From ccc1fdddadee433928bcced33f0cf52973572ab7 Mon Sep 17 00:00:00 2001 From: Ning Yao Date: Mon, 23 Jul 2018 22:19:09 +0800 Subject: [PATCH] rgw:modify op_mask of user via the radosgw admin api Fixes: http://tracker.ceph.com/issues/39084 Signed-off-by: Ning Yao --- doc/radosgw/adminops.rst | 7 +++++++ src/rgw/rgw_admin.cc | 1 + src/rgw/rgw_rest_user.cc | 12 ++++++++++++ src/test/cli/radosgw-admin/help.t | 1 + 4 files changed, 21 insertions(+) diff --git a/doc/radosgw/adminops.rst b/doc/radosgw/adminops.rst index 062abb0946ad9..bf04ed3f72d1f 100644 --- a/doc/radosgw/adminops.rst +++ b/doc/radosgw/adminops.rst @@ -622,6 +622,13 @@ Request Parameters :Example: False [False] :Required: No +``op-mask`` + +:Description: The op-mask of the user to be modified. +:Type: String +:Example: ``read, write, delete, *`` +:Required: No + Response Entities ~~~~~~~~~~~~~~~~~ diff --git a/src/rgw/rgw_admin.cc b/src/rgw/rgw_admin.cc index 047a506248ce2..d8b04829b8e9d 100644 --- a/src/rgw/rgw_admin.cc +++ b/src/rgw/rgw_admin.cc @@ -318,6 +318,7 @@ void usage() cout << " --infile= specify a file to read in when setting data\n"; cout << " --categories= comma separated list of categories, used in usage show\n"; cout << " --caps= list of caps (e.g., \"usage=read, write; user=read\")\n"; + cout << " --op-mask= permission of user's operations (e.g., \"read, write, delete, *\")\n"; cout << " --yes-i-really-mean-it required for certain operations\n"; cout << " --warnings-only when specified with bucket limit check, list\n"; cout << " only buckets nearing or over the current max\n"; diff --git a/src/rgw/rgw_rest_user.cc b/src/rgw/rgw_rest_user.cc index b6737f25504be..6baf8e2d07f70 100644 --- a/src/rgw/rgw_rest_user.cc +++ b/src/rgw/rgw_rest_user.cc @@ -179,6 +179,7 @@ void RGWOp_User_Modify::execute() std::string secret_key; std::string key_type_str; std::string caps; + std::string op_mask_str; bool gen_key; bool suspended; @@ -203,6 +204,7 @@ void RGWOp_User_Modify::execute() RESTArgs::get_string(s, "key-type", key_type_str, &key_type_str); RESTArgs::get_bool(s, "system", false, &system); + RESTArgs::get_string(s, "op-mask", op_mask_str, &op_mask_str); if (!s->user->system && system) { ldout(s->cct, 0) << "cannot set system flag by non-system user" << dendl; @@ -236,6 +238,16 @@ void RGWOp_User_Modify::execute() op_state.set_key_type(key_type); } + if (!op_mask_str.empty()) { + uint32_t op_mask; + if (rgw_parse_op_type_list(op_mask_str, &op_mask) < 0) { + ldout(s->cct, 0) << "failed to parse op_mask" << dendl; + http_ret = -EINVAL; + return; + } + op_state.set_op_mask(op_mask); + } + if (s->info.args.exists("suspended")) op_state.set_suspension(suspended); diff --git a/src/test/cli/radosgw-admin/help.t b/src/test/cli/radosgw-admin/help.t index 0a4b3460dce98..3f3d31333c926 100644 --- a/src/test/cli/radosgw-admin/help.t +++ b/src/test/cli/radosgw-admin/help.t @@ -247,6 +247,7 @@ --infile= specify a file to read in when setting data --categories= comma separated list of categories, used in usage show --caps= list of caps (e.g., "usage=read, write; user=read") + --op-mask= permission of user's operations (e.g., "read, write, delete, *") --yes-i-really-mean-it required for certain operations --warnings-only when specified with bucket limit check, list only buckets nearing or over the current max -- 2.39.5