From 65a0a0ae27ba49928a6739a72dada49a9a4489ed Mon Sep 17 00:00:00 2001 From: Radoslaw Zarzynski Date: Mon, 15 Feb 2016 14:16:58 +0100 Subject: [PATCH] rgw: enable management of admin privileges. Signed-off-by: Radoslaw Zarzynski --- src/rgw/rgw_admin.cc | 8 ++++++++ src/rgw/rgw_common.h | 18 +++++++++++++++--- src/rgw/rgw_user.cc | 4 ++++ src/rgw/rgw_user.h | 8 ++++++++ src/test/cli/radosgw-admin/help.t | 1 + 5 files changed, 36 insertions(+), 3 deletions(-) diff --git a/src/rgw/rgw_admin.cc b/src/rgw/rgw_admin.cc index 520fcc7986a85..3abfbdd6a3382 100644 --- a/src/rgw/rgw_admin.cc +++ b/src/rgw/rgw_admin.cc @@ -169,6 +169,7 @@ void _usage() cout << " of read, write, readwrite, full\n"; cout << " --display-name=\n"; cout << " --max_buckets max number of buckets for a user\n"; + cout << " --admin set the admin flag on the user\n"; cout << " --system set the system flag on the user\n"; cout << " --bucket=\n"; cout << " --pool=\n"; @@ -2021,6 +2022,8 @@ int main(int argc, char **argv) string start_marker; string end_marker; int max_entries = -1; + int admin = false; + bool admin_specified = false; int system = false; bool system_specified = false; int shard_id = -1; @@ -2124,6 +2127,8 @@ int main(int argc, char **argv) // do nothing } else if (ceph_argparse_binary_flag(args, i, &skip_zero_entries, NULL, "--skip_zero_entries", (char*)NULL)) { // do nothing + } else if (ceph_argparse_binary_flag(args, i, &admin, NULL, "--admin", (char*)NULL)) { + admin_specified = true; } else if (ceph_argparse_binary_flag(args, i, &system, NULL, "--system", (char*)NULL)) { system_specified = true; } else if (ceph_argparse_binary_flag(args, i, &staging, NULL, "--staging", (char*)NULL)) { @@ -3639,6 +3644,9 @@ int main(int argc, char **argv) if (max_buckets >= 0) user_op.set_max_buckets(max_buckets); + if (admin_specified) + user_op.set_admin(admin); + if (system_specified) user_op.set_system(system); diff --git a/src/rgw/rgw_common.h b/src/rgw/rgw_common.h index 6d87f0b92a630..ffb33741b4bb4 100644 --- a/src/rgw/rgw_common.h +++ b/src/rgw/rgw_common.h @@ -540,6 +540,7 @@ struct RGWUserInfo uint32_t max_buckets; uint32_t op_mask; RGWUserCaps caps; + __u8 admin; __u8 system; string default_placement; list placement_tags; @@ -547,7 +548,14 @@ struct RGWUserInfo map temp_url_keys; RGWQuotaInfo user_quota; - RGWUserInfo() : auid(0), suspended(0), max_buckets(RGW_DEFAULT_MAX_BUCKETS), op_mask(RGW_OP_TYPE_ALL), system(0) {} + RGWUserInfo() + : auid(0), + suspended(0), + max_buckets(RGW_DEFAULT_MAX_BUCKETS), + op_mask(RGW_OP_TYPE_ALL), + admin(0), + system(0) { + } RGWAccessKey* get_key0() { if (access_keys.empty()) @@ -557,7 +565,7 @@ struct RGWUserInfo } void encode(bufferlist& bl) const { - ENCODE_START(17, 9, bl); + ENCODE_START(18, 9, bl); ::encode(auid, bl); string access_key; string secret_key; @@ -596,10 +604,11 @@ struct RGWUserInfo ::encode(temp_url_keys, bl); ::encode(user_quota, bl); ::encode(user_id.tenant, bl); + ::encode(admin, bl); ENCODE_FINISH(bl); } void decode(bufferlist::iterator& bl) { - DECODE_START_LEGACY_COMPAT_LEN_32(17, 9, 9, bl); + DECODE_START_LEGACY_COMPAT_LEN_32(18, 9, 9, bl); if (struct_v >= 2) ::decode(auid, bl); else auid = CEPH_AUTH_UID_DEFAULT; string access_key; @@ -666,6 +675,9 @@ struct RGWUserInfo } else { user_id.tenant.clear(); } + if (struct_v >= 18) { + ::decode(admin, bl); + } DECODE_FINISH(bl); } void dump(Formatter *f) const; diff --git a/src/rgw/rgw_user.cc b/src/rgw/rgw_user.cc index 1f93aa3d789b8..403384db288eb 100644 --- a/src/rgw/rgw_user.cc +++ b/src/rgw/rgw_user.cc @@ -1936,6 +1936,7 @@ int RGWUser::execute_add(RGWUserAdminOpState& op_state, std::string *err_msg) } user_info.suspended = op_state.get_suspension_status(); + user_info.admin = op_state.admin; user_info.system = op_state.system; if (op_state.op_mask_specified) @@ -2145,6 +2146,9 @@ int RGWUser::execute_modify(RGWUserAdminOpState& op_state, std::string *err_msg) if (op_state.max_buckets_specified) user_info.max_buckets = op_state.get_max_buckets(); + if (op_state.admin_specified) + user_info.admin = op_state.admin; + if (op_state.system_specified) user_info.system = op_state.system; diff --git a/src/rgw/rgw_user.h b/src/rgw/rgw_user.h index f3d0bce761a9d..1281a4c818f21 100644 --- a/src/rgw/rgw_user.h +++ b/src/rgw/rgw_user.h @@ -162,6 +162,7 @@ struct RGWUserAdminOpState { std::string display_name; uint32_t max_buckets; __u8 suspended; + __u8 admin; __u8 system; __u8 exclusive; __u8 fetch_stats; @@ -201,6 +202,7 @@ struct RGWUserAdminOpState { bool op_mask_specified; bool caps_specified; bool suspension_op; + bool admin_specified; bool system_specified; bool key_op; bool temp_url_key_specified; @@ -320,6 +322,11 @@ struct RGWUserAdminOpState { suspension_op = true; } + void set_admin(__u8 is_admin) { + admin = is_admin; + admin_specified = true; + } + void set_system(__u8 is_system) { system = is_system; system_specified = true; @@ -477,6 +484,7 @@ struct RGWUserAdminOpState { key_type = -1; perm_mask = RGW_PERM_NONE; suspended = 0; + admin = 0; system = 0; exclusive = 0; fetch_stats = 0; diff --git a/src/test/cli/radosgw-admin/help.t b/src/test/cli/radosgw-admin/help.t index a2d38585c8d69..b4e5e306bf1af 100644 --- a/src/test/cli/radosgw-admin/help.t +++ b/src/test/cli/radosgw-admin/help.t @@ -121,6 +121,7 @@ of read, write, readwrite, full --display-name= --max_buckets max number of buckets for a user + --admin set the admin flag on the user --system set the system flag on the user --bucket= --pool= -- 2.39.5