]>
Commit | Line | Data |
---|---|---|
92f5a8d4 | 1 | // -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*- |
9f95a23c | 2 | // vim: ts=8 sw=2 smarttab ft=cpp |
92f5a8d4 TL |
3 | |
4 | #include <boost/tokenizer.hpp> | |
5 | ||
6 | #include "rgw_rest.h" | |
7 | #include "rgw_rest_iam.h" | |
8 | ||
9 | #include "rgw_request.h" | |
10 | #include "rgw_process.h" | |
11 | ||
12 | #include "rgw_rest_role.h" | |
13 | #include "rgw_rest_user_policy.h" | |
f91f0fd5 | 14 | #include "rgw_rest_oidc_provider.h" |
92f5a8d4 TL |
15 | |
16 | #define dout_context g_ceph_context | |
17 | #define dout_subsys ceph_subsys_rgw | |
18 | ||
20effc67 TL |
19 | using namespace std; |
20 | ||
92f5a8d4 TL |
21 | void RGWHandler_REST_IAM::rgw_iam_parse_input() |
22 | { | |
23 | if (post_body.size() > 0) { | |
b3b6e05e | 24 | ldpp_dout(s, 10) << "Content of POST: " << post_body << dendl; |
92f5a8d4 TL |
25 | |
26 | if (post_body.find("Action") != string::npos) { | |
27 | boost::char_separator<char> sep("&"); | |
28 | boost::tokenizer<boost::char_separator<char>> tokens(post_body, sep); | |
29 | for (const auto& t : tokens) { | |
30 | auto pos = t.find("="); | |
31 | if (pos != string::npos) { | |
9f95a23c TL |
32 | s->info.args.append(t.substr(0,pos), |
33 | url_decode(t.substr(pos+1, t.size() -1))); | |
92f5a8d4 TL |
34 | } |
35 | } | |
36 | } | |
37 | } | |
38 | auto payload_hash = rgw::auth::s3::calc_v4_payload_hash(post_body); | |
39 | s->info.args.append("PayloadHash", payload_hash); | |
40 | } | |
41 | ||
42 | RGWOp *RGWHandler_REST_IAM::op_post() | |
43 | { | |
44 | rgw_iam_parse_input(); | |
45 | ||
46 | if (s->info.args.exists("Action")) { | |
47 | string action = s->info.args.get("Action"); | |
48 | if (action.compare("CreateRole") == 0) | |
49 | return new RGWCreateRole; | |
50 | if (action.compare("DeleteRole") == 0) | |
51 | return new RGWDeleteRole; | |
52 | if (action.compare("GetRole") == 0) | |
53 | return new RGWGetRole; | |
54 | if (action.compare("UpdateAssumeRolePolicy") == 0) | |
55 | return new RGWModifyRole; | |
56 | if (action.compare("ListRoles") == 0) | |
57 | return new RGWListRoles; | |
58 | if (action.compare("PutRolePolicy") == 0) | |
59 | return new RGWPutRolePolicy; | |
60 | if (action.compare("GetRolePolicy") == 0) | |
61 | return new RGWGetRolePolicy; | |
62 | if (action.compare("ListRolePolicies") == 0) | |
63 | return new RGWListRolePolicies; | |
64 | if (action.compare("DeleteRolePolicy") == 0) | |
65 | return new RGWDeleteRolePolicy; | |
66 | if (action.compare("PutUserPolicy") == 0) | |
67 | return new RGWPutUserPolicy; | |
68 | if (action.compare("GetUserPolicy") == 0) | |
69 | return new RGWGetUserPolicy; | |
70 | if (action.compare("ListUserPolicies") == 0) | |
71 | return new RGWListUserPolicies; | |
72 | if (action.compare("DeleteUserPolicy") == 0) | |
73 | return new RGWDeleteUserPolicy; | |
f91f0fd5 TL |
74 | if (action.compare("CreateOpenIDConnectProvider") == 0) |
75 | return new RGWCreateOIDCProvider; | |
76 | if (action.compare("ListOpenIDConnectProviders") == 0) | |
77 | return new RGWListOIDCProviders; | |
78 | if (action.compare("GetOpenIDConnectProvider") == 0) | |
79 | return new RGWGetOIDCProvider; | |
80 | if (action.compare("DeleteOpenIDConnectProvider") == 0) | |
81 | return new RGWDeleteOIDCProvider; | |
20effc67 TL |
82 | if (action.compare("TagRole") == 0) |
83 | return new RGWTagRole; | |
84 | if (action.compare("ListRoleTags") == 0) | |
85 | return new RGWListRoleTags; | |
86 | if (action.compare("UntagRole") == 0) | |
87 | return new RGWUntagRole; | |
92f5a8d4 TL |
88 | } |
89 | ||
90 | return nullptr; | |
91 | } | |
92 | ||
20effc67 | 93 | int RGWHandler_REST_IAM::init(rgw::sal::Store* store, |
92f5a8d4 TL |
94 | struct req_state *s, |
95 | rgw::io::BasicClient *cio) | |
96 | { | |
97 | s->dialect = "iam"; | |
98 | ||
99 | if (int ret = RGWHandler_REST_IAM::init_from_header(s, RGW_FORMAT_XML, true); ret < 0) { | |
b3b6e05e | 100 | ldpp_dout(s, 10) << "init_from_header returned err=" << ret << dendl; |
92f5a8d4 TL |
101 | return ret; |
102 | } | |
103 | ||
104 | return RGWHandler_REST::init(store, s, cio); | |
105 | } | |
106 | ||
f67539c2 | 107 | int RGWHandler_REST_IAM::authorize(const DoutPrefixProvider* dpp, optional_yield y) |
92f5a8d4 | 108 | { |
f67539c2 | 109 | return RGW_Auth_S3::authorize(dpp, store, auth_registry, s, y); |
92f5a8d4 TL |
110 | } |
111 | ||
112 | int RGWHandler_REST_IAM::init_from_header(struct req_state* s, | |
113 | int default_formatter, | |
114 | bool configurable_format) | |
115 | { | |
116 | string req; | |
117 | string first; | |
118 | ||
119 | s->prot_flags = RGW_REST_IAM; | |
120 | ||
121 | const char *p, *req_name; | |
122 | if (req_name = s->relative_uri.c_str(); *req_name == '?') { | |
123 | p = req_name; | |
124 | } else { | |
125 | p = s->info.request_params.c_str(); | |
126 | } | |
127 | ||
128 | s->info.args.set(p); | |
b3b6e05e | 129 | s->info.args.parse(s); |
92f5a8d4 TL |
130 | |
131 | /* must be called after the args parsing */ | |
132 | if (int ret = allocate_formatter(s, default_formatter, configurable_format); ret < 0) | |
133 | return ret; | |
134 | ||
135 | if (*req_name != '/') | |
136 | return 0; | |
137 | ||
138 | req_name++; | |
139 | ||
140 | if (!*req_name) | |
141 | return 0; | |
142 | ||
143 | req = req_name; | |
144 | int pos = req.find('/'); | |
145 | if (pos >= 0) { | |
146 | first = req.substr(0, pos); | |
147 | } else { | |
148 | first = req; | |
149 | } | |
150 | ||
151 | return 0; | |
152 | } | |
153 | ||
154 | RGWHandler_REST* | |
20effc67 | 155 | RGWRESTMgr_IAM::get_handler(rgw::sal::Store* store, |
f67539c2 TL |
156 | struct req_state* const s, |
157 | const rgw::auth::StrategyRegistry& auth_registry, | |
158 | const std::string& frontend_prefix) | |
92f5a8d4 TL |
159 | { |
160 | return new RGWHandler_REST_IAM(auth_registry); | |
161 | } |