]>
Commit | Line | Data |
---|---|---|
7c673cae FG |
1 | // -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*- |
2 | // vim: ts=8 sw=2 smarttab | |
3 | ||
4 | #ifndef CEPH_RGW_USER_H | |
5 | #define CEPH_RGW_USER_H | |
6 | ||
7 | #include <string> | |
8 | #include <boost/algorithm/string.hpp> | |
9 | #include "include/assert.h" | |
10 | ||
11 | #include "include/types.h" | |
12 | #include "rgw_common.h" | |
13 | #include "rgw_tools.h" | |
14 | ||
15 | #include "rgw_rados.h" | |
16 | ||
17 | #include "rgw_string.h" | |
18 | ||
19 | #include "common/Formatter.h" | |
20 | #include "rgw_formats.h" | |
21 | ||
7c673cae FG |
22 | #define RGW_USER_ANON_ID "anonymous" |
23 | ||
24 | #define SECRET_KEY_LEN 40 | |
25 | #define PUBLIC_ID_LEN 20 | |
26 | #define RAND_SUBUSER_LEN 5 | |
27 | ||
28 | #define XMLNS_AWS_S3 "http://s3.amazonaws.com/doc/2006-03-01/" | |
29 | ||
30 | /** | |
31 | * A string wrapper that includes encode/decode functions | |
32 | * for easily accessing a UID in all forms | |
33 | */ | |
34 | struct RGWUID | |
35 | { | |
36 | rgw_user user_id; | |
37 | void encode(bufferlist& bl) const { | |
38 | string s; | |
39 | user_id.to_str(s); | |
40 | ::encode(s, bl); | |
41 | } | |
42 | void decode(bufferlist::iterator& bl) { | |
43 | string s; | |
44 | ::decode(s, bl); | |
45 | user_id.from_str(s); | |
46 | } | |
47 | }; | |
48 | WRITE_CLASS_ENCODER(RGWUID) | |
49 | ||
50 | extern int rgw_user_sync_all_stats(RGWRados *store, const rgw_user& user_id); | |
51 | /** | |
52 | * Get the anonymous (ie, unauthenticated) user info. | |
53 | */ | |
54 | extern void rgw_get_anon_user(RGWUserInfo& info); | |
55 | ||
56 | /** | |
57 | * Save the given user information to storage. | |
58 | * Returns: 0 on success, -ERR# on failure. | |
59 | */ | |
60 | extern int rgw_store_user_info(RGWRados *store, | |
61 | RGWUserInfo& info, | |
62 | RGWUserInfo *old_info, | |
63 | RGWObjVersionTracker *objv_tracker, | |
64 | real_time mtime, | |
65 | bool exclusive, | |
66 | map<string, bufferlist> *pattrs = NULL); | |
67 | ||
68 | /** | |
69 | * Given an user_id, finds the user info associated with it. | |
70 | * returns: 0 on success, -ERR# on failure (including nonexistence) | |
71 | */ | |
72 | extern int rgw_get_user_info_by_uid(RGWRados *store, | |
73 | const rgw_user& user_id, | |
74 | RGWUserInfo& info, | |
75 | RGWObjVersionTracker *objv_tracker = NULL, | |
76 | real_time *pmtime = NULL, | |
77 | rgw_cache_entry_info *cache_info = NULL, | |
78 | map<string, bufferlist> *pattrs = NULL); | |
79 | /** | |
80 | * Given an email, finds the user info associated with it. | |
81 | * returns: 0 on success, -ERR# on failure (including nonexistence) | |
82 | */ | |
83 | extern int rgw_get_user_info_by_email(RGWRados *store, string& email, RGWUserInfo& info, | |
84 | RGWObjVersionTracker *objv_tracker = NULL, real_time *pmtime = NULL); | |
85 | /** | |
86 | * Given an swift username, finds the user info associated with it. | |
87 | * returns: 0 on success, -ERR# on failure (including nonexistence) | |
88 | */ | |
89 | extern int rgw_get_user_info_by_swift(RGWRados *store, | |
90 | const string& swift_name, | |
91 | RGWUserInfo& info, /* out */ | |
92 | RGWObjVersionTracker *objv_tracker = nullptr, | |
93 | real_time *pmtime = nullptr); | |
94 | /** | |
95 | * Given an access key, finds the user info associated with it. | |
96 | * returns: 0 on success, -ERR# on failure (including nonexistence) | |
97 | */ | |
98 | extern int rgw_get_user_info_by_access_key(RGWRados* store, | |
99 | const std::string& access_key, | |
100 | RGWUserInfo& info, | |
101 | RGWObjVersionTracker* objv_tracker = nullptr, | |
102 | real_time* pmtime = nullptr); | |
103 | /** | |
104 | * Get all the custom metadata stored for user specified in @user_id | |
105 | * and put it into @attrs. | |
106 | * Returns: 0 on success, -ERR# on failure. | |
107 | */ | |
108 | extern int rgw_get_user_attrs_by_uid(RGWRados *store, | |
109 | const rgw_user& user_id, | |
110 | map<string, bufferlist>& attrs, | |
111 | RGWObjVersionTracker *objv_tracker = NULL); | |
112 | /** | |
113 | * Given an RGWUserInfo, deletes the user and its bucket ACLs. | |
114 | */ | |
115 | extern int rgw_delete_user(RGWRados *store, RGWUserInfo& user, RGWObjVersionTracker& objv_tracker); | |
116 | /** | |
117 | * Store a list of the user's buckets, with associated functinos. | |
118 | */ | |
119 | ||
120 | /* | |
121 | * remove the different indexes | |
122 | */ | |
123 | extern int rgw_remove_key_index(RGWRados *store, RGWAccessKey& access_key); | |
124 | extern int rgw_remove_uid_index(RGWRados *store, rgw_user& uid); | |
125 | extern int rgw_remove_email_index(RGWRados *store, string& email); | |
126 | extern int rgw_remove_swift_name_index(RGWRados *store, string& swift_name); | |
127 | ||
128 | /* | |
129 | * An RGWUser class along with supporting classes created | |
130 | * to support the creation of an RESTful administrative API | |
131 | */ | |
132 | ||
133 | extern void rgw_perm_to_str(uint32_t mask, char *buf, int len); | |
134 | extern uint32_t rgw_str_to_perm(const char *str); | |
135 | ||
136 | enum ObjectKeyType { | |
137 | KEY_TYPE_SWIFT, | |
138 | KEY_TYPE_S3, | |
139 | KEY_TYPE_UNDEFINED | |
140 | }; | |
141 | ||
142 | enum RGWKeyPoolOp { | |
143 | GENERATE_KEY, | |
144 | MODIFY_KEY | |
145 | }; | |
146 | ||
147 | enum RGWUserId { | |
148 | RGW_USER_ID, | |
149 | RGW_SWIFT_USERNAME, | |
150 | RGW_USER_EMAIL, | |
151 | RGW_ACCESS_KEY, | |
152 | }; | |
153 | ||
154 | struct RGWUserAdminOpState { | |
155 | // user attributes | |
156 | RGWUserInfo info; | |
157 | rgw_user user_id; | |
158 | std::string user_email; | |
159 | std::string display_name; | |
160 | int32_t max_buckets; | |
161 | __u8 suspended; | |
162 | __u8 admin; | |
163 | __u8 system; | |
164 | __u8 exclusive; | |
165 | __u8 fetch_stats; | |
166 | std::string caps; | |
167 | RGWObjVersionTracker objv; | |
168 | uint32_t op_mask; | |
169 | map<int, string> temp_url_keys; | |
170 | ||
171 | // subuser attributes | |
172 | std::string subuser; | |
173 | uint32_t perm_mask; | |
174 | ||
175 | // key_attributes | |
176 | std::string id; // access key | |
177 | std::string key; // secret key | |
178 | int32_t key_type; | |
179 | ||
180 | // operation attributes | |
181 | bool existing_user; | |
182 | bool existing_key; | |
183 | bool existing_subuser; | |
184 | bool existing_email; | |
185 | bool subuser_specified; | |
186 | bool gen_secret; | |
187 | bool gen_access; | |
188 | bool gen_subuser; | |
189 | bool id_specified; | |
190 | bool key_specified; | |
191 | bool type_specified; | |
192 | bool key_type_setbycontext; // key type set by user or subuser context | |
193 | bool purge_data; | |
194 | bool purge_keys; | |
195 | bool display_name_specified; | |
196 | bool user_email_specified; | |
197 | bool max_buckets_specified; | |
198 | bool perm_specified; | |
199 | bool op_mask_specified; | |
200 | bool caps_specified; | |
201 | bool suspension_op; | |
202 | bool admin_specified; | |
203 | bool system_specified; | |
204 | bool key_op; | |
205 | bool temp_url_key_specified; | |
206 | bool found_by_uid; | |
207 | bool found_by_email; | |
208 | bool found_by_key; | |
209 | ||
210 | // req parameters | |
211 | bool populated; | |
212 | bool initialized; | |
213 | bool key_params_checked; | |
214 | bool subuser_params_checked; | |
215 | bool user_params_checked; | |
216 | ||
217 | bool bucket_quota_specified; | |
218 | bool user_quota_specified; | |
219 | ||
220 | RGWQuotaInfo bucket_quota; | |
221 | RGWQuotaInfo user_quota; | |
222 | ||
223 | void set_access_key(std::string& access_key) { | |
224 | if (access_key.empty()) | |
225 | return; | |
226 | ||
227 | id = access_key; | |
228 | id_specified = true; | |
229 | gen_access = false; | |
230 | key_op = true; | |
231 | } | |
232 | ||
233 | void set_secret_key(std::string& secret_key) { | |
234 | if (secret_key.empty()) | |
235 | return; | |
236 | ||
237 | key = secret_key; | |
238 | key_specified = true; | |
239 | gen_secret = false; | |
240 | key_op = true; | |
241 | } | |
242 | ||
243 | void set_user_id(rgw_user& id) { | |
244 | if (id.empty()) | |
245 | return; | |
246 | ||
247 | user_id = id; | |
248 | } | |
249 | ||
250 | void set_user_email(std::string& email) { | |
251 | if (email.empty()) | |
252 | return; | |
253 | ||
254 | /* always lowercase email address */ | |
255 | boost::algorithm::to_lower(email); | |
256 | user_email = email; | |
257 | user_email_specified = true; | |
258 | } | |
259 | ||
260 | void set_display_name(std::string& name) { | |
261 | if (name.empty()) | |
262 | return; | |
263 | ||
264 | display_name = name; | |
265 | display_name_specified = true; | |
266 | } | |
267 | ||
268 | void set_subuser(std::string& _subuser) { | |
269 | if (_subuser.empty()) | |
270 | return; | |
271 | ||
272 | size_t pos = _subuser.find(":"); | |
273 | if (pos != string::npos) { | |
274 | rgw_user tmp_id; | |
275 | tmp_id.from_str(_subuser.substr(0, pos)); | |
276 | if (tmp_id.tenant.empty()) { | |
277 | user_id.id = tmp_id.id; | |
278 | } else { | |
279 | user_id = tmp_id; | |
280 | } | |
281 | subuser = _subuser.substr(pos+1); | |
282 | } else { | |
283 | subuser = _subuser; | |
284 | } | |
285 | ||
286 | subuser_specified = true; | |
287 | } | |
288 | ||
289 | void set_caps(std::string& _caps) { | |
290 | if (_caps.empty()) | |
291 | return; | |
292 | ||
293 | caps = _caps; | |
294 | caps_specified = true; | |
295 | } | |
296 | ||
297 | void set_perm(uint32_t perm) { | |
298 | perm_mask = perm; | |
299 | perm_specified = true; | |
300 | } | |
301 | ||
302 | void set_op_mask(uint32_t mask) { | |
303 | op_mask = mask; | |
304 | op_mask_specified = true; | |
305 | } | |
306 | ||
307 | void set_temp_url_key(const string& key, int index) { | |
308 | temp_url_keys[index] = key; | |
309 | temp_url_key_specified = true; | |
310 | } | |
311 | ||
312 | void set_key_type(int32_t type) { | |
313 | key_type = type; | |
314 | type_specified = true; | |
315 | } | |
316 | ||
317 | void set_suspension(__u8 is_suspended) { | |
318 | suspended = is_suspended; | |
319 | suspension_op = true; | |
320 | } | |
321 | ||
322 | void set_admin(__u8 is_admin) { | |
323 | admin = is_admin; | |
324 | admin_specified = true; | |
325 | } | |
326 | ||
327 | void set_system(__u8 is_system) { | |
328 | system = is_system; | |
329 | system_specified = true; | |
330 | } | |
331 | ||
332 | void set_exclusive(__u8 is_exclusive) { | |
333 | exclusive = is_exclusive; | |
334 | } | |
335 | ||
336 | void set_fetch_stats(__u8 is_fetch_stats) { | |
337 | fetch_stats = is_fetch_stats; | |
338 | } | |
339 | ||
340 | void set_user_info(RGWUserInfo& user_info) { | |
341 | user_id = user_info.user_id; | |
342 | info = user_info; | |
343 | } | |
344 | ||
345 | void set_max_buckets(int32_t mb) { | |
346 | max_buckets = mb; | |
347 | max_buckets_specified = true; | |
348 | } | |
349 | ||
350 | void set_gen_access() { | |
351 | gen_access = true; | |
352 | key_op = true; | |
353 | } | |
354 | ||
355 | void set_gen_secret() { | |
356 | gen_secret = true; | |
357 | key_op = true; | |
358 | } | |
359 | ||
360 | void set_generate_key() { | |
361 | if (id.empty()) | |
362 | gen_access = true; | |
363 | if (key.empty()) | |
364 | gen_secret = true; | |
365 | key_op = true; | |
366 | } | |
367 | ||
368 | void clear_generate_key() { | |
369 | gen_access = false; | |
370 | gen_secret = false; | |
371 | } | |
372 | ||
373 | void set_purge_keys() { | |
374 | purge_keys = true; | |
375 | key_op = true; | |
376 | } | |
377 | ||
378 | void set_bucket_quota(RGWQuotaInfo& quota) { | |
379 | bucket_quota = quota; | |
380 | bucket_quota_specified = true; | |
381 | } | |
382 | ||
383 | void set_user_quota(RGWQuotaInfo& quota) { | |
384 | user_quota = quota; | |
385 | user_quota_specified = true; | |
386 | } | |
387 | ||
388 | bool is_populated() { return populated; } | |
389 | bool is_initialized() { return initialized; } | |
390 | bool has_existing_user() { return existing_user; } | |
391 | bool has_existing_key() { return existing_key; } | |
392 | bool has_existing_subuser() { return existing_subuser; } | |
393 | bool has_existing_email() { return existing_email; } | |
394 | bool has_subuser() { return subuser_specified; } | |
395 | bool has_key_op() { return key_op; } | |
396 | bool has_caps_op() { return caps_specified; } | |
397 | bool has_suspension_op() { return suspension_op; } | |
398 | bool has_subuser_perm() { return perm_specified; } | |
399 | bool has_op_mask() { return op_mask_specified; } | |
400 | bool will_gen_access() { return gen_access; } | |
401 | bool will_gen_secret() { return gen_secret; } | |
402 | bool will_gen_subuser() { return gen_subuser; } | |
403 | bool will_purge_keys() { return purge_keys; } | |
404 | bool will_purge_data() { return purge_data; } | |
405 | bool will_generate_subuser() { return gen_subuser; } | |
406 | bool has_bucket_quota() { return bucket_quota_specified; } | |
407 | bool has_user_quota() { return user_quota_specified; } | |
408 | void set_populated() { populated = true; } | |
409 | void clear_populated() { populated = false; } | |
410 | void set_initialized() { initialized = true; } | |
411 | void set_existing_user(bool flag) { existing_user = flag; } | |
412 | void set_existing_key(bool flag) { existing_key = flag; } | |
413 | void set_existing_subuser(bool flag) { existing_subuser = flag; } | |
414 | void set_existing_email(bool flag) { existing_email = flag; } | |
415 | void set_purge_data(bool flag) { purge_data = flag; } | |
416 | void set_generate_subuser(bool flag) { gen_subuser = flag; } | |
417 | __u8 get_suspension_status() { return suspended; } | |
418 | int32_t get_key_type() {return key_type; } | |
419 | uint32_t get_subuser_perm() { return perm_mask; } | |
420 | int32_t get_max_buckets() { return max_buckets; } | |
421 | uint32_t get_op_mask() { return op_mask; } | |
422 | RGWQuotaInfo& get_bucket_quota() { return bucket_quota; } | |
423 | RGWQuotaInfo& get_user_quota() { return user_quota; } | |
424 | ||
425 | rgw_user& get_user_id() { return user_id; } | |
426 | std::string get_subuser() { return subuser; } | |
427 | std::string get_access_key() { return id; } | |
428 | std::string get_secret_key() { return key; } | |
429 | std::string get_caps() { return caps; } | |
430 | std::string get_user_email() { return user_email; } | |
431 | std::string get_display_name() { return display_name; } | |
432 | map<int, std::string>& get_temp_url_keys() { return temp_url_keys; } | |
433 | ||
434 | RGWUserInfo& get_user_info() { return info; } | |
435 | ||
436 | map<std::string, RGWAccessKey> *get_swift_keys() { return &info.swift_keys; } | |
437 | map<std::string, RGWAccessKey> *get_access_keys() { return &info.access_keys; } | |
438 | map<std::string, RGWSubUser> *get_subusers() { return &info.subusers; } | |
439 | ||
440 | RGWUserCaps *get_caps_obj() { return &info.caps; } | |
441 | ||
442 | std::string build_default_swift_kid() { | |
443 | if (user_id.empty() || subuser.empty()) | |
444 | return ""; | |
445 | ||
446 | std::string kid; | |
447 | user_id.to_str(kid); | |
448 | kid.append(":"); | |
449 | kid.append(subuser); | |
450 | ||
451 | return kid; | |
452 | } | |
453 | ||
454 | std::string generate_subuser() { | |
455 | if (user_id.empty()) | |
456 | return ""; | |
457 | ||
458 | std::string generated_subuser; | |
459 | user_id.to_str(generated_subuser); | |
460 | std::string rand_suffix; | |
461 | ||
462 | int sub_buf_size = RAND_SUBUSER_LEN + 1; | |
463 | char sub_buf[RAND_SUBUSER_LEN + 1]; | |
464 | ||
465 | if (gen_rand_alphanumeric_upper(g_ceph_context, sub_buf, sub_buf_size) < 0) | |
466 | return ""; | |
467 | ||
468 | rand_suffix = sub_buf; | |
469 | if (rand_suffix.empty()) | |
470 | return ""; | |
471 | ||
472 | generated_subuser.append(rand_suffix); | |
473 | subuser = generated_subuser; | |
474 | ||
475 | return generated_subuser; | |
476 | } | |
477 | ||
478 | RGWUserAdminOpState() : user_id(RGW_USER_ANON_ID) | |
479 | { | |
480 | max_buckets = RGW_DEFAULT_MAX_BUCKETS; | |
481 | key_type = -1; | |
482 | perm_mask = RGW_PERM_NONE; | |
483 | suspended = 0; | |
484 | admin = 0; | |
485 | system = 0; | |
486 | exclusive = 0; | |
487 | fetch_stats = 0; | |
488 | op_mask = 0; | |
489 | ||
490 | existing_user = false; | |
491 | existing_key = false; | |
492 | existing_subuser = false; | |
493 | existing_email = false; | |
494 | subuser_specified = false; | |
495 | caps_specified = false; | |
496 | purge_keys = false; | |
497 | gen_secret = false; | |
498 | gen_access = false; | |
499 | gen_subuser = false; | |
500 | id_specified = false; | |
501 | key_specified = false; | |
502 | type_specified = false; | |
503 | key_type_setbycontext = false; | |
504 | purge_data = false; | |
505 | display_name_specified = false; | |
506 | user_email_specified = false; | |
507 | max_buckets_specified = false; | |
508 | perm_specified = false; | |
509 | op_mask_specified = false; | |
510 | suspension_op = false; | |
511 | system_specified = false; | |
512 | key_op = false; | |
513 | populated = false; | |
514 | initialized = false; | |
515 | key_params_checked = false; | |
516 | subuser_params_checked = false; | |
517 | user_params_checked = false; | |
518 | bucket_quota_specified = false; | |
519 | temp_url_key_specified = false; | |
520 | user_quota_specified = false; | |
521 | found_by_uid = false; | |
522 | found_by_email = false; | |
523 | found_by_key = false; | |
524 | } | |
525 | }; | |
526 | ||
527 | class RGWUser; | |
528 | ||
529 | class RGWAccessKeyPool | |
530 | { | |
531 | RGWUser *user; | |
532 | ||
533 | std::map<std::string, int, ltstr_nocase> key_type_map; | |
534 | rgw_user user_id; | |
535 | RGWRados *store; | |
536 | ||
537 | map<std::string, RGWAccessKey> *swift_keys; | |
538 | map<std::string, RGWAccessKey> *access_keys; | |
539 | ||
540 | // we don't want to allow keys for the anonymous user or a null user | |
541 | bool keys_allowed; | |
542 | ||
543 | private: | |
544 | int create_key(RGWUserAdminOpState& op_state, std::string *err_msg = NULL); | |
545 | int generate_key(RGWUserAdminOpState& op_state, std::string *err_msg = NULL); | |
546 | int modify_key(RGWUserAdminOpState& op_state, std::string *err_msg = NULL); | |
547 | ||
548 | int check_key_owner(RGWUserAdminOpState& op_state); | |
549 | bool check_existing_key(RGWUserAdminOpState& op_state); | |
550 | int check_op(RGWUserAdminOpState& op_state, std::string *err_msg = NULL); | |
551 | ||
552 | /* API Contract Fulfilment */ | |
553 | int execute_add(RGWUserAdminOpState& op_state, std::string *err_msg, bool defer_save); | |
554 | int execute_remove(RGWUserAdminOpState& op_state, std::string *err_msg, bool defer_save); | |
555 | int remove_subuser_keys(RGWUserAdminOpState& op_state, std::string *err_msg, bool defer_save); | |
556 | ||
557 | int add(RGWUserAdminOpState& op_state, std::string *err_msg, bool defer_save); | |
558 | int remove(RGWUserAdminOpState& op_state, std::string *err_msg, bool defer_save); | |
559 | public: | |
560 | explicit RGWAccessKeyPool(RGWUser* usr); | |
561 | ~RGWAccessKeyPool(); | |
562 | ||
563 | int init(RGWUserAdminOpState& op_state); | |
564 | ||
565 | /* API Contracted Methods */ | |
566 | int add(RGWUserAdminOpState& op_state, std::string *err_msg = NULL); | |
567 | int remove(RGWUserAdminOpState& op_state, std::string *err_msg = NULL); | |
568 | ||
569 | friend class RGWUser; | |
570 | friend class RGWSubUserPool; | |
571 | }; | |
572 | ||
573 | class RGWSubUserPool | |
574 | { | |
575 | RGWUser *user; | |
576 | ||
577 | rgw_user user_id; | |
578 | RGWRados *store; | |
579 | bool subusers_allowed; | |
580 | ||
581 | map<string, RGWSubUser> *subuser_map; | |
582 | ||
583 | private: | |
584 | int check_op(RGWUserAdminOpState& op_state, std::string *err_msg = NULL); | |
585 | ||
586 | /* API Contract Fulfillment */ | |
587 | int execute_add(RGWUserAdminOpState& op_state, std::string *err_msg, bool defer_save); | |
588 | int execute_remove(RGWUserAdminOpState& op_state, std::string *err_msg, bool defer_save); | |
589 | int execute_modify(RGWUserAdminOpState& op_state, std::string *err_msg, bool defer_save); | |
590 | ||
591 | int add(RGWUserAdminOpState& op_state, std::string *err_msg, bool defer_save); | |
592 | int remove(RGWUserAdminOpState& op_state, std::string *err_msg, bool defer_save); | |
593 | int modify(RGWUserAdminOpState& op_state, std::string *err_msg, bool defer_save); | |
594 | public: | |
595 | explicit RGWSubUserPool(RGWUser *user); | |
596 | ~RGWSubUserPool(); | |
597 | ||
598 | bool exists(std::string subuser); | |
599 | int init(RGWUserAdminOpState& op_state); | |
600 | ||
601 | /* API contracted methods */ | |
602 | int add(RGWUserAdminOpState& op_state, std::string *err_msg = NULL); | |
603 | int remove(RGWUserAdminOpState& op_state, std::string *err_msg = NULL); | |
604 | int modify(RGWUserAdminOpState& op_state, std::string *err_msg = NULL); | |
605 | ||
606 | friend class RGWUser; | |
607 | }; | |
608 | ||
609 | class RGWUserCapPool | |
610 | { | |
611 | RGWUserCaps *caps; | |
612 | bool caps_allowed; | |
613 | RGWUser *user; | |
614 | ||
615 | private: | |
616 | int add(RGWUserAdminOpState& op_state, std::string *err_msg, bool defer_save); | |
617 | int remove(RGWUserAdminOpState& op_state, std::string *err_msg, bool defer_save); | |
618 | ||
619 | public: | |
620 | explicit RGWUserCapPool(RGWUser *user); | |
621 | ~RGWUserCapPool(); | |
622 | ||
623 | int init(RGWUserAdminOpState& op_state); | |
624 | ||
625 | /* API contracted methods */ | |
626 | int add(RGWUserAdminOpState& op_state, std::string *err_msg = NULL); | |
627 | int remove(RGWUserAdminOpState& op_state, std::string *err_msg = NULL); | |
628 | ||
629 | friend class RGWUser; | |
630 | }; | |
631 | ||
632 | class RGWUser | |
633 | { | |
634 | ||
635 | private: | |
636 | RGWUserInfo old_info; | |
637 | RGWRados *store; | |
638 | ||
639 | rgw_user user_id; | |
640 | bool info_stored; | |
641 | ||
642 | void set_populated() { info_stored = true; } | |
643 | void clear_populated() { info_stored = false; } | |
644 | bool is_populated() { return info_stored; } | |
645 | ||
646 | int check_op(RGWUserAdminOpState& req, std::string *err_msg); | |
647 | int update(RGWUserAdminOpState& op_state, std::string *err_msg); | |
648 | ||
649 | void clear_members(); | |
650 | void init_default(); | |
651 | ||
652 | /* API Contract Fulfillment */ | |
653 | int execute_add(RGWUserAdminOpState& op_state, std::string *err_msg); | |
654 | int execute_remove(RGWUserAdminOpState& op_state, std::string *err_msg); | |
655 | int execute_modify(RGWUserAdminOpState& op_state, std::string *err_msg); | |
656 | ||
657 | public: | |
658 | RGWUser(); | |
659 | ~RGWUser(); | |
660 | ||
661 | int init(RGWRados *storage, RGWUserAdminOpState& op_state); | |
662 | ||
663 | int init_storage(RGWRados *storage); | |
664 | int init(RGWUserAdminOpState& op_state); | |
665 | int init_members(RGWUserAdminOpState& op_state); | |
666 | ||
667 | RGWRados *get_store() { return store; } | |
668 | ||
669 | /* API Contracted Members */ | |
670 | RGWUserCapPool caps; | |
671 | RGWAccessKeyPool keys; | |
672 | RGWSubUserPool subusers; | |
673 | ||
674 | /* API Contracted Methods */ | |
675 | int add(RGWUserAdminOpState& op_state, std::string *err_msg = NULL); | |
676 | int remove(RGWUserAdminOpState& op_state, std::string *err_msg = NULL); | |
677 | ||
678 | /* remove an already populated RGWUser */ | |
679 | int remove(std::string *err_msg = NULL); | |
680 | ||
681 | int modify(RGWUserAdminOpState& op_state, std::string *err_msg = NULL); | |
682 | ||
683 | /* retrieve info from an existing user in the RGW system */ | |
684 | int info(RGWUserAdminOpState& op_state, RGWUserInfo& fetched_info, std::string *err_msg = NULL); | |
685 | ||
686 | /* info from an already populated RGWUser */ | |
687 | int info (RGWUserInfo& fetched_info, std::string *err_msg = NULL); | |
688 | ||
689 | friend class RGWAccessKeyPool; | |
690 | friend class RGWSubUserPool; | |
691 | friend class RGWUserCapPool; | |
692 | }; | |
693 | ||
694 | /* Wrapers for admin API functionality */ | |
695 | ||
696 | class RGWUserAdminOp_User | |
697 | { | |
698 | public: | |
699 | static int info(RGWRados *store, | |
700 | RGWUserAdminOpState& op_state, RGWFormatterFlusher& flusher); | |
701 | ||
702 | static int create(RGWRados *store, | |
703 | RGWUserAdminOpState& op_state, RGWFormatterFlusher& flusher); | |
704 | ||
705 | static int modify(RGWRados *store, | |
706 | RGWUserAdminOpState& op_state, RGWFormatterFlusher& flusher); | |
707 | ||
708 | static int remove(RGWRados *store, | |
709 | RGWUserAdminOpState& op_state, RGWFormatterFlusher& flusher); | |
710 | }; | |
711 | ||
712 | class RGWUserAdminOp_Subuser | |
713 | { | |
714 | public: | |
715 | static int create(RGWRados *store, | |
716 | RGWUserAdminOpState& op_state, RGWFormatterFlusher& flusher); | |
717 | ||
718 | static int modify(RGWRados *store, | |
719 | RGWUserAdminOpState& op_state, RGWFormatterFlusher& flusher); | |
720 | ||
721 | static int remove(RGWRados *store, | |
722 | RGWUserAdminOpState& op_state, RGWFormatterFlusher& flusher); | |
723 | }; | |
724 | ||
725 | class RGWUserAdminOp_Key | |
726 | { | |
727 | public: | |
728 | static int create(RGWRados *store, | |
729 | RGWUserAdminOpState& op_state, RGWFormatterFlusher& flusher); | |
730 | ||
731 | static int remove(RGWRados *store, | |
732 | RGWUserAdminOpState& op_state, RGWFormatterFlusher& flusher); | |
733 | }; | |
734 | ||
735 | class RGWUserAdminOp_Caps | |
736 | { | |
737 | public: | |
738 | static int add(RGWRados *store, | |
739 | RGWUserAdminOpState& op_state, RGWFormatterFlusher& flusher); | |
740 | ||
741 | static int remove(RGWRados *store, | |
742 | RGWUserAdminOpState& op_state, RGWFormatterFlusher& flusher); | |
743 | }; | |
744 | ||
745 | class RGWMetadataManager; | |
746 | ||
747 | extern void rgw_user_init(RGWRados *store); | |
748 | ||
749 | #endif |