From d3ad0efaee6a19c84b2af9b3dfa1b6c902674774 Mon Sep 17 00:00:00 2001 From: Casey Bodley Date: Sat, 18 Mar 2023 17:42:56 -0400 Subject: [PATCH] rgw: add free function forward_iam_request_to_master() Signed-off-by: Casey Bodley --- src/rgw/rgw_rest_role.cc | 173 ++++++++++++++++++++------------------- 1 file changed, 88 insertions(+), 85 deletions(-) diff --git a/src/rgw/rgw_rest_role.cc b/src/rgw/rgw_rest_role.cc index 14e164553665a..2b8d3920aceab 100644 --- a/src/rgw/rgw_rest_role.cc +++ b/src/rgw/rgw_rest_role.cc @@ -13,15 +13,68 @@ #include "rgw_common.h" #include "rgw_op.h" +#include "rgw_process_env.h" #include "rgw_rest.h" -#include "rgw_role.h" +#include "rgw_rest_conn.h" #include "rgw_rest_role.h" +#include "rgw_role.h" #include "rgw_sal.h" #define dout_subsys ceph_subsys_rgw using namespace std; +int forward_iam_request_to_master(const DoutPrefixProvider* dpp, + const rgw::SiteConfig& site, + const RGWUserInfo& user, + bufferlist& indata, + RGWXMLDecoder::XMLParser& parser, + req_info& req, optional_yield y) +{ + const auto& period = site.get_period(); + if (!period) { + return 0; // not multisite + } + if (site.is_meta_master()) { + return 0; // don't need to forward metadata requests + } + const auto& pmap = period->period_map; + auto zg = pmap.zonegroups.find(pmap.master_zonegroup); + if (zg == pmap.zonegroups.end()) { + return -EINVAL; + } + auto z = zg->second.zones.find(zg->second.master_zone); + if (z == zg->second.zones.end()) { + return -EINVAL; + } + + RGWAccessKey creds; + if (auto i = user.access_keys.begin(); i != user.access_keys.end()) { + creds.id = i->first; + creds.key = i->second.key; + } + + // use the master zone's endpoints + auto conn = RGWRESTConn{dpp->get_cct(), z->second.id, z->second.endpoints, + std::move(creds), zg->second.id, zg->second.api_name}; + bufferlist outdata; + constexpr size_t max_response_size = 128 * 1024; // we expect a very small response + int ret = conn.forward_iam_request(dpp, creds, req, nullptr, max_response_size, + &indata, &outdata, y); + if (ret < 0) { + return ret; + } + + std::string r = outdata.to_str(); + boost::replace_all(r, """, "\""); + + if (!parser.parse(r.c_str(), r.length(), 1)) { + ldpp_dout(dpp, 0) << "ERROR: failed to parse response from master zonegroup" << dendl; + return -EIO; + } + return 0; +} + int RGWRestRole::verify_permission(optional_yield y) { if (s->auth.identity->is_anonymous()) { @@ -209,7 +262,8 @@ void RGWCreateRole::execute(optional_yield y) std::string role_id; - if (!driver->is_meta_master()) { + const rgw::SiteConfig& site = *s->penv.site; + if (!site.is_meta_master()) { RGWXMLDecoder::XMLParser parser; if (!parser.init()) { ldpp_dout(this, 0) << "ERROR: failed to initialize xml parser" << dendl; @@ -231,15 +285,8 @@ void RGWCreateRole::execute(optional_yield y) } } - RGWUserInfo info = s->user->get_info(); - const auto& it = info.access_keys.begin(); - RGWAccessKey key; - if (it != info.access_keys.end()) { - key.id = it->first; - RGWAccessKey cred = it->second; - key.key = cred.key; - } - op_ret = driver->forward_iam_request_to_master(s, key, nullptr, bl_post_body, &parser, s->info, y); + op_ret = forward_iam_request_to_master(this, site, s->user->get_info(), + bl_post_body, parser, s->info, y); if (op_ret < 0) { ldpp_dout(this, 20) << "ERROR: forward_iam_request_to_master failed with error code: " << op_ret << dendl; return; @@ -316,13 +363,13 @@ int RGWDeleteRole::get_params() void RGWDeleteRole::execute(optional_yield y) { bool is_master = true; - int master_op_ret = 0; op_ret = get_params(); if (op_ret < 0) { return; } - if (!driver->is_meta_master()) { + const rgw::SiteConfig& site = *s->penv.site; + if (!site.is_meta_master()) { is_master = false; RGWXMLDecoder::XMLParser parser; if (!parser.init()) { @@ -335,17 +382,9 @@ void RGWDeleteRole::execute(optional_yield y) s->info.args.remove("Action"); s->info.args.remove("Version"); - RGWUserInfo info = s->user->get_info(); - const auto& it = info.access_keys.begin(); - RGWAccessKey key; - if (it != info.access_keys.end()) { - key.id = it->first; - RGWAccessKey cred = it->second; - key.key = cred.key; - } - master_op_ret = driver->forward_iam_request_to_master(s, key, nullptr, bl_post_body, &parser, s->info, y); - if (master_op_ret < 0) { - op_ret = master_op_ret; + op_ret = forward_iam_request_to_master(this, site, s->user->get_info(), + bl_post_body, parser, s->info, y); + if (op_ret < 0) { ldpp_dout(this, 0) << "forward_iam_request_to_master returned ret=" << op_ret << dendl; return; } @@ -355,7 +394,7 @@ void RGWDeleteRole::execute(optional_yield y) if (op_ret == -ENOENT) { //Role has been deleted since metadata from master has synced up - if (!is_master && master_op_ret == 0) { + if (!is_master) { op_ret = 0; } else { op_ret = -ERR_NO_ROLE_FOUND; @@ -466,7 +505,8 @@ void RGWModifyRoleTrustPolicy::execute(optional_yield y) return; } - if (!driver->is_meta_master()) { + const rgw::SiteConfig& site = *s->penv.site; + if (!site.is_meta_master()) { RGWXMLDecoder::XMLParser parser; if (!parser.init()) { ldpp_dout(this, 0) << "ERROR: failed to initialize xml parser" << dendl; @@ -480,15 +520,8 @@ void RGWModifyRoleTrustPolicy::execute(optional_yield y) s->info.args.remove("Action"); s->info.args.remove("Version"); - RGWUserInfo info = s->user->get_info(); - const auto& it = info.access_keys.begin(); - RGWAccessKey key; - if (it != info.access_keys.end()) { - key.id = it->first; - RGWAccessKey cred = it->second; - key.key = cred.key; - } - op_ret = driver->forward_iam_request_to_master(s, key, nullptr, bl_post_body, &parser, s->info, y); + op_ret = forward_iam_request_to_master(this, site, s->user->get_info(), + bl_post_body, parser, s->info, y); if (op_ret < 0) { ldpp_dout(this, 20) << "ERROR: forward_iam_request_to_master failed with error code: " << op_ret << dendl; return; @@ -590,7 +623,8 @@ void RGWPutRolePolicy::execute(optional_yield y) return; } - if (!driver->is_meta_master()) { + const rgw::SiteConfig& site = *s->penv.site; + if (!site.is_meta_master()) { RGWXMLDecoder::XMLParser parser; if (!parser.init()) { ldpp_dout(this, 0) << "ERROR: failed to initialize xml parser" << dendl; @@ -605,15 +639,8 @@ void RGWPutRolePolicy::execute(optional_yield y) s->info.args.remove("Action"); s->info.args.remove("Version"); - RGWUserInfo info = s->user->get_info(); - const auto& it = info.access_keys.begin(); - RGWAccessKey key; - if (it != info.access_keys.end()) { - key.id = it->first; - RGWAccessKey cred = it->second; - key.key = cred.key; - } - op_ret = driver->forward_iam_request_to_master(s, key, nullptr, bl_post_body, &parser, s->info, y); + op_ret = forward_iam_request_to_master(this, site, s->user->get_info(), + bl_post_body, parser, s->info, y); if (op_ret < 0) { ldpp_dout(this, 20) << "ERROR: forward_iam_request_to_master failed with error code: " << op_ret << dendl; return; @@ -723,7 +750,8 @@ void RGWDeleteRolePolicy::execute(optional_yield y) return; } - if (!driver->is_meta_master()) { + const rgw::SiteConfig& site = *s->penv.site; + if (!site.is_meta_master()) { RGWXMLDecoder::XMLParser parser; if (!parser.init()) { ldpp_dout(this, 0) << "ERROR: failed to initialize xml parser" << dendl; @@ -737,15 +765,8 @@ void RGWDeleteRolePolicy::execute(optional_yield y) s->info.args.remove("Action"); s->info.args.remove("Version"); - RGWUserInfo info = s->user->get_info(); - const auto& it = info.access_keys.begin(); - RGWAccessKey key; - if (it != info.access_keys.end()) { - key.id = it->first; - RGWAccessKey cred = it->second; - key.key = cred.key; - } - op_ret = driver->forward_iam_request_to_master(s, key, nullptr, bl_post_body, &parser, s->info, y); + op_ret = forward_iam_request_to_master(this, site, s->user->get_info(), + bl_post_body, parser, s->info, y); if (op_ret < 0) { ldpp_dout(this, 20) << "ERROR: forward_iam_request_to_master failed with error code: " << op_ret << dendl; return; @@ -792,7 +813,8 @@ void RGWTagRole::execute(optional_yield y) return; } - if (!driver->is_meta_master()) { + const rgw::SiteConfig& site = *s->penv.site; + if (!site.is_meta_master()) { RGWXMLDecoder::XMLParser parser; if (!parser.init()) { ldpp_dout(this, 0) << "ERROR: failed to initialize xml parser" << dendl; @@ -811,15 +833,8 @@ void RGWTagRole::execute(optional_yield y) } } - RGWUserInfo info = s->user->get_info(); - const auto& it = info.access_keys.begin(); - RGWAccessKey key; - if (it != info.access_keys.end()) { - key.id = it->first; - RGWAccessKey cred = it->second; - key.key = cred.key; - } - op_ret = driver->forward_iam_request_to_master(s, key, nullptr, bl_post_body, &parser, s->info, y); + op_ret = forward_iam_request_to_master(this, site, s->user->get_info(), + bl_post_body, parser, s->info, y); if (op_ret < 0) { ldpp_dout(this, 20) << "ERROR: forward_iam_request_to_master failed with error code: " << op_ret << dendl; return; @@ -906,7 +921,8 @@ void RGWUntagRole::execute(optional_yield y) return; } - if (!driver->is_meta_master()) { + const rgw::SiteConfig& site = *s->penv.site; + if (!site.is_meta_master()) { RGWXMLDecoder::XMLParser parser; if (!parser.init()) { ldpp_dout(this, 0) << "ERROR: failed to initialize xml parser" << dendl; @@ -929,15 +945,8 @@ void RGWUntagRole::execute(optional_yield y) for (auto& it : iters) { val_map.erase(it); } - RGWUserInfo info = s->user->get_info(); - const auto& it = info.access_keys.begin(); - RGWAccessKey key; - if (it != info.access_keys.end()) { - key.id = it->first; - RGWAccessKey cred = it->second; - key.key = cred.key; - } - op_ret = driver->forward_iam_request_to_master(s, key, nullptr, bl_post_body, &parser, s->info, y); + op_ret = forward_iam_request_to_master(this, site, s->user->get_info(), + bl_post_body, parser, s->info, y); if (op_ret < 0) { ldpp_dout(this, 20) << "ERROR: forward_iam_request_to_master failed with error code: " << op_ret << dendl; return; @@ -976,7 +985,8 @@ void RGWUpdateRole::execute(optional_yield y) return; } - if (!driver->is_meta_master()) { + const rgw::SiteConfig& site = *s->penv.site; + if (!site.is_meta_master()) { RGWXMLDecoder::XMLParser parser; if (!parser.init()) { ldpp_dout(this, 0) << "ERROR: failed to initialize xml parser" << dendl; @@ -990,15 +1000,8 @@ void RGWUpdateRole::execute(optional_yield y) s->info.args.remove("Action"); s->info.args.remove("Version"); - RGWUserInfo info = s->user->get_info(); - const auto& it = info.access_keys.begin(); - RGWAccessKey key; - if (it != info.access_keys.end()) { - key.id = it->first; - RGWAccessKey cred = it->second; - key.key = cred.key; - } - op_ret = driver->forward_iam_request_to_master(s, key, nullptr, bl_post_body, &parser, s->info, y); + op_ret = forward_iam_request_to_master(this, site, s->user->get_info(), + bl_post_body, parser, s->info, y); if (op_ret < 0) { ldpp_dout(this, 20) << "ERROR: forward_iam_request_to_master failed with error code: " << op_ret << dendl; return; -- 2.39.5