a8f2 100644 --- a/src/rgw/driver/rados/rgw_sal_rados.h +++ b/src/rgw/driver/rados/rgw_sal_rados.h @@ -196,6 +196,23 @@ class RadosStore : public StoreDriver { std::string_view email, rgw_owner& owner) override; + int load_account_role_by_name(const DoutPrefixProvider* dpp, + optional_yield y, + std::string_view account_id, + std::string_view name, + std::unique_ptr* role) override; + int count_account_roles(const DoutPrefixProvider* dpp, + optional_yield y, + std::string_view account_id, + uint32_t& count) override; + int list_account_roles(const DoutPrefixProvider* dpp, + optional_yield y, + std::string_view account_id, + std::string_view path_prefix, + std::string_view marker, + uint32_t max_items, + RoleList& listing) override; + int load_account_user_by_name(const DoutPrefixProvider* dpp, optional_yield y, std::string_view account_id, diff --git a/src/rgw/rgw_sal.h b/src/rgw/rgw_sal.h index b775a48f4ee..d2e0e0f03d2 100644 --- a/src/rgw/rgw_sal.h +++ b/src/rgw/rgw_sal.h @@ -243,6 +243,14 @@ struct BucketList { std::string next_marker; }; +/// A list of roles +struct RoleList { + /// The list of results, sorted by name + std::vector roles; + /// The next marker to resume listing, or empty + std::string next_marker; +}; + /// A list of users struct UserList { /// The list of results, sorted by name @@ -350,6 +358,26 @@ class Driver { std::string_view email, rgw_owner& owner) = 0; + /** Load an account's role by name. */ + virtual int load_account_role_by_name(const DoutPrefixProvider* dpp, + optional_yield y, + std::string_view account_id, + std::string_view name, + std::unique_ptr* role) = 0; + /** Count the number of roles belonging to the given account. */ + virtual int count_account_roles(const DoutPrefixProvider* dpp, + optional_yield y, + std::string_view account_id, + uint32_t& count) = 0; + /** Return a paginated listing of the account's roles. */ + virtual int list_account_roles(const DoutPrefixProvider* dpp, + optional_yield y, + std::string_view account_id, + std::string_view path_prefix, + std::string_view marker, + uint32_t max_items, + RoleList& listing) = 0; + /** Load an account's user by username. */ virtual int load_account_user_by_name(const DoutPrefixProvider* dpp, optional_yield y, diff --git a/src/rgw/rgw_sal_dbstore.cc b/src/rgw/rgw_sal_dbstore.cc index 972becb391a..bfd05e5d511 100644 --- a/src/rgw/rgw_sal_dbstore.cc +++ b/src/rgw/rgw_sal_dbstore.cc @@ -1617,6 +1617,34 @@ namespace rgw::sal { return 0; } + int DBStore::load_account_role_by_name(const DoutPrefixProvider* dpp, + optional_yield y, + std::string_view account_id, + std::string_view name, + std::unique_ptr* role) + { + return -ENOTSUP; + } + + int DBStore::count_account_roles(const DoutPrefixProvider* dpp, + optional_yield y, + std::string_view account_id, + uint32_t& count) + { + return -ENOTSUP; + } + + int DBStore::list_account_roles(const DoutPrefixProvider* dpp, + optional_yield y, + std::string_view account_id, + std::string_view path_prefix, + std::string_view marker, + uint32_t max_items, + RoleList& listing) + { + return -ENOTSUP; + } + int DBStore::load_account_user_by_name(const DoutPrefixProvider* dpp, optional_yield y, std::string_view account_id, diff --git a/src/rgw/rgw_sal_dbstore.h b/src/rgw/rgw_sal_dbstore.h index a278fd8c593..7a28bcc1a4f 100644 --- a/src/rgw/rgw_sal_dbstore.h +++ b/src/rgw/rgw_sal_dbstore.h @@ -795,6 +795,23 @@ public: std::string_view email, rgw_owner& owner) override; + int load_account_role_by_name(const DoutPrefixProvider* dpp, + optional_yield y, + std::string_view account_id, + std::string_view name, + std::unique_ptr* role) override; + int count_account_roles(const DoutPrefixProvider* dpp, + optional_yield y, + std::string_view account_id, + uint32_t& count) override; + int list_account_roles(const DoutPrefixProvider* dpp, + optional_yield y, + std::string_view account_id, + std::string_view path_prefix, + std::string_view marker, + uint32_t max_items, + RoleList& listing) override; + int load_account_user_by_name(const DoutPrefixProvider* dpp, optional_yield y, std::string_view account_id, diff --git a/src/rgw/rgw_sal_filter.cc b/src/rgw/rgw_sal_filter.cc index eca1529b2be..4fe26e1c7e2 100644 --- a/src/rgw/rgw_sal_filter.cc +++ b/src/rgw/rgw_sal_filter.cc @@ -243,6 +243,35 @@ int FilterDriver::load_owner_by_email(const DoutPrefixProvider* dpp, return next->load_owner_by_email(dpp, y, email, owner); } +int FilterDriver::load_account_role_by_name(const DoutPrefixProvider* dpp, + optional_yield y, + std::string_view account_id, + std::string_view name, + std::unique_ptr* role) +{ + return next->load_account_role_by_name(dpp, y, account_id, name, role); +} + +int FilterDriver::count_account_roles(const DoutPrefixProvider* dpp, + optional_yield y, + std::string_view account_id, + uint32_t& count) +{ + return next->count_account_roles(dpp, y, account_id, count); +} + +int FilterDriver::list_account_roles(const DoutPrefixProvider* dpp, + optional_yield y, + std::string_view account_id, + std::string_view path_prefix, + std::string_view marker, + uint32_t max_items, + RoleList& listing) +{ + return next->list_account_roles(dpp, y, account_id, path_prefix, + marker, max_items, listing); +} + int FilterDriver::load_account_user_by_name(const DoutPrefixProvider* dpp, optional_yield y, std::string_view account_id, diff --git a/src/rgw/rgw_sal_filter.h b/src/rgw/rgw_sal_filter.h index 09dbe8efb0c..5dfa6c209a9 100644 --- a/src/rgw/rgw_sal_filter.h +++ b/src/rgw/rgw_sal_filter.h @@ -206,6 +206,22 @@ public: optional_yield y, std::string_view email, rgw_owner& owner) override; + int load_account_role_by_name(const DoutPrefixProvider* dpp, + optional_yield y, + std::string_view account_id, + std::string_view name, + std::unique_ptr* role) override; + int count_account_roles(const DoutPrefixProvider* dpp, + optional_yield y, + std::string_view account_id, + uint32_t& count) override; + int list_account_roles(const DoutPrefixProvider* dpp, + optional_yield y, + std::string_view account_id, + std::string_view path_prefix, + std::string_view marker, + uint32_t max_items, + RoleList& listing) override; int load_account_user_by_name(const DoutPrefixProvider* dpp, optional_yield y, std::string_view account_id, diff --git a/src/rgw/rgw_sal_fwd.h b/src/rgw/rgw_sal_fwd.h index 1ba59dc821f..3019c06c518 100644 --- a/src/rgw/rgw_sal_fwd.h +++ b/src/rgw/rgw_sal_fwd.h @@ -46,6 +46,8 @@ namespace sal { class Zone; class LuaManager; struct RGWRoleInfo; + class RGWRole; + struct RoleList; class DataProcessor; class ObjectProcessor; class ReadStatsCB; -- 2.39.5