From 148c39bb4c586fd988ae2c75d49b3e68047f3a82 Mon Sep 17 00:00:00 2001 From: Casey Bodley Date: Sun, 14 Jan 2024 13:03:49 -0500 Subject: [PATCH] rgw: move forward_iam_request_to_master() to rgw_rest_iam.* Signed-off-by: Casey Bodley (cherry picked from commit df8758f723905f3fa7434f547ba44bc495bcf214) --- src/rgw/rgw_rest_iam.cc | 53 ++++++++++++++++++++++++++++++++++++++++ src/rgw/rgw_rest_iam.h | 10 ++++++++ src/rgw/rgw_rest_role.cc | 53 +--------------------------------------- 3 files changed, 64 insertions(+), 52 deletions(-) diff --git a/src/rgw/rgw_rest_iam.cc b/src/rgw/rgw_rest_iam.cc index 73cfb51bb73..96af3566e35 100644 --- a/src/rgw/rgw_rest_iam.cc +++ b/src/rgw/rgw_rest_iam.cc @@ -11,6 +11,8 @@ #include "rgw_rest_user_policy.h" #include "rgw_rest_oidc_provider.h" #include "rgw_rest_iam_user.h" +#include "rgw_rest_conn.h" +#include "driver/rados/rgw_zone.h" #define dout_context g_ceph_context #define dout_subsys ceph_subsys_rgw @@ -193,3 +195,54 @@ std::string iam_user_arn(const RGWUserInfo& info) return fmt::format("arn:aws:iam::{}:user{}{}", acct, path, info.display_name); } + +int forward_iam_request_to_master(const DoutPrefixProvider* dpp, + const rgw::SiteConfig& site, + const RGWUserInfo& user, + bufferlist& indata, + RGWXMLDecoder::XMLParser& parser, + req_info& req, optional_yield y) +{ + const auto& period = site.get_period(); + if (!period) { + return 0; // not multisite + } + if (site.is_meta_master()) { + return 0; // don't need to forward metadata requests + } + const auto& pmap = period->period_map; + auto zg = pmap.zonegroups.find(pmap.master_zonegroup); + if (zg == pmap.zonegroups.end()) { + return -EINVAL; + } + auto z = zg->second.zones.find(zg->second.master_zone); + if (z == zg->second.zones.end()) { + return -EINVAL; + } + + RGWAccessKey creds; + if (auto i = user.access_keys.begin(); i != user.access_keys.end()) { + creds.id = i->first; + creds.key = i->second.key; + } + + // use the master zone's endpoints + auto conn = RGWRESTConn{dpp->get_cct(), z->second.id, z->second.endpoints, + std::move(creds), zg->second.id, zg->second.api_name}; + bufferlist outdata; + constexpr size_t max_response_size = 128 * 1024; // we expect a very small response + int ret = conn.forward_iam_request(dpp, req, nullptr, max_response_size, + &indata, &outdata, y); + if (ret < 0) { + return ret; + } + + std::string r = rgw_bl_str(outdata); + boost::replace_all(r, """, "\""); + + if (!parser.parse(r.c_str(), r.length(), 1)) { + ldpp_dout(dpp, 0) << "ERROR: failed to parse response from master zonegroup" << dendl; + return -EIO; + } + return 0; +} diff --git a/src/rgw/rgw_rest_iam.h b/src/rgw/rgw_rest_iam.h index e50dee3cf73..69143118d3d 100644 --- a/src/rgw/rgw_rest_iam.h +++ b/src/rgw/rgw_rest_iam.h @@ -6,8 +6,11 @@ #include "rgw_auth.h" #include "rgw_auth_filters.h" #include "rgw_rest.h" +#include "rgw_xml.h" +class DoutPrefixProvider; +namespace rgw { class SiteConfig; } struct RGWUserInfo; bool validate_iam_policy_name(const std::string& name, std::string& err); @@ -17,6 +20,13 @@ bool validate_iam_path(const std::string& path, std::string& err); std::string iam_user_arn(const RGWUserInfo& info); +int forward_iam_request_to_master(const DoutPrefixProvider* dpp, + const rgw::SiteConfig& site, + const RGWUserInfo& user, + bufferlist& indata, + RGWXMLDecoder::XMLParser& parser, + req_info& req, optional_yield y); + class RGWHandler_REST_IAM : public RGWHandler_REST { const rgw::auth::StrategyRegistry& auth_registry; bufferlist bl_post_body; diff --git a/src/rgw/rgw_rest_role.cc b/src/rgw/rgw_rest_role.cc index 6132b111178..6f0e83ace1d 100644 --- a/src/rgw/rgw_rest_role.cc +++ b/src/rgw/rgw_rest_role.cc @@ -15,7 +15,7 @@ #include "rgw_op.h" #include "rgw_process_env.h" #include "rgw_rest.h" -#include "rgw_rest_conn.h" +#include "rgw_rest_iam.h" #include "rgw_rest_role.h" #include "rgw_role.h" #include "rgw_sal.h" @@ -24,57 +24,6 @@ using namespace std; -int forward_iam_request_to_master(const DoutPrefixProvider* dpp, - const rgw::SiteConfig& site, - const RGWUserInfo& user, - bufferlist& indata, - RGWXMLDecoder::XMLParser& parser, - req_info& req, optional_yield y) -{ - const auto& period = site.get_period(); - if (!period) { - return 0; // not multisite - } - if (site.is_meta_master()) { - return 0; // don't need to forward metadata requests - } - const auto& pmap = period->period_map; - auto zg = pmap.zonegroups.find(pmap.master_zonegroup); - if (zg == pmap.zonegroups.end()) { - return -EINVAL; - } - auto z = zg->second.zones.find(zg->second.master_zone); - if (z == zg->second.zones.end()) { - return -EINVAL; - } - - RGWAccessKey creds; - if (auto i = user.access_keys.begin(); i != user.access_keys.end()) { - creds.id = i->first; - creds.key = i->second.key; - } - - // use the master zone's endpoints - auto conn = RGWRESTConn{dpp->get_cct(), z->second.id, z->second.endpoints, - std::move(creds), zg->second.id, zg->second.api_name}; - bufferlist outdata; - constexpr size_t max_response_size = 128 * 1024; // we expect a very small response - int ret = conn.forward_iam_request(dpp, req, nullptr, max_response_size, - &indata, &outdata, y); - if (ret < 0) { - return ret; - } - - std::string r = rgw_bl_str(outdata); - boost::replace_all(r, """, "\""); - - if (!parser.parse(r.c_str(), r.length(), 1)) { - ldpp_dout(dpp, 0) << "ERROR: failed to parse response from master zonegroup" << dendl; - return -EIO; - } - return 0; -} - int RGWRestRole::verify_permission(optional_yield y) { if (s->auth.identity->is_anonymous()) { -- 2.39.5