From 520e4ffa3e2832f3d4ac0ec0652de62e33b5d868 Mon Sep 17 00:00:00 2001 From: Pritha Srivastava Date: Mon, 22 Nov 2021 12:24:50 +0530 Subject: [PATCH] rgw: moving data members of RGWRole into RGWRoleInfo. Signed-off-by: Pritha Srivastava --- src/rgw/rgw_role.cc | 256 ++++++++++++++++++++----------------- src/rgw/rgw_role.h | 146 ++++++++++----------- src/rgw/rgw_sal.h | 2 + src/rgw/rgw_sal_dbstore.cc | 6 + src/rgw/rgw_sal_dbstore.h | 1 + src/rgw/rgw_sal_motr.cc | 6 + src/rgw/rgw_sal_motr.h | 1 + src/rgw/rgw_sal_rados.cc | 114 +++++++++-------- src/rgw/rgw_sal_rados.h | 2 + 9 files changed, 289 insertions(+), 245 deletions(-) diff --git a/src/rgw/rgw_role.cc b/src/rgw/rgw_role.cc index c37b4ed003d0c..9013889d3dab5 100644 --- a/src/rgw/rgw_role.cc +++ b/src/rgw/rgw_role.cc @@ -36,6 +36,68 @@ const string RGWRole::role_oid_prefix = "roles."; const string RGWRole::role_path_oid_prefix = "role_paths."; const string RGWRole::role_arn_prefix = "arn:aws:iam::"; +void RGWRoleInfo::dump(Formatter *f) const +{ + encode_json("RoleId", id , f); + encode_json("RoleName", name , f); + encode_json("Path", path, f); + encode_json("Arn", arn, f); + encode_json("CreateDate", creation_date, f); + encode_json("MaxSessionDuration", max_session_duration, f); + encode_json("AssumeRolePolicyDocument", trust_policy, f); + if (!tags.empty()) { + f->open_array_section("Tags"); + for (const auto& it : tags) { + f->open_object_section("Key"); + encode_json("Key", it.first, f); + f->close_section(); + f->open_object_section("Value"); + encode_json("Value", it.second, f); + f->close_section(); + } + f->close_section(); + } +} + +void RGWRoleInfo::decode_json(JSONObj *obj) +{ + JSONDecoder::decode_json("RoleId", id, obj); + JSONDecoder::decode_json("RoleName", name, obj); + JSONDecoder::decode_json("Path", path, obj); + JSONDecoder::decode_json("Arn", arn, obj); + JSONDecoder::decode_json("CreateDate", creation_date, obj); + JSONDecoder::decode_json("MaxSessionDuration", max_session_duration, obj); + JSONDecoder::decode_json("AssumeRolePolicyDocument", trust_policy, obj); +} + +RGWRole::RGWRole(std::string name, + std::string tenant, + std::string path, + std::string trust_policy, + std::string max_session_duration_str, + std::multimap tags) +{ + info.name = std::move(name); + info.path = std::move(path); + info.trust_policy = std::move(trust_policy); + info.tenant = std::move(tenant); + info.tags = std::move(tags); + if (this->info.path.empty()) + this->info.path = "/"; + extract_name_tenant(this->info.name); + if (max_session_duration_str.empty()) { + info.max_session_duration = SESSION_DURATION_MIN; + } else { + info.max_session_duration = std::stoull(max_session_duration_str); + } + info.mtime = real_time(); +} + +RGWRole::RGWRole(std::string id) +{ + info.id = std::move(id); +} + int RGWRole::get(const DoutPrefixProvider *dpp, optional_yield y) { int ret = read_name(dpp, y); @@ -61,12 +123,62 @@ int RGWRole::get_by_id(const DoutPrefixProvider *dpp, optional_yield y) return 0; } +void RGWRole::dump(Formatter *f) const +{ + info.dump(f); +} + +void RGWRole::decode_json(JSONObj *obj) +{ + info.decode_json(obj); +} + +bool RGWRole::validate_input(const DoutPrefixProvider* dpp) +{ + if (info.name.length() > MAX_ROLE_NAME_LEN) { + ldpp_dout(dpp, 0) << "ERROR: Invalid name length " << dendl; + return false; + } + + if (info.path.length() > MAX_PATH_NAME_LEN) { + ldpp_dout(dpp, 0) << "ERROR: Invalid path length " << dendl; + return false; + } + + std::regex regex_name("[A-Za-z0-9:=,.@-]+"); + if (! std::regex_match(info.name, regex_name)) { + ldpp_dout(dpp, 0) << "ERROR: Invalid chars in name " << dendl; + return false; + } + + std::regex regex_path("(/[!-~]+/)|(/)"); + if (! std::regex_match(info.path,regex_path)) { + ldpp_dout(dpp, 0) << "ERROR: Invalid chars in path " << dendl; + return false; + } + + if (info.max_session_duration < SESSION_DURATION_MIN || + info.max_session_duration > SESSION_DURATION_MAX) { + ldpp_dout(dpp, 0) << "ERROR: Invalid session duration, should be between 3600 and 43200 seconds " << dendl; + return false; + } + return true; +} + +void RGWRole::extract_name_tenant(const std::string& str) { + if (auto pos = str.find('$'); + pos != std::string::npos) { + info.tenant = str.substr(0, pos); + info.name = str.substr(pos+1); + } +} + int RGWRole::update(const DoutPrefixProvider *dpp, optional_yield y) { int ret = store_info(dpp, false, y); if (ret < 0) { ldpp_dout(dpp, 0) << "ERROR: storing info in Role pool: " - << id << ": " << cpp_strerror(-ret) << dendl; + << info.id << ": " << cpp_strerror(-ret) << dendl; return ret; } @@ -75,13 +187,13 @@ int RGWRole::update(const DoutPrefixProvider *dpp, optional_yield y) void RGWRole::set_perm_policy(const string& policy_name, const string& perm_policy) { - perm_policy_map[policy_name] = perm_policy; + info.perm_policy_map[policy_name] = perm_policy; } vector RGWRole::get_role_policy_names() { vector policy_names; - for (const auto& it : perm_policy_map) + for (const auto& it : info.perm_policy_map) { policy_names.push_back(std::move(it.first)); } @@ -91,8 +203,8 @@ vector RGWRole::get_role_policy_names() int RGWRole::get_role_policy(const DoutPrefixProvider* dpp, const string& policy_name, string& perm_policy) { - const auto it = perm_policy_map.find(policy_name); - if (it == perm_policy_map.end()) { + const auto it = info.perm_policy_map.find(policy_name); + if (it == info.perm_policy_map.end()) { ldpp_dout(dpp, 0) << "ERROR: Policy name: " << policy_name << " not found" << dendl; return -ENOENT; } else { @@ -103,101 +215,27 @@ int RGWRole::get_role_policy(const DoutPrefixProvider* dpp, const string& policy int RGWRole::delete_policy(const DoutPrefixProvider* dpp, const string& policy_name) { - const auto& it = perm_policy_map.find(policy_name); - if (it == perm_policy_map.end()) { + const auto& it = info.perm_policy_map.find(policy_name); + if (it == info.perm_policy_map.end()) { ldpp_dout(dpp, 0) << "ERROR: Policy name: " << policy_name << " not found" << dendl; return -ENOENT; } else { - perm_policy_map.erase(it); + info.perm_policy_map.erase(it); } return 0; } -void RGWRole::dump(Formatter *f) const -{ - encode_json("RoleId", id , f); - encode_json("RoleName", name , f); - encode_json("Path", path, f); - encode_json("Arn", arn, f); - encode_json("CreateDate", creation_date, f); - encode_json("MaxSessionDuration", max_session_duration, f); - encode_json("AssumeRolePolicyDocument", trust_policy, f); - if (!tags.empty()) { - f->open_array_section("Tags"); - for (const auto& it : tags) { - f->open_object_section("Key"); - encode_json("Key", it.first, f); - f->close_section(); - f->open_object_section("Value"); - encode_json("Value", it.second, f); - f->close_section(); - } - f->close_section(); - } -} - -void RGWRole::decode_json(JSONObj *obj) -{ - JSONDecoder::decode_json("RoleId", id, obj); - JSONDecoder::decode_json("RoleName", name, obj); - JSONDecoder::decode_json("Path", path, obj); - JSONDecoder::decode_json("Arn", arn, obj); - JSONDecoder::decode_json("CreateDate", creation_date, obj); - JSONDecoder::decode_json("MaxSessionDuration", max_session_duration, obj); - JSONDecoder::decode_json("AssumeRolePolicyDocument", trust_policy, obj); -} - -bool RGWRole::validate_input(const DoutPrefixProvider* dpp) -{ - if (name.length() > MAX_ROLE_NAME_LEN) { - ldpp_dout(dpp, 0) << "ERROR: Invalid name length " << dendl; - return false; - } - - if (path.length() > MAX_PATH_NAME_LEN) { - ldpp_dout(dpp, 0) << "ERROR: Invalid path length " << dendl; - return false; - } - - std::regex regex_name("[A-Za-z0-9:=,.@-]+"); - if (! std::regex_match(name, regex_name)) { - ldpp_dout(dpp, 0) << "ERROR: Invalid chars in name " << dendl; - return false; - } - - std::regex regex_path("(/[!-~]+/)|(/)"); - if (! std::regex_match(path,regex_path)) { - ldpp_dout(dpp, 0) << "ERROR: Invalid chars in path " << dendl; - return false; - } - - if (max_session_duration < SESSION_DURATION_MIN || - max_session_duration > SESSION_DURATION_MAX) { - ldpp_dout(dpp, 0) << "ERROR: Invalid session duration, should be between 3600 and 43200 seconds " << dendl; - return false; - } - return true; -} - -void RGWRole::extract_name_tenant(const std::string& str) { - if (auto pos = str.find('$'); - pos != std::string::npos) { - tenant = str.substr(0, pos); - name = str.substr(pos+1); - } -} - void RGWRole::update_trust_policy(string& trust_policy) { - this->trust_policy = trust_policy; + this->info.trust_policy = trust_policy; } int RGWRole::set_tags(const DoutPrefixProvider* dpp, const multimap& tags_map) { for (auto& it : tags_map) { - this->tags.emplace(it.first, it.second); + this->info.tags.emplace(it.first, it.second); } - if (this->tags.size() > 50) { + if (this->info.tags.size() > 50) { ldpp_dout(dpp, 0) << "No. of tags is greater than 50" << dendl; return -EINVAL; } @@ -206,16 +244,16 @@ int RGWRole::set_tags(const DoutPrefixProvider* dpp, const multimap> RGWRole::get_tags() { - if(this->tags.empty()) { + if(this->info.tags.empty()) { return boost::none; } - return this->tags; + return this->info.tags; } void RGWRole::erase_tags(const vector& tagKeys) { for (auto& it : tagKeys) { - this->tags.erase(it); + this->info.tags.erase(it); } } @@ -330,34 +368,19 @@ RGWRoleMetadataHandler::RGWRoleMetadataHandler(CephContext *cct, Store* store, base_init(role_svc->ctx(), role_svc->get_be_handler()); } -void RGWRoleCompleteInfo::dump(ceph::Formatter *f) const -{ - info->dump(f); - if (has_attrs) { - encode_json("attrs", info->get_attrs(), f); - } -} - -void RGWRoleCompleteInfo::decode_json(JSONObj *obj) -{ - decode_json_obj(*info, obj); - has_attrs = JSONDecoder::decode_json("attrs", info->get_attrs(), obj); -} - - RGWMetadataObject *RGWRoleMetadataHandler::get_meta_obj(JSONObj *jo, const obj_version& objv, const ceph::real_time& mtime) { - RGWRoleCompleteInfo rci; + RGWRoleInfo info; try { - decode_json_obj(rci, jo); + info.decode_json(jo); } catch (JSONDecoder:: err& e) { return nullptr; } - return new RGWRoleMetadataObject(rci, objv, mtime); + return new RGWRoleMetadataObject(info, objv, mtime, store); } int RGWRoleMetadataHandler::do_get(RGWSI_MetaBackend_Handler::Op *op, @@ -366,19 +389,18 @@ int RGWRoleMetadataHandler::do_get(RGWSI_MetaBackend_Handler::Op *op, optional_yield y, const DoutPrefixProvider *dpp) { - RGWRoleCompleteInfo rci; std::unique_ptr role = store->get_role(entry); - rci.info = role.get(); - int ret = rci.info->read_info(dpp, y, false); + int ret = role->read_info(dpp, y, false); if (ret < 0) { return ret; } - RGWObjVersionTracker objv_tracker = rci.info->get_objv_tracker(); - real_time mtime = rci.info->get_mtime(); + RGWObjVersionTracker objv_tracker = role->get_objv_tracker(); + real_time mtime = role->get_mtime(); - RGWRoleMetadataObject *rdo = new RGWRoleMetadataObject(rci, objv_tracker.read_version, - mtime); + RGWRoleInfo info = role->get_info(); + RGWRoleMetadataObject *rdo = new RGWRoleMetadataObject(info, objv_tracker.read_version, + mtime, store); *obj = rdo; return 0; @@ -418,10 +440,12 @@ public: } int put_checked(const DoutPrefixProvider *dpp) override { - auto& rci = mdo->get_rci(); + auto& info = mdo->get_role_info(); auto mtime = mdo->get_mtime(); - rci.info->set_mtime(mtime); - int ret = rci.info->create(dpp, true, y, false); + auto* store = mdo->get_store(); + info.mtime = mtime; + std::unique_ptr role = store->get_role(info); + int ret = role->create(dpp, true, y, false); return ret < 0 ? ret : STATUS_APPLIED; } }; diff --git a/src/rgw/rgw_role.h b/src/rgw/rgw_role.h index dfbd81e16023f..94106bc3aed8a 100644 --- a/src/rgw/rgw_role.h +++ b/src/rgw/rgw_role.h @@ -16,19 +16,8 @@ class RGWRados; namespace rgw { namespace sal { -class RGWRole +struct RGWRoleInfo { -public: - static const std::string role_name_oid_prefix; - static const std::string role_oid_prefix; - static const std::string role_path_oid_prefix; - static const std::string role_arn_prefix; - static constexpr int MAX_ROLE_NAME_LEN = 64; - static constexpr int MAX_PATH_NAME_LEN = 512; - static constexpr uint64_t SESSION_DURATION_MIN = 3600; // in seconds - static constexpr uint64_t SESSION_DURATION_MAX = 43200; // in seconds -protected: - std::string id; std::string name; std::string path; @@ -43,43 +32,9 @@ protected: RGWObjVersionTracker objv_tracker; real_time mtime; -public: - virtual int store_info(const DoutPrefixProvider *dpp, bool exclusive, optional_yield y, bool addprefix=true) = 0; - virtual int store_name(const DoutPrefixProvider *dpp, bool exclusive, optional_yield y) = 0; - virtual int store_path(const DoutPrefixProvider *dpp, bool exclusive, optional_yield y) = 0; - virtual int read_id(const DoutPrefixProvider *dpp, const std::string& role_name, const std::string& tenant, std::string& role_id, optional_yield y) = 0; - virtual int read_name(const DoutPrefixProvider *dpp, optional_yield y) = 0; - virtual int read_info(const DoutPrefixProvider *dpp, optional_yield y, bool addprefix=true) = 0; - bool validate_input(const DoutPrefixProvider* dpp); - void extract_name_tenant(const std::string& str); + RGWRoleInfo() = default; - RGWRole(std::string name, - std::string tenant, - std::string path="", - std::string trust_policy="", - std::string max_session_duration_str="", - std::multimap tags={}) - : name(std::move(name)), - path(std::move(path)), - trust_policy(std::move(trust_policy)), - tenant(std::move(tenant)), - tags(std::move(tags)) { - if (this->path.empty()) - this->path = "/"; - extract_name_tenant(name); - if (max_session_duration_str.empty()) { - max_session_duration = SESSION_DURATION_MIN; - } else { - max_session_duration = std::stoull(max_session_duration_str); - } - mtime = real_time(); - } - - RGWRole(std::string id) : id(std::move(id)) {} - - RGWRole() = default; - - virtual ~RGWRole() = default; + virtual ~RGWRoleInfo() = default; void encode(bufferlist& bl) const { ENCODE_START(3, 1, bl); @@ -113,19 +68,63 @@ public: DECODE_FINISH(bl); } - const std::string& get_id() const { return id; } - const std::string& get_name() const { return name; } - const std::string& get_tenant() const { return tenant; } - const std::string& get_path() const { return path; } - const std::string& get_create_date() const { return creation_date; } - const std::string& get_assume_role_policy() const { return trust_policy;} - const uint64_t& get_max_session_duration() const { return max_session_duration; } - const RGWObjVersionTracker& get_objv_tracker() const { return objv_tracker; } - const real_time& get_mtime() const { return mtime; } - std::map& get_attrs() { return attrs; } + void dump(Formatter *f) const; + void decode_json(JSONObj *obj); +}; +WRITE_CLASS_ENCODER(RGWRoleInfo) + +class RGWRole +{ +public: + static const std::string role_name_oid_prefix; + static const std::string role_oid_prefix; + static const std::string role_path_oid_prefix; + static const std::string role_arn_prefix; + static constexpr int MAX_ROLE_NAME_LEN = 64; + static constexpr int MAX_PATH_NAME_LEN = 512; + static constexpr uint64_t SESSION_DURATION_MIN = 3600; // in seconds + static constexpr uint64_t SESSION_DURATION_MAX = 43200; // in seconds +protected: + RGWRoleInfo info; +public: + virtual int store_info(const DoutPrefixProvider *dpp, bool exclusive, optional_yield y, bool addprefix=true) = 0; + virtual int store_name(const DoutPrefixProvider *dpp, bool exclusive, optional_yield y) = 0; + virtual int store_path(const DoutPrefixProvider *dpp, bool exclusive, optional_yield y) = 0; + virtual int read_id(const DoutPrefixProvider *dpp, const std::string& role_name, const std::string& tenant, std::string& role_id, optional_yield y) = 0; + virtual int read_name(const DoutPrefixProvider *dpp, optional_yield y) = 0; + virtual int read_info(const DoutPrefixProvider *dpp, optional_yield y, bool addprefix=true) = 0; + bool validate_input(const DoutPrefixProvider* dpp); + void extract_name_tenant(const std::string& str); + + RGWRole(std::string name, + std::string tenant, + std::string path="", + std::string trust_policy="", + std::string max_session_duration_str="", + std::multimap tags={}); + + RGWRole(std::string id); + + RGWRole(const RGWRoleInfo& info) : info(info) {} + + RGWRole() = default; + + virtual ~RGWRole() = default; - void set_id(const std::string& id) { this->id = id; } - void set_mtime(const real_time& mtime) { this->mtime = mtime; } + const std::string& get_id() const { return info.id; } + const std::string& get_name() const { return info.name; } + const std::string& get_tenant() const { return info.tenant; } + const std::string& get_path() const { return info.path; } + const std::string& get_create_date() const { return info.creation_date; } + const std::string& get_assume_role_policy() const { return info.trust_policy;} + const uint64_t& get_max_session_duration() const { return info.max_session_duration; } + const RGWObjVersionTracker& get_objv_tracker() const { return info.objv_tracker; } + const real_time& get_mtime() const { return info.mtime; } + std::map& get_attrs() { return info.attrs; } + RGWRoleInfo& get_info() { return info; } + + void set_id(const std::string& id) { this->info.id = id; } + void set_mtime(const real_time& mtime) { this->info.mtime = mtime; } virtual int create(const DoutPrefixProvider *dpp, bool exclusive, optional_yield y, bool addprefix=true) = 0; virtual int delete_obj(const DoutPrefixProvider *dpp, optional_yield y) = 0; @@ -147,30 +146,27 @@ public: static const std::string& get_info_oid_prefix(); static const std::string& get_path_oid_prefix(); }; -WRITE_CLASS_ENCODER(RGWRole) - -struct RGWRoleCompleteInfo { - RGWRole* info; - bool has_attrs; - - void dump(Formatter *f) const; - void decode_json(JSONObj *obj); -}; class RGWRoleMetadataObject: public RGWMetadataObject { - RGWRoleCompleteInfo rci; + RGWRoleInfo info; + Store* store; public: RGWRoleMetadataObject() = default; - RGWRoleMetadataObject(const RGWRoleCompleteInfo& _rci, + RGWRoleMetadataObject(RGWRoleInfo info, const obj_version& v, - real_time m) : RGWMetadataObject(v,m), rci(_rci) {} + real_time m, + Store* store) : RGWMetadataObject(v,m), info(info), store(store) {} void dump(Formatter *f) const override { - rci.dump(f); + info.dump(f); + } + + RGWRoleInfo& get_role_info() { + return info; } - RGWRoleCompleteInfo& get_rci() { - return rci; + Store* get_store() { + return store; } }; diff --git a/src/rgw/rgw_sal.h b/src/rgw/rgw_sal.h index 736237ae86fda..74a5fa5731c1b 100644 --- a/src/rgw/rgw_sal.h +++ b/src/rgw/rgw_sal.h @@ -215,6 +215,7 @@ class LuaScriptManager; class RGWOIDCProvider; class RGWRole; class PlacementTier; +struct RGWRoleInfo; enum AttrsMod { ATTRSMOD_NONE = 0, @@ -412,6 +413,7 @@ class Store { std::multimap tags={}) = 0; /** Get an IAM Role by ID */ virtual std::unique_ptr get_role(std::string id) = 0; + virtual std::unique_ptr get_role(const RGWRoleInfo& info) = 0; /** Get all IAM Roles optionally filtered by path */ virtual int get_roles(const DoutPrefixProvider *dpp, optional_yield y, diff --git a/src/rgw/rgw_sal_dbstore.cc b/src/rgw/rgw_sal_dbstore.cc index f8b539052b885..ac39fa721b304 100644 --- a/src/rgw/rgw_sal_dbstore.cc +++ b/src/rgw/rgw_sal_dbstore.cc @@ -1552,6 +1552,12 @@ namespace rgw::sal { return std::unique_ptr(p); } + std::unique_ptr DBStore::get_role(const RGWRoleInfo& info) + { + RGWRole* p = nullptr; + return std::unique_ptr(p); + } + int DBStore::get_roles(const DoutPrefixProvider *dpp, optional_yield y, const std::string& path_prefix, diff --git a/src/rgw/rgw_sal_dbstore.h b/src/rgw/rgw_sal_dbstore.h index 5320cf9440588..36b51a13671d0 100644 --- a/src/rgw/rgw_sal_dbstore.h +++ b/src/rgw/rgw_sal_dbstore.h @@ -830,6 +830,7 @@ public: std::string max_session_duration_str="", std::multimap tags={}) override; virtual std::unique_ptr get_role(std::string id) override; + virtual std::unique_ptr get_role(const RGWRoleInfo& info) override; virtual int get_roles(const DoutPrefixProvider *dpp, optional_yield y, const std::string& path_prefix, diff --git a/src/rgw/rgw_sal_motr.cc b/src/rgw/rgw_sal_motr.cc index 951c701c984d6..49bb92454c971 100644 --- a/src/rgw/rgw_sal_motr.cc +++ b/src/rgw/rgw_sal_motr.cc @@ -2765,6 +2765,12 @@ std::unique_ptr MotrStore::get_role(std::string name, return std::unique_ptr(p); } +std::unique_ptr MotrStore::get_role(const RGWRoleInfo& info) +{ + RGWRole* p = nullptr; + return std::unique_ptr(p); +} + std::unique_ptr MotrStore::get_role(std::string id) { RGWRole* p = nullptr; diff --git a/src/rgw/rgw_sal_motr.h b/src/rgw/rgw_sal_motr.h index 7eea784962a86..dd990a693cd37 100644 --- a/src/rgw/rgw_sal_motr.h +++ b/src/rgw/rgw_sal_motr.h @@ -967,6 +967,7 @@ class MotrStore : public Store { std::string trust_policy="", std::string max_session_duration_str="", std::multimap tags={}) override; + virtual std::unique_ptr get_role(const RGWRoleInfo& info) override; virtual std::unique_ptr get_role(std::string id) override; virtual int get_roles(const DoutPrefixProvider *dpp, optional_yield y, diff --git a/src/rgw/rgw_sal_rados.cc b/src/rgw/rgw_sal_rados.cc index 832d8066f1e72..8b46f6550be8f 100644 --- a/src/rgw/rgw_sal_rados.cc +++ b/src/rgw/rgw_sal_rados.cc @@ -1343,6 +1343,11 @@ std::unique_ptr RadosStore::get_role(std::string id) return std::make_unique(this, id); } +std::unique_ptr RadosStore::get_role(const RGWRoleInfo& info) +{ + return std::make_unique(this, info); +} + int RadosStore::get_roles(const DoutPrefixProvider *dpp, optional_yield y, const std::string& path_prefix, @@ -3068,55 +3073,55 @@ int RadosRole::store_info(const DoutPrefixProvider *dpp, bool exclusive, optiona std::string oid; if (addprefix) { - oid = get_info_oid_prefix() + id; + oid = get_info_oid_prefix() + info.id; } else { - oid = id; + oid = info.id; } bufferlist bl; - encode(*this, bl); + encode(this->info, bl); - if (!this->tags.empty()) { + if (!this->info.tags.empty()) { bufferlist bl_tags; - encode(this->tags, bl_tags); - attrs.emplace("tagging", bl_tags); + encode(this->info.tags, bl_tags); + info.attrs.emplace("tagging", bl_tags); } - RGWSI_MBSObj_PutParams params(bl, &attrs, mtime, exclusive); + RGWSI_MBSObj_PutParams params(bl, &info.attrs, info.mtime, exclusive); std::unique_ptr ctx(store->svc()->role->svc.meta_be->alloc_ctx()); ctx->init(store->svc()->role->get_be_handler()); - return store->svc()->role->svc.meta_be->put(ctx.get(), oid, params, &objv_tracker, y, dpp); + return store->svc()->role->svc.meta_be->put(ctx.get(), oid, params, &info.objv_tracker, y, dpp); } int RadosRole::store_name(const DoutPrefixProvider *dpp, bool exclusive, optional_yield y) { auto obj_ctx = store->svc()->sysobj->init_obj_ctx(); RGWNameToId nameToId; - nameToId.obj_id = id; + nameToId.obj_id = info.id; - std::string oid = tenant + get_names_oid_prefix() + name; + std::string oid = info.tenant + get_names_oid_prefix() + info.name; bufferlist bl; using ceph::encode; encode(nameToId, bl); - return rgw_put_system_obj(dpp, obj_ctx, store->svc()->zone->get_zone_params().roles_pool, oid, bl, exclusive, &objv_tracker, real_time(), y); + return rgw_put_system_obj(dpp, obj_ctx, store->svc()->zone->get_zone_params().roles_pool, oid, bl, exclusive, &info.objv_tracker, real_time(), y); } int RadosRole::store_path(const DoutPrefixProvider *dpp, bool exclusive, optional_yield y) { auto obj_ctx = store->svc()->sysobj->init_obj_ctx(); - std::string oid = tenant + get_path_oid_prefix() + path + get_info_oid_prefix() + id; + std::string oid = info.tenant + get_path_oid_prefix() + info.path + get_info_oid_prefix() + info.id; bufferlist bl; - return rgw_put_system_obj(dpp, obj_ctx, store->svc()->zone->get_zone_params().roles_pool, oid, bl, exclusive, &objv_tracker, real_time(), y); + return rgw_put_system_obj(dpp, obj_ctx, store->svc()->zone->get_zone_params().roles_pool, oid, bl, exclusive, &info.objv_tracker, real_time(), y); } int RadosRole::read_id(const DoutPrefixProvider *dpp, const std::string& role_name, const std::string& tenant, std::string& role_id, optional_yield y) { auto obj_ctx = store->svc()->sysobj->init_obj_ctx(); - std::string oid = tenant + get_names_oid_prefix() + role_name; + std::string oid = info.tenant + get_names_oid_prefix() + role_name; bufferlist bl; int ret = rgw_get_system_obj(obj_ctx, store->svc()->zone->get_zone_params().roles_pool, oid, bl, nullptr, nullptr, null_yield, dpp); @@ -3140,12 +3145,12 @@ int RadosRole::read_id(const DoutPrefixProvider *dpp, const std::string& role_na int RadosRole::read_name(const DoutPrefixProvider *dpp, optional_yield y) { auto obj_ctx = store->svc()->sysobj->init_obj_ctx(); - std::string oid = tenant + get_names_oid_prefix() + name; + std::string oid = info.tenant + get_names_oid_prefix() + info.name; bufferlist bl; int ret = rgw_get_system_obj(obj_ctx, store->svc()->zone->get_zone_params().roles_pool, oid, bl, nullptr, nullptr, null_yield, dpp); if (ret < 0) { - ldpp_dout(dpp, 0) << "ERROR: failed reading role name from Role pool: " << name << + ldpp_dout(dpp, 0) << "ERROR: failed reading role name from Role pool: " << info.name << ": " << cpp_strerror(-ret) << dendl; return ret; } @@ -3156,57 +3161,58 @@ int RadosRole::read_name(const DoutPrefixProvider *dpp, optional_yield y) auto iter = bl.cbegin(); decode(nameToId, iter); } catch (buffer::error& err) { - ldpp_dout(dpp, 0) << "ERROR: failed to decode role name from Role pool: " << name << dendl; + ldpp_dout(dpp, 0) << "ERROR: failed to decode role name from Role pool: " << info.name << dendl; return -EIO; } - id = nameToId.obj_id; + info.id = nameToId.obj_id; return 0; } int RadosRole::read_info(const DoutPrefixProvider *dpp, optional_yield y, bool addprefix) { - //auto obj_ctx = store->svc()->sysobj->init_obj_ctx(); + auto obj_ctx = store->svc()->sysobj->init_obj_ctx(); std::string oid; if (addprefix) { - oid = get_info_oid_prefix() + id; + oid = get_info_oid_prefix() + info.id; } else { - oid = id; + oid = info.id; } bufferlist bl; - RGWSI_MBSObj_GetParams params(&bl, &attrs, &mtime); + RGWSI_MBSObj_GetParams params(&bl, &info.attrs, &info.mtime); std::unique_ptr ctx(store->svc()->role->svc.meta_be->alloc_ctx()); ctx->init(store->svc()->role->get_be_handler()); - int ret = store->svc()->role->svc.meta_be->get_entry(ctx.get(), oid, params, &objv_tracker, y, dpp); + int ret = store->svc()->role->svc.meta_be->get_entry(ctx.get(), oid, params, &info.objv_tracker, y, dpp); if (ret < 0) { + ldpp_dout(dpp, 0) << "ERROR: failed reading role info from Role pool: " << info.id << ": " << cpp_strerror(-ret) << dendl; return ret; } #if 0 - int ret = rgw_get_system_obj(obj_ctx, store->get_zone()->get_params().roles_pool, oid, bl, &objv_tracker, &mtime, null_yield, dpp, &attrs, nullptr, boost::none, true); + int ret = rgw_get_system_obj(obj_ctx, store->get_zone()->get_params().roles_pool, oid, bl, &info.objv_tracker, &info.mtime, null_yield, dpp, &info.attrs, nullptr, boost::none, true); if (ret < 0) { - ldpp_dout(dpp, 0) << "ERROR: failed reading role info from Role pool: " << id << ": " << cpp_strerror(-ret) << dendl; + ldpp_dout(dpp, 0) << "ERROR: failed reading role info from Role pool: " << info.id << ": " << cpp_strerror(-ret) << dendl; return ret; } #endif try { using ceph::decode; auto iter = bl.cbegin(); - decode(*this, iter); + decode(this->info, iter); } catch (buffer::error& err) { - ldpp_dout(dpp, 0) << "ERROR: failed to decode role info from Role pool: " << id << dendl; + ldpp_dout(dpp, 0) << "ERROR: failed to decode role info from Role pool: " << info.id << dendl; return -EIO; } - auto it = attrs.find("tagging"); - if (it != attrs.end()) { + auto it = info.attrs.find("tagging"); + if (it != info.attrs.end()) { bufferlist bl_tags = it->second; try { using ceph::decode; auto iter = bl_tags.cbegin(); - decode(tags, iter); + decode(info.tags, iter); } catch (buffer::error& err) { - ldpp_dout(dpp, 0) << "ERROR: failed to decode attrs" << id << dendl; + ldpp_dout(dpp, 0) << "ERROR: failed to decode attrs" << info.id << dendl; return -EIO; } } @@ -3223,13 +3229,13 @@ int RadosRole::create(const DoutPrefixProvider *dpp, bool exclusive, optional_yi } /* check to see the name is not used */ - ret = read_id(dpp, name, tenant, id, y); + ret = read_id(dpp, info.name, info.tenant, info.id, y); if (exclusive && ret == 0) { - ldpp_dout(dpp, 0) << "ERROR: name " << name << " already in use for role id " - << id << dendl; + ldpp_dout(dpp, 0) << "ERROR: name " << info.name << " already in use for role id " + << info.id << dendl; return -EEXIST; } else if ( ret < 0 && ret != -ENOENT) { - ldpp_dout(dpp, 0) << "failed reading role id " << id << ": " + ldpp_dout(dpp, 0) << "failed reading role id " << info.id << ": " << cpp_strerror(-ret) << dendl; return ret; } @@ -3239,10 +3245,10 @@ int RadosRole::create(const DoutPrefixProvider *dpp, bool exclusive, optional_yi char uuid_str[37]; new_uuid.generate_random(); new_uuid.print(uuid_str); - id = uuid_str; + info.id = uuid_str; //arn - arn = role_arn_prefix + tenant + ":role" + path + name; + info.arn = role_arn_prefix + info.tenant + ":role" + info.path + info.name; // Creation time real_clock::time_point t = real_clock::now(); @@ -3255,27 +3261,27 @@ int RadosRole::create(const DoutPrefixProvider *dpp, bool exclusive, optional_yi gmtime_r(&tv.tv_sec, &result); strftime(buf,30,"%Y-%m-%dT%H:%M:%S", &result); sprintf(buf + strlen(buf),".%dZ",(int)tv.tv_usec/1000); - creation_date.assign(buf, strlen(buf)); + info.creation_date.assign(buf, strlen(buf)); auto& pool = store->svc()->zone->get_zone_params().roles_pool; ret = store_info(dpp, exclusive, y, addprefix); if (ret < 0) { ldpp_dout(dpp, 0) << "ERROR: storing role info in Role pool: " - << id << ": " << cpp_strerror(-ret) << dendl; + << info.id << ": " << cpp_strerror(-ret) << dendl; return ret; } ret = store_name(dpp, exclusive, y); if (ret < 0) { ldpp_dout(dpp, 0) << "ERROR: storing role name in Role pool: " - << name << ": " << cpp_strerror(-ret) << dendl; + << info.name << ": " << cpp_strerror(-ret) << dendl; //Delete the role info that was stored in the previous call - std::string oid = get_info_oid_prefix() + id; + std::string oid = get_info_oid_prefix() + info.id; int info_ret = rgw_delete_system_obj(dpp, store->svc()->sysobj, pool, oid, nullptr, y); if (info_ret < 0) { ldpp_dout(dpp, 0) << "ERROR: cleanup of role id from Role pool: " - << id << ": " << cpp_strerror(-info_ret) << dendl; + << info.id << ": " << cpp_strerror(-info_ret) << dendl; } return ret; } @@ -3283,20 +3289,20 @@ int RadosRole::create(const DoutPrefixProvider *dpp, bool exclusive, optional_yi ret = store_path(dpp, exclusive, y); if (ret < 0) { ldpp_dout(dpp, 0) << "ERROR: storing role path in Role pool: " - << path << ": " << cpp_strerror(-ret) << dendl; + << info.path << ": " << cpp_strerror(-ret) << dendl; //Delete the role info that was stored in the previous call - std::string oid = get_info_oid_prefix() + id; + std::string oid = get_info_oid_prefix() + info.id; int info_ret = rgw_delete_system_obj(dpp, store->svc()->sysobj, pool, oid, nullptr, y); if (info_ret < 0) { ldpp_dout(dpp, 0) << "ERROR: cleanup of role id from Role pool: " - << id << ": " << cpp_strerror(-info_ret) << dendl; + << info.id << ": " << cpp_strerror(-info_ret) << dendl; } //Delete role name that was stored in previous call - oid = tenant + get_names_oid_prefix() + name; + oid = info.tenant + get_names_oid_prefix() + info.name; int name_ret = rgw_delete_system_obj(dpp, store->svc()->sysobj, pool, oid, nullptr, y); if (name_ret < 0) { ldpp_dout(dpp, 0) << "ERROR: cleanup of role name from Role pool: " - << name << ": " << cpp_strerror(-name_ret) << dendl; + << info.name << ": " << cpp_strerror(-name_ret) << dendl; } return ret; } @@ -3317,32 +3323,32 @@ int RadosRole::delete_obj(const DoutPrefixProvider *dpp, optional_yield y) return ret; } - if (! perm_policy_map.empty()) { + if (! info.perm_policy_map.empty()) { return -ERR_DELETE_CONFLICT; } // Delete id - std::string oid = get_info_oid_prefix() + id; + std::string oid = get_info_oid_prefix() + info.id; ret = rgw_delete_system_obj(dpp, store->svc()->sysobj, pool, oid, nullptr, y); if (ret < 0) { ldpp_dout(dpp, 0) << "ERROR: deleting role id from Role pool: " - << id << ": " << cpp_strerror(-ret) << dendl; + << info.id << ": " << cpp_strerror(-ret) << dendl; } // Delete name - oid = tenant + get_names_oid_prefix() + name; + oid = info.tenant + get_names_oid_prefix() + info.name; ret = rgw_delete_system_obj(dpp, store->svc()->sysobj, pool, oid, nullptr, y); if (ret < 0) { ldpp_dout(dpp, 0) << "ERROR: deleting role name from Role pool: " - << name << ": " << cpp_strerror(-ret) << dendl; + << info.name << ": " << cpp_strerror(-ret) << dendl; } // Delete path - oid = tenant + get_path_oid_prefix() + path + get_info_oid_prefix() + id; + oid = info.tenant + get_path_oid_prefix() + info.path + get_info_oid_prefix() + info.id; ret = rgw_delete_system_obj(dpp, store->svc()->sysobj, pool, oid, nullptr, y); if (ret < 0) { ldpp_dout(dpp, 0) << "ERROR: deleting role path from Role pool: " - << path << ": " << cpp_strerror(-ret) << dendl; + << info.path << ": " << cpp_strerror(-ret) << dendl; } return ret; } diff --git a/src/rgw/rgw_sal_rados.h b/src/rgw/rgw_sal_rados.h index 48c5fd8aff859..f9b750e14817f 100644 --- a/src/rgw/rgw_sal_rados.h +++ b/src/rgw/rgw_sal_rados.h @@ -193,6 +193,7 @@ class RadosStore : public Store { std::string max_session_duration_str="", std::multimap tags={}) override; virtual std::unique_ptr get_role(std::string id) override; + virtual std::unique_ptr get_role(const RGWRoleInfo& info) override; virtual int get_roles(const DoutPrefixProvider *dpp, optional_yield y, const std::string& path_prefix, @@ -903,6 +904,7 @@ public: std::string max_session_duration, std::multimap tags) : RGWRole(name, tenant, path, trust_policy, max_session_duration, tags), store(_store) {} RadosRole(RadosStore* _store, std::string id) : RGWRole(id), store(_store) {} + RadosRole(RadosStore* _store, const RGWRoleInfo& info) : RGWRole(info), store(_store) {} RadosRole(RadosStore* _store) : store(_store) {} ~RadosRole() = default; -- 2.39.5