From 857f7bd8e6be11d1d3453e0dc32dae0e3945f8f5 Mon Sep 17 00:00:00 2001 From: Seena Fallah Date: Sun, 23 Feb 2025 00:50:16 +0100 Subject: [PATCH] rgw: move RGWUserPermHandler to header So it can be used by others. Signed-off-by: Seena Fallah --- src/rgw/driver/rados/rgw_data_sync.cc | 160 ++++++-------------------- src/rgw/driver/rados/rgw_data_sync.h | 96 ++++++++++++++++ 2 files changed, 131 insertions(+), 125 deletions(-) diff --git a/src/rgw/driver/rados/rgw_data_sync.cc b/src/rgw/driver/rados/rgw_data_sync.cc index 6ce1968f1e5..5bad9932fd7 100644 --- a/src/rgw/driver/rados/rgw_data_sync.cc +++ b/src/rgw/driver/rados/rgw_data_sync.cc @@ -2646,135 +2646,27 @@ int RGWDefaultSyncModule::create_instance(const DoutPrefixProvider *dpp, CephCon return 0; } -class RGWUserPermHandler { - friend struct Init; - friend class Bucket; - - const DoutPrefixProvider *dpp; - rgw::sal::Driver *driver; - CephContext *cct; - rgw_user uid; - - struct _info { - rgw::IAM::Environment env; - std::unique_ptr identity; - RGWAccessControlPolicy user_acl; - std::vector user_policies; - }; - - std::shared_ptr<_info> info; - - struct Init; - - std::shared_ptr init_action; - - struct Init : public RGWGenericAsyncCR::Action { - const DoutPrefixProvider *dpp; - rgw::sal::Driver *driver; - CephContext *cct; - - rgw_user uid; - std::shared_ptr info; - - int ret{0}; - - Init(RGWUserPermHandler *handler) : dpp(handler->dpp), - driver(handler->driver), - cct(handler->cct), - uid(handler->uid), - info(handler->info) {} - int operate() override { - auto user = driver->get_user(uid); - ret = user->load_user(dpp, null_yield); - if (ret < 0) { - return ret; - } - - auto result = rgw::auth::transform_old_authinfo( - dpp, null_yield, driver, user.get(), &info->user_policies); - if (!result) { - return result.error(); - } - info->identity = std::move(result).value(); - - ret = RGWUserPermHandler::policy_from_attrs(cct, user->get_attrs(), &info->user_acl); - if (ret < 0 && ret != -ENOENT) { - return ret; - } - - return 0; - } - }; - -public: - RGWUserPermHandler(const DoutPrefixProvider *_dpp, - rgw::sal::Driver *_driver, - CephContext *_cct, - const rgw_user& _uid) : dpp(_dpp), - driver(_driver), - cct(_cct), - uid(_uid) { - info = make_shared<_info>(); - init_action = make_shared(this); - } - - RGWUserPermHandler(RGWDataSyncEnv *_sync_env, - const rgw_user& _uid) : RGWUserPermHandler(_sync_env->dpp, - _sync_env->driver, - _sync_env->cct, - _uid) {} - - RGWCoroutine *init_cr() { - return new RGWGenericAsyncCR(sync_env->cct, - sync_env->async_rados, - init_action); - } - - int init() { - return init_action->operate(); - } - - class Bucket { - const DoutPrefixProvider *dpp; - CephContext *cct; - std::shared_ptr<_info> info; - RGWAccessControlPolicy bucket_acl; - std::optional ps; - boost::optional bucket_policy; - public: - Bucket() {} - - int init(RGWUserPermHandler *handler, - const RGWBucketInfo& bucket_info, - const map& bucket_attrs); - - bool verify_bucket_permission(const rgw_obj_key& obj_key, const uint64_t op); - }; - - static int policy_from_attrs(CephContext *cct, - const map& attrs, - RGWAccessControlPolicy *acl) { - auto aiter = attrs.find(RGW_ATTR_ACL); - if (aiter == attrs.end()) { - return -ENOENT; - } - auto iter = aiter->second.begin(); - try { - acl->decode(iter); - } catch (buffer::error& err) { - ldout(cct, 0) << "ERROR: " << __func__ << "(): could not decode policy, caught buffer::error" << dendl; - return -EIO; - } +int RGWUserPermHandler::Init::operate() { + auto user = driver->get_user(uid); + ret = user->load_user(dpp, null_yield); + if (ret < 0) { + return ret; + } - return 0; + auto result = rgw::auth::transform_old_authinfo( + dpp, null_yield, driver, user.get(), &info->user_policies); + if (!result) { + return result.error(); } + info->identity = std::move(result).value(); - int init_bucket(const RGWBucketInfo& bucket_info, - const map& bucket_attrs, - Bucket *bs) { - return bs->init(this, bucket_info, bucket_attrs); + ret = RGWUserPermHandler::policy_from_attrs(cct, user->get_attrs(), &info->user_acl); + if (ret < 0 && ret != -ENOENT) { + return ret; } -}; + + return 0; +} int RGWUserPermHandler::Bucket::init(RGWUserPermHandler *handler, const RGWBucketInfo& bucket_info, @@ -2840,6 +2732,24 @@ bool RGWUserPermHandler::Bucket::verify_bucket_permission(const rgw_obj_key& obj {}, op); } +int RGWUserPermHandler::policy_from_attrs(CephContext *cct, + const map& attrs, + RGWAccessControlPolicy *acl) { + auto aiter = attrs.find(RGW_ATTR_ACL); + if (aiter == attrs.end()) { + return -ENOENT; + } + auto iter = aiter->second.begin(); + try { + acl->decode(iter); + } catch (buffer::error& err) { + ldout(cct, 0) << "ERROR: " << __func__ << "(): could not decode policy, caught buffer::error" << dendl; + return -EIO; + } + + return 0; +} + class RGWFetchObjFilter_Sync : public RGWFetchObjFilter_Default { rgw_bucket_sync_pipe sync_pipe; diff --git a/src/rgw/driver/rados/rgw_data_sync.h b/src/rgw/driver/rados/rgw_data_sync.h index e2ee56a0ef8..4f863c869d8 100644 --- a/src/rgw/driver/rados/rgw_data_sync.h +++ b/src/rgw/driver/rados/rgw_data_sync.h @@ -828,3 +828,99 @@ public: bool supports_data_export() override { return false; } int create_instance(const DoutPrefixProvider *dpp, CephContext *cct, const JSONFormattable& config, RGWSyncModuleInstanceRef *instance) override; }; + +class RGWUserPermHandler { + friend struct Init; + friend class Bucket; + + const DoutPrefixProvider *dpp; + rgw::sal::Driver *driver; + CephContext *cct; + rgw_user uid; + + struct _info { + rgw::IAM::Environment env; + std::unique_ptr identity; + RGWAccessControlPolicy user_acl; + std::vector user_policies; + }; + + std::shared_ptr<_info> info; + + struct Init; + + std::shared_ptr init_action; + + struct Init : public RGWGenericAsyncCR::Action { + const DoutPrefixProvider *dpp; + rgw::sal::Driver *driver; + CephContext *cct; + + rgw_user uid; + std::shared_ptr info; + + int ret{0}; + + Init(RGWUserPermHandler *handler) : dpp(handler->dpp), + driver(handler->driver), + cct(handler->cct), + uid(handler->uid), + info(handler->info) {} + int operate() override; + }; + +public: + RGWUserPermHandler(const DoutPrefixProvider *_dpp, + rgw::sal::Driver *_driver, + CephContext *_cct, + const rgw_user& _uid) : dpp(_dpp), + driver(_driver), + cct(_cct), + uid(_uid) { + info = std::make_shared<_info>(); + init_action = std::make_shared(this); + } + + RGWUserPermHandler(RGWDataSyncEnv *_sync_env, + const rgw_user& _uid) : RGWUserPermHandler(_sync_env->dpp, + _sync_env->driver, + _sync_env->cct, + _uid) {} + + RGWCoroutine *init_cr(RGWDataSyncEnv *sync_env) { + return new RGWGenericAsyncCR(sync_env->cct, + sync_env->async_rados, + init_action); + } + + int init() { + return init_action->operate(); + } + + class Bucket { + const DoutPrefixProvider *dpp; + CephContext *cct; + std::shared_ptr<_info> info; + RGWAccessControlPolicy bucket_acl; + std::optional ps; + boost::optional bucket_policy; + public: + Bucket() {} + + int init(RGWUserPermHandler *handler, + const RGWBucketInfo& bucket_info, + const std::map& bucket_attrs); + + bool verify_bucket_permission(const rgw_obj_key& obj_key, const uint64_t op); + }; + + static int policy_from_attrs(CephContext *cct, + const std::map& attrs, + RGWAccessControlPolicy *acl); + + int init_bucket(const RGWBucketInfo& bucket_info, + const std::map& bucket_attrs, + Bucket *bs) { + return bs->init(this, bucket_info, bucket_attrs); + } +}; -- 2.39.5