From 7e5980b4a32b8b38a8f71093356fc0bd77f2126d Mon Sep 17 00:00:00 2001 From: guce Date: Wed, 23 Sep 2015 09:52:06 +0800 Subject: [PATCH] rgw: improve convenience for key operate. 1.key-type assignments based on context if it wasn't specified In user operate context, key-type assignment to KEY_TYPE_S3 In subuser operate context, key-type assignment to KEY_TYPE_SWIFT In key operate context, key-type assignment based on user type 2.fix RGWSubUserPool::add() When create subuser generate secret by default 3.fix RGWAccessKeyPool::generate_key() Avoid wrong key's username when create user and subuser at the same time Check empty secret Signed-off-by: Ce Gu --- src/rgw/rgw_user.cc | 42 +++++++++++++++++++++++++++++++++++------- src/rgw/rgw_user.h | 2 ++ 2 files changed, 37 insertions(+), 7 deletions(-) diff --git a/src/rgw/rgw_user.cc b/src/rgw/rgw_user.cc index 5a5328d8c1b4d..c3ac14855b041 100644 --- a/src/rgw/rgw_user.cc +++ b/src/rgw/rgw_user.cc @@ -813,9 +813,14 @@ int RGWAccessKeyPool::check_op(RGWUserAdminOpState& op_state, int32_t key_type = op_state.get_key_type(); - // if a key type wasn't specified set it to s3 - if (key_type < 0) - key_type = KEY_TYPE_S3; + // if a key type wasn't specified + if (key_type < 0) { + if (op_state.has_subuser()) { + key_type = KEY_TYPE_SWIFT; + } else { + key_type = KEY_TYPE_S3; + } + } op_state.set_key_type(key_type); @@ -878,12 +883,23 @@ int RGWAccessKeyPool::generate_key(RGWUserAdminOpState& op_state, std::string *e } } - if (op_state.has_subuser()) - new_key.subuser = op_state.get_subuser(); + //key's subuser + if (op_state.has_subuser()) { + //create user and subuser at the same time, user's s3 key should not be set this + if (!op_state.key_type_setbycontext || (key_type == KEY_TYPE_SWIFT)) { + new_key.subuser = op_state.get_subuser(); + } + } + //Secret key if (!gen_secret) { + if (op_state.get_secret_key().empty()) { + set_err_msg(err_msg, "empty secret key"); + return -EINVAL; + } + key = op_state.get_secret_key(); - } else if (gen_secret) { + } else { char secret_key_buf[SECRET_KEY_LEN + 1]; ret = gen_rand_alphanumeric_plain(g_ceph_context, secret_key_buf, sizeof(secret_key_buf)); @@ -1238,6 +1254,12 @@ int RGWSubUserPool::check_op(RGWUserAdminOpState& op_state, return -EINVAL; } + //set key type when it not set or set by context + if ((op_state.get_key_type() < 0) || op_state.key_type_setbycontext) { + op_state.set_key_type(KEY_TYPE_SWIFT); + op_state.key_type_setbycontext = true; + } + // check if the subuser exists if (!subuser.empty()) existing = exists(subuser); @@ -1305,7 +1327,7 @@ int RGWSubUserPool::add(RGWUserAdminOpState& op_state, std::string *err_msg, boo } if (op_state.get_secret_key().empty()) { - op_state.set_gen_access(); + op_state.set_gen_secret(); } ret = execute_add(op_state, &subprocess_msg, defer_user_update); @@ -1756,6 +1778,12 @@ int RGWUser::check_op(RGWUserAdminOpState& op_state, std::string *err_msg) return -EINVAL; } + //set key type when it not set or set by context + if ((op_state.get_key_type() < 0) || op_state.key_type_setbycontext) { + op_state.set_key_type(KEY_TYPE_S3); + op_state.key_type_setbycontext = true; + } + return 0; } diff --git a/src/rgw/rgw_user.h b/src/rgw/rgw_user.h index 93666bd0db03b..0f26cff51f286 100644 --- a/src/rgw/rgw_user.h +++ b/src/rgw/rgw_user.h @@ -190,6 +190,7 @@ struct RGWUserAdminOpState { bool id_specified; bool key_specified; bool type_specified; + bool key_type_setbycontext; // key type set by user or subuser context bool purge_data; bool purge_keys; bool display_name_specified; @@ -460,6 +461,7 @@ struct RGWUserAdminOpState { id_specified = false; key_specified = false; type_specified = false; + key_type_setbycontext = false; purge_data = false; display_name_specified = false; user_email_specified = false; -- 2.39.5