From 02702b26bdf6859949bb16c3b9da97ff4250b09c Mon Sep 17 00:00:00 2001 From: Casey Bodley Date: Sat, 30 Dec 2023 23:32:06 -0500 Subject: [PATCH] rgw/rados: add rgwrados::roles namespace abstraction for cls_user Signed-off-by: Casey Bodley --- src/rgw/CMakeLists.txt | 1 + src/rgw/driver/rados/account.cc | 9 ++ src/rgw/driver/rados/account.h | 5 + src/rgw/driver/rados/roles.cc | 174 ++++++++++++++++++++++++++++ src/rgw/driver/rados/roles.h | 86 ++++++++++++++ src/tools/ceph-dencoder/rgw_types.h | 3 + 6 files changed, 278 insertions(+) create mode 100644 src/rgw/driver/rados/roles.cc create mode 100644 src/rgw/driver/rados/roles.h diff --git a/src/rgw/CMakeLists.txt b/src/rgw/CMakeLists.txt index cc22cfacd2902..c4ee6b1fa2c7b 100644 --- a/src/rgw/CMakeLists.txt +++ b/src/rgw/CMakeLists.txt @@ -198,6 +198,7 @@ set(librgw_common_srcs driver/rados/rgw_trim_mdlog.cc driver/rados/rgw_user.cc driver/rados/rgw_zone.cc + driver/rados/roles.cc driver/rados/sync_fairness.cc driver/rados/topic.cc driver/rados/topic_migration.cc diff --git a/src/rgw/driver/rados/account.cc b/src/rgw/driver/rados/account.cc index b018ee3e37077..79bc376b16302 100644 --- a/src/rgw/driver/rados/account.cc +++ b/src/rgw/driver/rados/account.cc @@ -34,6 +34,7 @@ namespace rgwrados::account { static constexpr std::string_view buckets_oid_prefix = "buckets."; static constexpr std::string_view users_oid_prefix = "users."; +static constexpr std::string_view roles_oid_prefix = "roles."; static const std::string account_oid_prefix = "account."; static constexpr std::string_view name_oid_prefix = "name."; @@ -54,6 +55,14 @@ rgw_raw_obj get_users_obj(const RGWZoneParams& zone, return {zone.account_pool, get_users_key(account_id)}; } +static std::string get_roles_key(std::string_view account_id) { + return string_cat_reserve(roles_oid_prefix, account_id); +} +rgw_raw_obj get_roles_obj(const RGWZoneParams& zone, + std::string_view account_id) { + return {zone.account_pool, get_roles_key(account_id)}; +} + static std::string get_account_key(std::string_view account_id) { return string_cat_reserve(account_oid_prefix, account_id); } diff --git a/src/rgw/driver/rados/account.h b/src/rgw/driver/rados/account.h index d7755f7e011c6..f9d4f534a7fdc 100644 --- a/src/rgw/driver/rados/account.h +++ b/src/rgw/driver/rados/account.h @@ -51,6 +51,11 @@ rgw_raw_obj get_buckets_obj(const RGWZoneParams& zone, rgw_raw_obj get_users_obj(const RGWZoneParams& zone, std::string_view account_id); +/// Return the rados object that tracks the given account's roles. This +/// can be used with the cls_user interface in namespace rgwrados::roles. +rgw_raw_obj get_roles_obj(const RGWZoneParams& zone, + std::string_view account_id); + /// Read account info by id int read(const DoutPrefixProvider* dpp, diff --git a/src/rgw/driver/rados/roles.cc b/src/rgw/driver/rados/roles.cc new file mode 100644 index 0000000000000..62a0aef8aad5f --- /dev/null +++ b/src/rgw/driver/rados/roles.cc @@ -0,0 +1,174 @@ +// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*- +// vim: ts=8 sw=2 smarttab ft=cpp + +/* + * Ceph - scalable distributed file system + * + * Copyright contributors to the Ceph project + * + * This is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License version 2.1, as published by the Free Software + * Foundation. See file COPYING. + * + */ + +#include "roles.h" + +#include "include/rados/librados.hpp" +#include "common/ceph_json.h" +#include "common/dout.h" +#include "cls/user/cls_user_client.h" +#include "rgw_role.h" +#include "rgw_sal.h" + +namespace rgwrados::roles { + +int add(const DoutPrefixProvider* dpp, + optional_yield y, + librados::Rados& rados, + const rgw_raw_obj& obj, + const rgw::sal::RGWRoleInfo& role, + bool exclusive, uint32_t limit) +{ + resource_metadata meta; + meta.role_id = role.id; + + cls_user_account_resource resource; + resource.name = role.name; + resource.path = role.path; + encode(meta, resource.metadata); + + rgw_rados_ref ref; + int r = rgw_get_rados_ref(dpp, &rados, obj, &ref); + if (r < 0) { + return r; + } + + librados::ObjectWriteOperation op; + ::cls_user_account_resource_add(op, resource, exclusive, limit); + return ref.operate(dpp, &op, y); +} + +int get(const DoutPrefixProvider* dpp, + optional_yield y, + librados::Rados& rados, + const rgw_raw_obj& obj, + std::string_view name, + std::string& role_id) +{ + cls_user_account_resource resource; + + rgw_rados_ref ref; + int r = rgw_get_rados_ref(dpp, &rados, obj, &ref); + if (r < 0) { + return r; + } + + librados::ObjectReadOperation op; + int ret = 0; + ::cls_user_account_resource_get(op, name, resource, &ret); + + r = ref.operate(dpp, &op, nullptr, y); + if (r < 0) { + return r; + } + if (ret < 0) { + return ret; + } + + resource_metadata meta; + try { + auto p = resource.metadata.cbegin(); + decode(meta, p); + } catch (const buffer::error&) { + return -EIO; + } + role_id = std::move(meta.role_id); + return 0; +} + +int remove(const DoutPrefixProvider* dpp, + optional_yield y, + librados::Rados& rados, + const rgw_raw_obj& obj, + std::string_view name) +{ + rgw_rados_ref ref; + int r = rgw_get_rados_ref(dpp, &rados, obj, &ref); + if (r < 0) { + return r; + } + + librados::ObjectWriteOperation op; + ::cls_user_account_resource_rm(op, name); + return ref.operate(dpp, &op, y); +} + +int list(const DoutPrefixProvider* dpp, + optional_yield y, + librados::Rados& rados, + const rgw_raw_obj& obj, + std::string_view marker, + std::string_view path_prefix, + uint32_t max_items, + std::vector& ids, + std::string& next_marker) +{ + rgw_rados_ref ref; + int r = rgw_get_rados_ref(dpp, &rados, obj, &ref); + if (r < 0) { + return r; + } + + librados::ObjectReadOperation op; + std::vector entries; + bool truncated = false; + int ret = 0; + ::cls_user_account_resource_list(op, marker, path_prefix, max_items, + entries, &truncated, &next_marker, &ret); + + r = ref.operate(dpp, &op, nullptr, y); + if (r == -ENOENT) { + next_marker.clear(); + return 0; + } + if (r < 0) { + return r; + } + if (ret < 0) { + return ret; + } + + for (auto& resource : entries) { + resource_metadata meta; + try { + auto p = resource.metadata.cbegin(); + decode(meta, p); + } catch (const buffer::error&) { + return -EIO; + } + ids.push_back(std::move(meta.role_id)); + } + + if (!truncated) { + next_marker.clear(); + } + return 0; +} + + +void resource_metadata::dump(ceph::Formatter* f) const +{ + encode_json("role_id", role_id, f); +} + +void resource_metadata::generate_test_instances(std::list& o) +{ + o.push_back(new resource_metadata); + auto m = new resource_metadata; + m->role_id = "id"; + o.push_back(m); +} + +} // namespace rgwrados::roles diff --git a/src/rgw/driver/rados/roles.h b/src/rgw/driver/rados/roles.h new file mode 100644 index 0000000000000..eb53820039edd --- /dev/null +++ b/src/rgw/driver/rados/roles.h @@ -0,0 +1,86 @@ +// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*- +// vim: ts=8 sw=2 smarttab ft=cpp + +/* + * Ceph - scalable distributed file system + * + * Copyright contributors to the Ceph project + * + * This is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License version 2.1, as published by the Free Software + * Foundation. See file COPYING. + * + */ + +#pragma once + +#include +#include +#include "include/rados/librados_fwd.hpp" +#include "include/encoding.h" +#include "rgw_sal_fwd.h" + +namespace ceph { class Formatter; } +class DoutPrefixProvider; +class optional_yield; +struct rgw_raw_obj; + + +namespace rgwrados::roles { + +/// Add the given role to the list. +int add(const DoutPrefixProvider* dpp, + optional_yield y, + librados::Rados& rados, + const rgw_raw_obj& obj, + const rgw::sal::RGWRoleInfo& role, + bool exclusive, uint32_t limit); + +/// Look up a role's id by name in the list. +int get(const DoutPrefixProvider* dpp, + optional_yield y, + librados::Rados& rados, + const rgw_raw_obj& obj, + std::string_view name, + std::string& role_id); + +/// Remove the given role from the list. +int remove(const DoutPrefixProvider* dpp, + optional_yield y, + librados::Rados& rados, + const rgw_raw_obj& obj, + std::string_view name); + +/// Return a paginated listing of role ids. +int list(const DoutPrefixProvider* dpp, + optional_yield y, + librados::Rados& rados, + const rgw_raw_obj& obj, + std::string_view marker, + std::string_view path_prefix, + uint32_t max_items, + std::vector& ids, + std::string& next_marker); + +// role-specific metadata for cls_user_account_resource +struct resource_metadata { + std::string role_id; + + void encode(bufferlist& bl) const { + ENCODE_START(1, 1, bl); + encode(role_id, bl); + ENCODE_FINISH(bl); + } + void decode(bufferlist::const_iterator& bl) { + DECODE_START(1, bl); + decode(role_id, bl); + DECODE_FINISH(bl); + } + + void dump(ceph::Formatter* f) const; + static void generate_test_instances(std::list& o); +}; +WRITE_CLASS_ENCODER(resource_metadata); + +} // namespace rgwrados::roles diff --git a/src/tools/ceph-dencoder/rgw_types.h b/src/tools/ceph-dencoder/rgw_types.h index d02c22436a8f3..c57210db7562c 100644 --- a/src/tools/ceph-dencoder/rgw_types.h +++ b/src/tools/ceph-dencoder/rgw_types.h @@ -246,6 +246,9 @@ TYPE(RGWUID) #include "rgw_user_types.h" TYPE(rgw_user) +#include "driver/rados/roles.h" +TYPE(rgwrados::roles::resource_metadata) + #include "driver/rados/users.h" TYPE(rgwrados::users::resource_metadata) -- 2.39.5