From 4ffa4498d673f7ce9f8382fca1fa78a0c329828b Mon Sep 17 00:00:00 2001 From: Casey Bodley Date: Fri, 17 Nov 2023 15:31:17 -0500 Subject: [PATCH] rgw/acl/s3: write_policy_xml() as free function Signed-off-by: Casey Bodley --- src/rgw/driver/rados/rgw_bucket.cc | 2 +- src/rgw/rgw_acl.h | 2 ++ src/rgw/rgw_acl_s3.cc | 58 ++++++++++++++++-------------- src/rgw/rgw_acl_s3.h | 9 +++-- src/rgw/rgw_op.cc | 20 +++++------ src/rgw/rgw_rest_s3.cc | 2 +- 6 files changed, 49 insertions(+), 44 deletions(-) diff --git a/src/rgw/driver/rados/rgw_bucket.cc b/src/rgw/driver/rados/rgw_bucket.cc index 002485c672ff0..6cbcbeae9a2b0 100644 --- a/src/rgw/driver/rados/rgw_bucket.cc +++ b/src/rgw/driver/rados/rgw_bucket.cc @@ -978,7 +978,7 @@ int RGWBucketAdminOp::dump_s3_policy(rgw::sal::Driver* driver, RGWBucketAdminOpS if (ret < 0) return ret; - policy.to_xml(dpp, os); + rgw::s3::write_policy_xml(policy, os); return 0; } diff --git a/src/rgw/rgw_acl.h b/src/rgw/rgw_acl.h index f60295d90ab4c..c69ee88404e3a 100644 --- a/src/rgw/rgw_acl.h +++ b/src/rgw/rgw_acl.h @@ -27,6 +27,8 @@ protected: ACLGroupTypeEnum group; std::string url_spec; + friend void to_xml(const ACLGrant& grant, std::ostream& out); + public: ACLGrant() : group(ACL_GROUP_NONE) {} virtual ~ACLGrant() {} diff --git a/src/rgw/rgw_acl_s3.cc b/src/rgw/rgw_acl_s3.cc index f2150dda79bd7..f663e38309219 100644 --- a/src/rgw/rgw_acl_s3.cc +++ b/src/rgw/rgw_acl_s3.cc @@ -25,8 +25,9 @@ using namespace std; static string rgw_uri_all_users = RGW_URI_ALL_USERS; static string rgw_uri_auth_users = RGW_URI_AUTH_USERS; -void ACLPermission_S3::to_xml(ostream& out) +void to_xml(ACLPermission perm, std::ostream& out) { + const uint32_t flags = perm.get_permissions(); if ((flags & RGW_PERM_FULL_CONTROL) == RGW_PERM_FULL_CONTROL) { out << "FULL_CONTROL"; } else { @@ -143,14 +144,15 @@ bool ACLOwner_S3::xml_end(const char *el) { return true; } -void ACLOwner_S3::to_xml(ostream& out) { +void to_xml(const ACLOwner& o, std::ostream& out) +{ string s; - id.to_str(s); + o.id.to_str(s); if (s.empty()) return; out << "" << "" << s << ""; - if (!display_name.empty()) - out << "" << display_name << ""; + if (!o.display_name.empty()) + out << "" << o.display_name << ""; out << ""; } @@ -211,8 +213,9 @@ bool ACLGrant_S3::xml_end(const char *el) { return true; } -void ACLGrant_S3::to_xml(const DoutPrefixProvider* dpp, ostream& out) { - ACLPermission_S3& perm = static_cast(permission); +void to_xml(const ACLGrant& grant, ostream& out) +{ + const ACLPermission perm = grant.get_permission(); /* only show s3 compatible permissions */ if (!(perm.get_permissions() & RGW_PERM_ALL_S3)) @@ -221,20 +224,19 @@ void ACLGrant_S3::to_xml(const DoutPrefixProvider* dpp, ostream& out) { string uri; out << "" << - ""; - switch (type.get_type()) { + ""; + switch (grant.type.get_type()) { case ACL_TYPE_CANON_USER: - out << "" << id << ""; - if (name.size()) { - out << "" << name << ""; + out << "" << grant.id << ""; + if (grant.name.size()) { + out << "" << grant.name << ""; } break; case ACL_TYPE_EMAIL_USER: - out << "" << email << ""; + out << "" << grant.email << ""; break; case ACL_TYPE_GROUP: - if (!group_to_uri(group, uri)) { - ldpp_dout(dpp, 0) << "ERROR: group_to_uri failed with group=" << (int)group << dendl; + if (!ACLGrant_S3::group_to_uri(grant.group, uri)) { break; } out << "" << uri << ""; @@ -243,7 +245,7 @@ void ACLGrant_S3::to_xml(const DoutPrefixProvider* dpp, ostream& out) { break; } out << ""; - perm.to_xml(out); + to_xml(perm, out); out << ""; } @@ -271,12 +273,11 @@ bool RGWAccessControlList_S3::xml_end(const char *el) { return true; } -void RGWAccessControlList_S3::to_xml(const DoutPrefixProvider* dpp, ostream& out) { - multimap::iterator iter; +void to_xml(const RGWAccessControlList& acl, std::ostream& out) +{ out << ""; - for (iter = grant_map.begin(); iter != grant_map.end(); ++iter) { - ACLGrant_S3& grant = static_cast(iter->second); - grant.to_xml(dpp, out); + for (const auto& p : acl.get_grant_map()) { + to_xml(p.second, out); } out << ""; } @@ -415,12 +416,11 @@ bool RGWAccessControlPolicy_S3::xml_end(const char *el) { return true; } -void RGWAccessControlPolicy_S3::to_xml(const DoutPrefixProvider* dpp, ostream& out) { +void to_xml(const RGWAccessControlPolicy& p, std::ostream& out) +{ out << ""; - ACLOwner_S3& _owner = static_cast(owner); - RGWAccessControlList_S3& _acl = static_cast(acl); - _owner.to_xml(out); - _acl.to_xml(dpp, out); + to_xml(p.get_owner(), out); + to_xml(p.get_acl(), out); out << ""; } @@ -585,6 +585,12 @@ ACLGroupTypeEnum ACLGrant_S3::uri_to_group(string& uri) namespace rgw::s3 { +void write_policy_xml(const RGWAccessControlPolicy& policy, + std::ostream& out) +{ + to_xml(policy, out); +} + int create_canned_acl(const ACLOwner& owner, const ACLOwner& bucket_owner, const std::string& canned_acl, diff --git a/src/rgw/rgw_acl_s3.h b/src/rgw/rgw_acl_s3.h index 9753dd55b70ed..7b8489299715c 100644 --- a/src/rgw/rgw_acl_s3.h +++ b/src/rgw/rgw_acl_s3.h @@ -22,7 +22,6 @@ public: virtual ~ACLPermission_S3() override {} bool xml_end(const char *el) override; - void to_xml(std::ostream& out); }; class ACLGrantee_S3 : public XMLObj @@ -41,7 +40,6 @@ public: ACLGrant_S3() {} virtual ~ACLGrant_S3() override {} - void to_xml(const DoutPrefixProvider* dpp, std::ostream& out); bool xml_end(const char *el) override; bool xml_start(const char *el, const char **attr); @@ -53,7 +51,6 @@ class RGWAccessControlList_S3 : public RGWAccessControlList, public XMLObj { public: bool xml_end(const char *el) override; - void to_xml(const DoutPrefixProvider* dpp, std::ostream& out); }; class ACLOwner_S3 : public ACLOwner, public XMLObj @@ -63,7 +60,6 @@ public: virtual ~ACLOwner_S3() override {} bool xml_end(const char *el) override; - void to_xml(std::ostream& out); }; class RGWEnv; @@ -73,7 +69,6 @@ class RGWAccessControlPolicy_S3 : public RGWAccessControlPolicy, public XMLObj public: bool xml_end(const char *el) override; - void to_xml(const DoutPrefixProvider* dpp, std::ostream& out); int rebuild(const DoutPrefixProvider *dpp, rgw::sal::Driver* driver, ACLOwner *owner, RGWAccessControlPolicy& dest, std::string &err_msg); }; @@ -93,6 +88,10 @@ public: namespace rgw::s3 { +/// Write an AccessControlPolicy xml document for the given policy. +void write_policy_xml(const RGWAccessControlPolicy& policy, + std::ostream& out); + /// Construct a policy from a s3 canned acl string. int create_canned_acl(const ACLOwner& owner, const ACLOwner& bucket_owner, diff --git a/src/rgw/rgw_op.cc b/src/rgw/rgw_op.cc index cbc13d593f122..f822c13932dfa 100644 --- a/src/rgw/rgw_op.cc +++ b/src/rgw/rgw_op.cc @@ -230,8 +230,7 @@ static int decode_policy(const DoutPrefixProvider *dpp, } if (cct->_conf->subsys.should_gather()) { ldpp_dout(dpp, 15) << __func__ << " Read AccessControlPolicy"; - RGWAccessControlPolicy_S3 *s3policy = static_cast(policy); - s3policy->to_xml(dpp, *_dout); + rgw::s3::write_policy_xml(*policy, *_dout); *_dout << dendl; } return 0; @@ -1640,9 +1639,8 @@ int rgw_policy_from_attrset(const DoutPrefixProvider *dpp, CephContext *cct, map return -EIO; } if (cct->_conf->subsys.should_gather()) { - RGWAccessControlPolicy_S3 *s3policy = static_cast(policy); ldpp_dout(dpp, 15) << __func__ << " Read AccessControlPolicy"; - s3policy->to_xml(dpp, *_dout); + rgw::s3::write_policy_xml(*policy, *_dout); *_dout << dendl; } return 0; @@ -5889,11 +5887,11 @@ void RGWGetACLs::pre_exec() void RGWGetACLs::execute(optional_yield y) { stringstream ss; - RGWAccessControlPolicy* const acl = \ - (!rgw::sal::Object::empty(s->object.get()) ? s->object_acl.get() : s->bucket_acl.get()); - RGWAccessControlPolicy_S3* const s3policy = \ - static_cast(acl); - s3policy->to_xml(this, ss); + if (rgw::sal::Object::empty(s->object.get())) { + rgw::s3::write_policy_xml(*s->bucket_acl, ss); + } else { + rgw::s3::write_policy_xml(*s->object_acl, ss); + } acls = ss.str(); } @@ -6080,7 +6078,7 @@ void RGWPutACLs::execute(optional_yield y) if (s->cct->_conf->subsys.should_gather()) { ldpp_dout(this, 15) << "Old AccessControlPolicy"; - policy->to_xml(this, *_dout); + rgw::s3::write_policy_xml(*policy, *_dout); *_dout << dendl; } @@ -6090,7 +6088,7 @@ void RGWPutACLs::execute(optional_yield y) if (s->cct->_conf->subsys.should_gather()) { ldpp_dout(this, 15) << "New AccessControlPolicy:"; - new_policy.to_xml(this, *_dout); + rgw::s3::write_policy_xml(new_policy, *_dout); *_dout << dendl; } diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc index a5956def0d25f..73f16e449e994 100644 --- a/src/rgw/rgw_rest_s3.cc +++ b/src/rgw/rgw_rest_s3.cc @@ -3638,7 +3638,7 @@ int RGWPutACLs_ObjStore_S3::get_policy_from_state(rgw::sal::Driver* driver, if (r < 0) return r; - s3policy.to_xml(this, ss); + rgw::s3::write_policy_xml(s3policy, ss); return 0; } -- 2.39.5