]>
Commit | Line | Data |
---|---|---|
7c673cae | 1 | // -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*- |
9f95a23c | 2 | // vim: ts=8 sw=2 smarttab ft=cpp |
7c673cae FG |
3 | |
4 | #ifndef CEPH_RGW_USER_H | |
5 | #define CEPH_RGW_USER_H | |
6 | ||
7 | #include <string> | |
8 | #include <boost/algorithm/string.hpp> | |
11fdf7f2 | 9 | #include "include/ceph_assert.h" |
7c673cae FG |
10 | |
11 | #include "include/types.h" | |
12 | #include "rgw_common.h" | |
13 | #include "rgw_tools.h" | |
14 | ||
7c673cae FG |
15 | #include "rgw_string.h" |
16 | ||
17 | #include "common/Formatter.h" | |
18 | #include "rgw_formats.h" | |
9f95a23c | 19 | #include "rgw_metadata.h" |
7c673cae | 20 | |
7c673cae FG |
21 | #define RGW_USER_ANON_ID "anonymous" |
22 | ||
23 | #define SECRET_KEY_LEN 40 | |
24 | #define PUBLIC_ID_LEN 20 | |
25 | #define RAND_SUBUSER_LEN 5 | |
26 | ||
27 | #define XMLNS_AWS_S3 "http://s3.amazonaws.com/doc/2006-03-01/" | |
28 | ||
9f95a23c TL |
29 | class RGWUserCtl; |
30 | class RGWBucketCtl; | |
31 | class RGWUserBuckets; | |
32 | ||
33 | class RGWGetUserStats_CB; | |
34 | namespace rgw { namespace sal { | |
35 | class RGWRadosStore; | |
36 | } } | |
37 | ||
7c673cae FG |
38 | /** |
39 | * A string wrapper that includes encode/decode functions | |
40 | * for easily accessing a UID in all forms | |
41 | */ | |
42 | struct RGWUID | |
43 | { | |
44 | rgw_user user_id; | |
45 | void encode(bufferlist& bl) const { | |
46 | string s; | |
47 | user_id.to_str(s); | |
11fdf7f2 TL |
48 | using ceph::encode; |
49 | encode(s, bl); | |
7c673cae | 50 | } |
11fdf7f2 | 51 | void decode(bufferlist::const_iterator& bl) { |
7c673cae | 52 | string s; |
11fdf7f2 TL |
53 | using ceph::decode; |
54 | decode(s, bl); | |
7c673cae FG |
55 | user_id.from_str(s); |
56 | } | |
57 | }; | |
58 | WRITE_CLASS_ENCODER(RGWUID) | |
59 | ||
9f95a23c TL |
60 | extern int rgw_user_sync_all_stats(rgw::sal::RGWRadosStore *store, const rgw_user& user_id); |
61 | extern int rgw_user_get_all_buckets_stats(rgw::sal::RGWRadosStore *store, const rgw_user& user_id, map<string, cls_user_bucket_entry>&buckets_usage_map); | |
c07f9fc5 | 62 | |
7c673cae FG |
63 | /** |
64 | * Get the anonymous (ie, unauthenticated) user info. | |
65 | */ | |
66 | extern void rgw_get_anon_user(RGWUserInfo& info); | |
67 | ||
68 | /** | |
69 | * Save the given user information to storage. | |
70 | * Returns: 0 on success, -ERR# on failure. | |
71 | */ | |
9f95a23c | 72 | extern int rgw_store_user_info(RGWUserCtl *user_ctl, |
7c673cae FG |
73 | RGWUserInfo& info, |
74 | RGWUserInfo *old_info, | |
75 | RGWObjVersionTracker *objv_tracker, | |
76 | real_time mtime, | |
77 | bool exclusive, | |
9f95a23c | 78 | map<string, bufferlist> *pattrs = nullptr); |
7c673cae FG |
79 | |
80 | /** | |
81 | * Given an user_id, finds the user info associated with it. | |
82 | * returns: 0 on success, -ERR# on failure (including nonexistence) | |
83 | */ | |
9f95a23c | 84 | extern int rgw_get_user_info_by_uid(RGWUserCtl *user_ctl, |
7c673cae FG |
85 | const rgw_user& user_id, |
86 | RGWUserInfo& info, | |
9f95a23c TL |
87 | RGWObjVersionTracker *objv_tracker = nullptr, |
88 | real_time *pmtime = nullptr, | |
89 | rgw_cache_entry_info *cache_info = nullptr, | |
90 | map<string, bufferlist> *pattrs = nullptr); | |
7c673cae FG |
91 | /** |
92 | * Given an email, finds the user info associated with it. | |
93 | * returns: 0 on success, -ERR# on failure (including nonexistence) | |
94 | */ | |
9f95a23c TL |
95 | extern int rgw_get_user_info_by_email(RGWUserCtl *user_ctl, |
96 | string& email, RGWUserInfo& info, | |
97 | RGWObjVersionTracker *objv_tracker = NULL, | |
98 | real_time *pmtime = nullptr); | |
7c673cae FG |
99 | /** |
100 | * Given an swift username, finds the user info associated with it. | |
101 | * returns: 0 on success, -ERR# on failure (including nonexistence) | |
102 | */ | |
9f95a23c | 103 | extern int rgw_get_user_info_by_swift(RGWUserCtl *user_ctl, |
7c673cae FG |
104 | const string& swift_name, |
105 | RGWUserInfo& info, /* out */ | |
106 | RGWObjVersionTracker *objv_tracker = nullptr, | |
107 | real_time *pmtime = nullptr); | |
108 | /** | |
109 | * Given an access key, finds the user info associated with it. | |
110 | * returns: 0 on success, -ERR# on failure (including nonexistence) | |
111 | */ | |
9f95a23c | 112 | extern int rgw_get_user_info_by_access_key(RGWUserCtl *user_ctl, |
7c673cae FG |
113 | const std::string& access_key, |
114 | RGWUserInfo& info, | |
115 | RGWObjVersionTracker* objv_tracker = nullptr, | |
116 | real_time* pmtime = nullptr); | |
7c673cae | 117 | |
7c673cae FG |
118 | extern void rgw_perm_to_str(uint32_t mask, char *buf, int len); |
119 | extern uint32_t rgw_str_to_perm(const char *str); | |
120 | ||
d2e6a577 FG |
121 | extern int rgw_validate_tenant_name(const string& t); |
122 | ||
7c673cae FG |
123 | enum ObjectKeyType { |
124 | KEY_TYPE_SWIFT, | |
125 | KEY_TYPE_S3, | |
126 | KEY_TYPE_UNDEFINED | |
127 | }; | |
128 | ||
129 | enum RGWKeyPoolOp { | |
130 | GENERATE_KEY, | |
131 | MODIFY_KEY | |
132 | }; | |
133 | ||
134 | enum RGWUserId { | |
135 | RGW_USER_ID, | |
136 | RGW_SWIFT_USERNAME, | |
137 | RGW_USER_EMAIL, | |
138 | RGW_ACCESS_KEY, | |
139 | }; | |
140 | ||
d2e6a577 FG |
141 | /* |
142 | * An RGWUser class along with supporting classes created | |
143 | * to support the creation of an RESTful administrative API | |
144 | */ | |
7c673cae FG |
145 | struct RGWUserAdminOpState { |
146 | // user attributes | |
147 | RGWUserInfo info; | |
148 | rgw_user user_id; | |
149 | std::string user_email; | |
150 | std::string display_name; | |
9f95a23c TL |
151 | rgw_user new_user_id; |
152 | bool overwrite_new_user = false; | |
7c673cae FG |
153 | int32_t max_buckets; |
154 | __u8 suspended; | |
155 | __u8 admin; | |
156 | __u8 system; | |
157 | __u8 exclusive; | |
158 | __u8 fetch_stats; | |
3efd9988 | 159 | __u8 sync_stats; |
7c673cae FG |
160 | std::string caps; |
161 | RGWObjVersionTracker objv; | |
162 | uint32_t op_mask; | |
163 | map<int, string> temp_url_keys; | |
164 | ||
165 | // subuser attributes | |
166 | std::string subuser; | |
167 | uint32_t perm_mask; | |
168 | ||
169 | // key_attributes | |
170 | std::string id; // access key | |
171 | std::string key; // secret key | |
172 | int32_t key_type; | |
173 | ||
11fdf7f2 TL |
174 | std::set<string> mfa_ids; |
175 | ||
7c673cae FG |
176 | // operation attributes |
177 | bool existing_user; | |
178 | bool existing_key; | |
179 | bool existing_subuser; | |
180 | bool existing_email; | |
181 | bool subuser_specified; | |
182 | bool gen_secret; | |
183 | bool gen_access; | |
184 | bool gen_subuser; | |
185 | bool id_specified; | |
186 | bool key_specified; | |
187 | bool type_specified; | |
188 | bool key_type_setbycontext; // key type set by user or subuser context | |
189 | bool purge_data; | |
190 | bool purge_keys; | |
191 | bool display_name_specified; | |
192 | bool user_email_specified; | |
193 | bool max_buckets_specified; | |
194 | bool perm_specified; | |
195 | bool op_mask_specified; | |
196 | bool caps_specified; | |
197 | bool suspension_op; | |
d2e6a577 | 198 | bool admin_specified = false; |
7c673cae FG |
199 | bool system_specified; |
200 | bool key_op; | |
201 | bool temp_url_key_specified; | |
202 | bool found_by_uid; | |
203 | bool found_by_email; | |
204 | bool found_by_key; | |
11fdf7f2 | 205 | bool mfa_ids_specified; |
7c673cae FG |
206 | |
207 | // req parameters | |
208 | bool populated; | |
209 | bool initialized; | |
210 | bool key_params_checked; | |
211 | bool subuser_params_checked; | |
212 | bool user_params_checked; | |
213 | ||
214 | bool bucket_quota_specified; | |
215 | bool user_quota_specified; | |
216 | ||
217 | RGWQuotaInfo bucket_quota; | |
218 | RGWQuotaInfo user_quota; | |
219 | ||
11fdf7f2 TL |
220 | // req parameters for listing user |
221 | std::string marker; | |
222 | uint32_t max_entries; | |
9f95a23c TL |
223 | rgw_placement_rule default_placement; // user default placement |
224 | bool default_placement_specified; | |
225 | ||
226 | list<string> placement_tags; // user default placement_tags | |
227 | bool placement_tags_specified; | |
11fdf7f2 TL |
228 | |
229 | void set_access_key(const std::string& access_key) { | |
7c673cae FG |
230 | if (access_key.empty()) |
231 | return; | |
232 | ||
233 | id = access_key; | |
234 | id_specified = true; | |
235 | gen_access = false; | |
236 | key_op = true; | |
237 | } | |
238 | ||
11fdf7f2 | 239 | void set_secret_key(const std::string& secret_key) { |
7c673cae FG |
240 | if (secret_key.empty()) |
241 | return; | |
242 | ||
243 | key = secret_key; | |
244 | key_specified = true; | |
245 | gen_secret = false; | |
246 | key_op = true; | |
247 | } | |
248 | ||
249 | void set_user_id(rgw_user& id) { | |
250 | if (id.empty()) | |
251 | return; | |
252 | ||
253 | user_id = id; | |
254 | } | |
255 | ||
9f95a23c TL |
256 | void set_new_user_id(rgw_user& id) { |
257 | if (id.empty()) | |
258 | return; | |
259 | ||
260 | new_user_id = id; | |
261 | } | |
262 | void set_overwrite_new_user(bool b) { | |
263 | overwrite_new_user = b; | |
264 | } | |
265 | ||
7c673cae | 266 | void set_user_email(std::string& email) { |
c07f9fc5 | 267 | /* always lowercase email address */ |
7c673cae FG |
268 | boost::algorithm::to_lower(email); |
269 | user_email = email; | |
270 | user_email_specified = true; | |
271 | } | |
272 | ||
11fdf7f2 | 273 | void set_display_name(const std::string& name) { |
7c673cae FG |
274 | if (name.empty()) |
275 | return; | |
276 | ||
277 | display_name = name; | |
278 | display_name_specified = true; | |
279 | } | |
280 | ||
281 | void set_subuser(std::string& _subuser) { | |
282 | if (_subuser.empty()) | |
283 | return; | |
284 | ||
285 | size_t pos = _subuser.find(":"); | |
286 | if (pos != string::npos) { | |
287 | rgw_user tmp_id; | |
288 | tmp_id.from_str(_subuser.substr(0, pos)); | |
289 | if (tmp_id.tenant.empty()) { | |
290 | user_id.id = tmp_id.id; | |
291 | } else { | |
292 | user_id = tmp_id; | |
293 | } | |
294 | subuser = _subuser.substr(pos+1); | |
295 | } else { | |
296 | subuser = _subuser; | |
297 | } | |
298 | ||
299 | subuser_specified = true; | |
300 | } | |
301 | ||
11fdf7f2 | 302 | void set_caps(const std::string& _caps) { |
7c673cae FG |
303 | if (_caps.empty()) |
304 | return; | |
305 | ||
306 | caps = _caps; | |
307 | caps_specified = true; | |
308 | } | |
309 | ||
310 | void set_perm(uint32_t perm) { | |
311 | perm_mask = perm; | |
312 | perm_specified = true; | |
313 | } | |
314 | ||
315 | void set_op_mask(uint32_t mask) { | |
316 | op_mask = mask; | |
317 | op_mask_specified = true; | |
318 | } | |
319 | ||
320 | void set_temp_url_key(const string& key, int index) { | |
321 | temp_url_keys[index] = key; | |
322 | temp_url_key_specified = true; | |
323 | } | |
324 | ||
325 | void set_key_type(int32_t type) { | |
326 | key_type = type; | |
327 | type_specified = true; | |
328 | } | |
329 | ||
330 | void set_suspension(__u8 is_suspended) { | |
331 | suspended = is_suspended; | |
332 | suspension_op = true; | |
333 | } | |
334 | ||
335 | void set_admin(__u8 is_admin) { | |
336 | admin = is_admin; | |
337 | admin_specified = true; | |
338 | } | |
339 | ||
340 | void set_system(__u8 is_system) { | |
341 | system = is_system; | |
342 | system_specified = true; | |
343 | } | |
344 | ||
345 | void set_exclusive(__u8 is_exclusive) { | |
346 | exclusive = is_exclusive; | |
347 | } | |
348 | ||
349 | void set_fetch_stats(__u8 is_fetch_stats) { | |
350 | fetch_stats = is_fetch_stats; | |
351 | } | |
352 | ||
3efd9988 FG |
353 | void set_sync_stats(__u8 is_sync_stats) { |
354 | sync_stats = is_sync_stats; | |
355 | } | |
356 | ||
7c673cae FG |
357 | void set_user_info(RGWUserInfo& user_info) { |
358 | user_id = user_info.user_id; | |
359 | info = user_info; | |
360 | } | |
361 | ||
362 | void set_max_buckets(int32_t mb) { | |
363 | max_buckets = mb; | |
364 | max_buckets_specified = true; | |
365 | } | |
366 | ||
367 | void set_gen_access() { | |
368 | gen_access = true; | |
369 | key_op = true; | |
370 | } | |
371 | ||
372 | void set_gen_secret() { | |
373 | gen_secret = true; | |
374 | key_op = true; | |
375 | } | |
376 | ||
377 | void set_generate_key() { | |
378 | if (id.empty()) | |
379 | gen_access = true; | |
380 | if (key.empty()) | |
381 | gen_secret = true; | |
382 | key_op = true; | |
383 | } | |
384 | ||
385 | void clear_generate_key() { | |
386 | gen_access = false; | |
387 | gen_secret = false; | |
388 | } | |
389 | ||
390 | void set_purge_keys() { | |
391 | purge_keys = true; | |
392 | key_op = true; | |
393 | } | |
394 | ||
395 | void set_bucket_quota(RGWQuotaInfo& quota) { | |
396 | bucket_quota = quota; | |
397 | bucket_quota_specified = true; | |
398 | } | |
399 | ||
400 | void set_user_quota(RGWQuotaInfo& quota) { | |
401 | user_quota = quota; | |
402 | user_quota_specified = true; | |
403 | } | |
404 | ||
11fdf7f2 TL |
405 | void set_mfa_ids(const std::set<string>& ids) { |
406 | mfa_ids = ids; | |
407 | mfa_ids_specified = true; | |
408 | } | |
409 | ||
9f95a23c TL |
410 | void set_default_placement(const rgw_placement_rule& _placement) { |
411 | default_placement = _placement; | |
412 | default_placement_specified = true; | |
413 | } | |
414 | ||
415 | void set_placement_tags(const list<string>& _tags) { | |
416 | placement_tags = _tags; | |
417 | placement_tags_specified = true; | |
418 | } | |
419 | ||
7c673cae FG |
420 | bool is_populated() { return populated; } |
421 | bool is_initialized() { return initialized; } | |
422 | bool has_existing_user() { return existing_user; } | |
423 | bool has_existing_key() { return existing_key; } | |
424 | bool has_existing_subuser() { return existing_subuser; } | |
425 | bool has_existing_email() { return existing_email; } | |
426 | bool has_subuser() { return subuser_specified; } | |
427 | bool has_key_op() { return key_op; } | |
428 | bool has_caps_op() { return caps_specified; } | |
429 | bool has_suspension_op() { return suspension_op; } | |
430 | bool has_subuser_perm() { return perm_specified; } | |
431 | bool has_op_mask() { return op_mask_specified; } | |
432 | bool will_gen_access() { return gen_access; } | |
433 | bool will_gen_secret() { return gen_secret; } | |
434 | bool will_gen_subuser() { return gen_subuser; } | |
435 | bool will_purge_keys() { return purge_keys; } | |
436 | bool will_purge_data() { return purge_data; } | |
437 | bool will_generate_subuser() { return gen_subuser; } | |
438 | bool has_bucket_quota() { return bucket_quota_specified; } | |
439 | bool has_user_quota() { return user_quota_specified; } | |
440 | void set_populated() { populated = true; } | |
441 | void clear_populated() { populated = false; } | |
442 | void set_initialized() { initialized = true; } | |
443 | void set_existing_user(bool flag) { existing_user = flag; } | |
444 | void set_existing_key(bool flag) { existing_key = flag; } | |
445 | void set_existing_subuser(bool flag) { existing_subuser = flag; } | |
446 | void set_existing_email(bool flag) { existing_email = flag; } | |
447 | void set_purge_data(bool flag) { purge_data = flag; } | |
448 | void set_generate_subuser(bool flag) { gen_subuser = flag; } | |
449 | __u8 get_suspension_status() { return suspended; } | |
450 | int32_t get_key_type() {return key_type; } | |
451 | uint32_t get_subuser_perm() { return perm_mask; } | |
452 | int32_t get_max_buckets() { return max_buckets; } | |
453 | uint32_t get_op_mask() { return op_mask; } | |
454 | RGWQuotaInfo& get_bucket_quota() { return bucket_quota; } | |
455 | RGWQuotaInfo& get_user_quota() { return user_quota; } | |
11fdf7f2 | 456 | set<string>& get_mfa_ids() { return mfa_ids; } |
7c673cae FG |
457 | |
458 | rgw_user& get_user_id() { return user_id; } | |
459 | std::string get_subuser() { return subuser; } | |
460 | std::string get_access_key() { return id; } | |
461 | std::string get_secret_key() { return key; } | |
462 | std::string get_caps() { return caps; } | |
463 | std::string get_user_email() { return user_email; } | |
464 | std::string get_display_name() { return display_name; } | |
9f95a23c TL |
465 | rgw_user& get_new_uid() { return new_user_id; } |
466 | bool get_overwrite_new_user() const { return overwrite_new_user; } | |
7c673cae FG |
467 | map<int, std::string>& get_temp_url_keys() { return temp_url_keys; } |
468 | ||
469 | RGWUserInfo& get_user_info() { return info; } | |
470 | ||
471 | map<std::string, RGWAccessKey> *get_swift_keys() { return &info.swift_keys; } | |
472 | map<std::string, RGWAccessKey> *get_access_keys() { return &info.access_keys; } | |
473 | map<std::string, RGWSubUser> *get_subusers() { return &info.subusers; } | |
474 | ||
475 | RGWUserCaps *get_caps_obj() { return &info.caps; } | |
476 | ||
477 | std::string build_default_swift_kid() { | |
478 | if (user_id.empty() || subuser.empty()) | |
479 | return ""; | |
480 | ||
481 | std::string kid; | |
482 | user_id.to_str(kid); | |
483 | kid.append(":"); | |
484 | kid.append(subuser); | |
485 | ||
486 | return kid; | |
487 | } | |
488 | ||
489 | std::string generate_subuser() { | |
490 | if (user_id.empty()) | |
491 | return ""; | |
492 | ||
493 | std::string generated_subuser; | |
494 | user_id.to_str(generated_subuser); | |
495 | std::string rand_suffix; | |
496 | ||
497 | int sub_buf_size = RAND_SUBUSER_LEN + 1; | |
498 | char sub_buf[RAND_SUBUSER_LEN + 1]; | |
499 | ||
11fdf7f2 | 500 | gen_rand_alphanumeric_upper(g_ceph_context, sub_buf, sub_buf_size); |
7c673cae FG |
501 | |
502 | rand_suffix = sub_buf; | |
503 | if (rand_suffix.empty()) | |
504 | return ""; | |
505 | ||
506 | generated_subuser.append(rand_suffix); | |
507 | subuser = generated_subuser; | |
508 | ||
509 | return generated_subuser; | |
510 | } | |
511 | ||
512 | RGWUserAdminOpState() : user_id(RGW_USER_ANON_ID) | |
513 | { | |
514 | max_buckets = RGW_DEFAULT_MAX_BUCKETS; | |
515 | key_type = -1; | |
516 | perm_mask = RGW_PERM_NONE; | |
517 | suspended = 0; | |
518 | admin = 0; | |
519 | system = 0; | |
520 | exclusive = 0; | |
521 | fetch_stats = 0; | |
522 | op_mask = 0; | |
523 | ||
524 | existing_user = false; | |
525 | existing_key = false; | |
526 | existing_subuser = false; | |
527 | existing_email = false; | |
528 | subuser_specified = false; | |
529 | caps_specified = false; | |
530 | purge_keys = false; | |
531 | gen_secret = false; | |
532 | gen_access = false; | |
533 | gen_subuser = false; | |
534 | id_specified = false; | |
535 | key_specified = false; | |
536 | type_specified = false; | |
537 | key_type_setbycontext = false; | |
538 | purge_data = false; | |
539 | display_name_specified = false; | |
540 | user_email_specified = false; | |
541 | max_buckets_specified = false; | |
542 | perm_specified = false; | |
543 | op_mask_specified = false; | |
544 | suspension_op = false; | |
545 | system_specified = false; | |
546 | key_op = false; | |
547 | populated = false; | |
548 | initialized = false; | |
549 | key_params_checked = false; | |
550 | subuser_params_checked = false; | |
551 | user_params_checked = false; | |
552 | bucket_quota_specified = false; | |
553 | temp_url_key_specified = false; | |
554 | user_quota_specified = false; | |
555 | found_by_uid = false; | |
556 | found_by_email = false; | |
557 | found_by_key = false; | |
11fdf7f2 | 558 | mfa_ids_specified = false; |
9f95a23c TL |
559 | default_placement_specified = false; |
560 | placement_tags_specified = false; | |
11fdf7f2 TL |
561 | max_entries = 1000; |
562 | marker = ""; | |
7c673cae FG |
563 | } |
564 | }; | |
565 | ||
566 | class RGWUser; | |
567 | ||
568 | class RGWAccessKeyPool | |
569 | { | |
9f95a23c | 570 | RGWUser *user{nullptr}; |
7c673cae FG |
571 | |
572 | std::map<std::string, int, ltstr_nocase> key_type_map; | |
573 | rgw_user user_id; | |
9f95a23c TL |
574 | rgw::sal::RGWRadosStore *store{nullptr}; |
575 | RGWUserCtl *user_ctl{nullptr}; | |
7c673cae | 576 | |
9f95a23c TL |
577 | map<std::string, RGWAccessKey> *swift_keys{nullptr}; |
578 | map<std::string, RGWAccessKey> *access_keys{nullptr}; | |
7c673cae FG |
579 | |
580 | // we don't want to allow keys for the anonymous user or a null user | |
9f95a23c | 581 | bool keys_allowed{false}; |
7c673cae FG |
582 | |
583 | private: | |
584 | int create_key(RGWUserAdminOpState& op_state, std::string *err_msg = NULL); | |
585 | int generate_key(RGWUserAdminOpState& op_state, std::string *err_msg = NULL); | |
586 | int modify_key(RGWUserAdminOpState& op_state, std::string *err_msg = NULL); | |
587 | ||
588 | int check_key_owner(RGWUserAdminOpState& op_state); | |
589 | bool check_existing_key(RGWUserAdminOpState& op_state); | |
590 | int check_op(RGWUserAdminOpState& op_state, std::string *err_msg = NULL); | |
591 | ||
592 | /* API Contract Fulfilment */ | |
593 | int execute_add(RGWUserAdminOpState& op_state, std::string *err_msg, bool defer_save); | |
594 | int execute_remove(RGWUserAdminOpState& op_state, std::string *err_msg, bool defer_save); | |
595 | int remove_subuser_keys(RGWUserAdminOpState& op_state, std::string *err_msg, bool defer_save); | |
596 | ||
597 | int add(RGWUserAdminOpState& op_state, std::string *err_msg, bool defer_save); | |
598 | int remove(RGWUserAdminOpState& op_state, std::string *err_msg, bool defer_save); | |
599 | public: | |
600 | explicit RGWAccessKeyPool(RGWUser* usr); | |
7c673cae FG |
601 | |
602 | int init(RGWUserAdminOpState& op_state); | |
603 | ||
604 | /* API Contracted Methods */ | |
605 | int add(RGWUserAdminOpState& op_state, std::string *err_msg = NULL); | |
606 | int remove(RGWUserAdminOpState& op_state, std::string *err_msg = NULL); | |
607 | ||
608 | friend class RGWUser; | |
609 | friend class RGWSubUserPool; | |
610 | }; | |
611 | ||
612 | class RGWSubUserPool | |
613 | { | |
9f95a23c | 614 | RGWUser *user{nullptr}; |
7c673cae FG |
615 | |
616 | rgw_user user_id; | |
9f95a23c TL |
617 | rgw::sal::RGWRadosStore *store{nullptr}; |
618 | RGWUserCtl *user_ctl{nullptr}; | |
619 | bool subusers_allowed{false}; | |
7c673cae | 620 | |
9f95a23c | 621 | map<string, RGWSubUser> *subuser_map{nullptr}; |
7c673cae FG |
622 | |
623 | private: | |
624 | int check_op(RGWUserAdminOpState& op_state, std::string *err_msg = NULL); | |
625 | ||
626 | /* API Contract Fulfillment */ | |
627 | int execute_add(RGWUserAdminOpState& op_state, std::string *err_msg, bool defer_save); | |
628 | int execute_remove(RGWUserAdminOpState& op_state, std::string *err_msg, bool defer_save); | |
629 | int execute_modify(RGWUserAdminOpState& op_state, std::string *err_msg, bool defer_save); | |
630 | ||
631 | int add(RGWUserAdminOpState& op_state, std::string *err_msg, bool defer_save); | |
632 | int remove(RGWUserAdminOpState& op_state, std::string *err_msg, bool defer_save); | |
633 | int modify(RGWUserAdminOpState& op_state, std::string *err_msg, bool defer_save); | |
634 | public: | |
635 | explicit RGWSubUserPool(RGWUser *user); | |
7c673cae FG |
636 | |
637 | bool exists(std::string subuser); | |
638 | int init(RGWUserAdminOpState& op_state); | |
639 | ||
640 | /* API contracted methods */ | |
641 | int add(RGWUserAdminOpState& op_state, std::string *err_msg = NULL); | |
642 | int remove(RGWUserAdminOpState& op_state, std::string *err_msg = NULL); | |
643 | int modify(RGWUserAdminOpState& op_state, std::string *err_msg = NULL); | |
644 | ||
645 | friend class RGWUser; | |
646 | }; | |
647 | ||
648 | class RGWUserCapPool | |
649 | { | |
9f95a23c TL |
650 | RGWUserCaps *caps{nullptr}; |
651 | bool caps_allowed{false}; | |
652 | RGWUser *user{nullptr}; | |
7c673cae FG |
653 | |
654 | private: | |
655 | int add(RGWUserAdminOpState& op_state, std::string *err_msg, bool defer_save); | |
656 | int remove(RGWUserAdminOpState& op_state, std::string *err_msg, bool defer_save); | |
657 | ||
658 | public: | |
659 | explicit RGWUserCapPool(RGWUser *user); | |
7c673cae FG |
660 | |
661 | int init(RGWUserAdminOpState& op_state); | |
662 | ||
663 | /* API contracted methods */ | |
664 | int add(RGWUserAdminOpState& op_state, std::string *err_msg = NULL); | |
665 | int remove(RGWUserAdminOpState& op_state, std::string *err_msg = NULL); | |
666 | ||
667 | friend class RGWUser; | |
668 | }; | |
669 | ||
670 | class RGWUser | |
671 | { | |
672 | ||
673 | private: | |
674 | RGWUserInfo old_info; | |
9f95a23c TL |
675 | rgw::sal::RGWRadosStore *store{nullptr}; |
676 | RGWUserCtl *user_ctl{nullptr}; | |
7c673cae FG |
677 | |
678 | rgw_user user_id; | |
9f95a23c | 679 | bool info_stored{false}; |
7c673cae FG |
680 | |
681 | void set_populated() { info_stored = true; } | |
682 | void clear_populated() { info_stored = false; } | |
683 | bool is_populated() { return info_stored; } | |
684 | ||
685 | int check_op(RGWUserAdminOpState& req, std::string *err_msg); | |
686 | int update(RGWUserAdminOpState& op_state, std::string *err_msg); | |
687 | ||
688 | void clear_members(); | |
689 | void init_default(); | |
690 | ||
691 | /* API Contract Fulfillment */ | |
692 | int execute_add(RGWUserAdminOpState& op_state, std::string *err_msg); | |
9f95a23c TL |
693 | int execute_remove(RGWUserAdminOpState& op_state, |
694 | std::string *err_msg, optional_yield y); | |
7c673cae | 695 | int execute_modify(RGWUserAdminOpState& op_state, std::string *err_msg); |
9f95a23c | 696 | int execute_rename(RGWUserAdminOpState& op_state, std::string *err_msg); |
7c673cae FG |
697 | |
698 | public: | |
699 | RGWUser(); | |
7c673cae | 700 | |
9f95a23c | 701 | int init(rgw::sal::RGWRadosStore *storage, RGWUserAdminOpState& op_state); |
7c673cae | 702 | |
9f95a23c | 703 | int init_storage(rgw::sal::RGWRadosStore *storage); |
7c673cae FG |
704 | int init(RGWUserAdminOpState& op_state); |
705 | int init_members(RGWUserAdminOpState& op_state); | |
706 | ||
9f95a23c TL |
707 | rgw::sal::RGWRadosStore *get_store() { return store; } |
708 | RGWUserCtl *get_user_ctl() { return user_ctl; } | |
7c673cae FG |
709 | |
710 | /* API Contracted Members */ | |
711 | RGWUserCapPool caps; | |
712 | RGWAccessKeyPool keys; | |
713 | RGWSubUserPool subusers; | |
714 | ||
715 | /* API Contracted Methods */ | |
716 | int add(RGWUserAdminOpState& op_state, std::string *err_msg = NULL); | |
9f95a23c TL |
717 | |
718 | int remove(RGWUserAdminOpState& op_state, optional_yield y, std::string *err_msg = NULL); | |
719 | ||
720 | int rename(RGWUserAdminOpState& op_state, std::string *err_msg = NULL); | |
7c673cae FG |
721 | |
722 | /* remove an already populated RGWUser */ | |
723 | int remove(std::string *err_msg = NULL); | |
724 | ||
725 | int modify(RGWUserAdminOpState& op_state, std::string *err_msg = NULL); | |
726 | ||
727 | /* retrieve info from an existing user in the RGW system */ | |
728 | int info(RGWUserAdminOpState& op_state, RGWUserInfo& fetched_info, std::string *err_msg = NULL); | |
729 | ||
730 | /* info from an already populated RGWUser */ | |
731 | int info (RGWUserInfo& fetched_info, std::string *err_msg = NULL); | |
732 | ||
11fdf7f2 TL |
733 | /* list the existing users */ |
734 | int list(RGWUserAdminOpState& op_state, RGWFormatterFlusher& flusher); | |
735 | ||
7c673cae FG |
736 | friend class RGWAccessKeyPool; |
737 | friend class RGWSubUserPool; | |
738 | friend class RGWUserCapPool; | |
739 | }; | |
740 | ||
11fdf7f2 | 741 | /* Wrappers for admin API functionality */ |
7c673cae FG |
742 | |
743 | class RGWUserAdminOp_User | |
744 | { | |
745 | public: | |
9f95a23c | 746 | static int list(rgw::sal::RGWRadosStore *store, |
11fdf7f2 TL |
747 | RGWUserAdminOpState& op_state, RGWFormatterFlusher& flusher); |
748 | ||
9f95a23c | 749 | static int info(rgw::sal::RGWRadosStore *store, |
7c673cae FG |
750 | RGWUserAdminOpState& op_state, RGWFormatterFlusher& flusher); |
751 | ||
9f95a23c | 752 | static int create(rgw::sal::RGWRadosStore *store, |
7c673cae FG |
753 | RGWUserAdminOpState& op_state, RGWFormatterFlusher& flusher); |
754 | ||
9f95a23c | 755 | static int modify(rgw::sal::RGWRadosStore *store, |
7c673cae FG |
756 | RGWUserAdminOpState& op_state, RGWFormatterFlusher& flusher); |
757 | ||
9f95a23c TL |
758 | static int remove(rgw::sal::RGWRadosStore *store, |
759 | RGWUserAdminOpState& op_state, RGWFormatterFlusher& flusher, optional_yield y); | |
7c673cae FG |
760 | }; |
761 | ||
762 | class RGWUserAdminOp_Subuser | |
763 | { | |
764 | public: | |
9f95a23c | 765 | static int create(rgw::sal::RGWRadosStore *store, |
7c673cae FG |
766 | RGWUserAdminOpState& op_state, RGWFormatterFlusher& flusher); |
767 | ||
9f95a23c | 768 | static int modify(rgw::sal::RGWRadosStore *store, |
7c673cae FG |
769 | RGWUserAdminOpState& op_state, RGWFormatterFlusher& flusher); |
770 | ||
9f95a23c | 771 | static int remove(rgw::sal::RGWRadosStore *store, |
7c673cae FG |
772 | RGWUserAdminOpState& op_state, RGWFormatterFlusher& flusher); |
773 | }; | |
774 | ||
775 | class RGWUserAdminOp_Key | |
776 | { | |
777 | public: | |
9f95a23c | 778 | static int create(rgw::sal::RGWRadosStore *store, |
7c673cae FG |
779 | RGWUserAdminOpState& op_state, RGWFormatterFlusher& flusher); |
780 | ||
9f95a23c | 781 | static int remove(rgw::sal::RGWRadosStore *store, |
7c673cae FG |
782 | RGWUserAdminOpState& op_state, RGWFormatterFlusher& flusher); |
783 | }; | |
784 | ||
785 | class RGWUserAdminOp_Caps | |
786 | { | |
787 | public: | |
9f95a23c | 788 | static int add(rgw::sal::RGWRadosStore *store, |
7c673cae FG |
789 | RGWUserAdminOpState& op_state, RGWFormatterFlusher& flusher); |
790 | ||
9f95a23c | 791 | static int remove(rgw::sal::RGWRadosStore *store, |
7c673cae FG |
792 | RGWUserAdminOpState& op_state, RGWFormatterFlusher& flusher); |
793 | }; | |
794 | ||
9f95a23c TL |
795 | struct RGWUserCompleteInfo { |
796 | RGWUserInfo info; | |
797 | map<string, bufferlist> attrs; | |
798 | bool has_attrs{false}; | |
799 | ||
800 | void dump(Formatter * const f) const { | |
801 | info.dump(f); | |
802 | encode_json("attrs", attrs, f); | |
803 | } | |
804 | ||
805 | void decode_json(JSONObj *obj) { | |
806 | decode_json_obj(info, obj); | |
807 | has_attrs = JSONDecoder::decode_json("attrs", attrs, obj); | |
808 | } | |
809 | }; | |
810 | ||
811 | class RGWUserMetadataObject : public RGWMetadataObject { | |
812 | RGWUserCompleteInfo uci; | |
813 | public: | |
814 | RGWUserMetadataObject() {} | |
815 | RGWUserMetadataObject(const RGWUserCompleteInfo& _uci, const obj_version& v, real_time m) | |
816 | : uci(_uci) { | |
817 | objv = v; | |
818 | mtime = m; | |
819 | } | |
820 | ||
821 | void dump(Formatter *f) const override { | |
822 | uci.dump(f); | |
823 | } | |
824 | ||
825 | RGWUserCompleteInfo& get_uci() { | |
826 | return uci; | |
827 | } | |
828 | }; | |
829 | ||
830 | class RGWUserMetadataHandler; | |
831 | ||
832 | class RGWUserCtl | |
833 | { | |
834 | struct Svc { | |
835 | RGWSI_Zone *zone{nullptr}; | |
836 | RGWSI_User *user{nullptr}; | |
837 | } svc; | |
838 | ||
839 | struct Ctl { | |
840 | RGWBucketCtl *bucket{nullptr}; | |
841 | } ctl; | |
842 | ||
843 | RGWUserMetadataHandler *umhandler; | |
844 | RGWSI_MetaBackend_Handler *be_handler{nullptr}; | |
845 | ||
846 | public: | |
847 | RGWUserCtl(RGWSI_Zone *zone_svc, | |
848 | RGWSI_User *user_svc, | |
849 | RGWUserMetadataHandler *_umhandler); | |
850 | ||
851 | void init(RGWBucketCtl *bucket_ctl) { | |
852 | ctl.bucket = bucket_ctl; | |
853 | } | |
854 | ||
855 | RGWBucketCtl *get_bucket_ctl() { | |
856 | return ctl.bucket; | |
857 | } | |
858 | ||
859 | struct GetParams { | |
860 | RGWObjVersionTracker *objv_tracker{nullptr}; | |
861 | ceph::real_time *mtime{nullptr}; | |
862 | rgw_cache_entry_info *cache_info{nullptr}; | |
863 | map<string, bufferlist> *attrs{nullptr}; | |
864 | ||
865 | GetParams() {} | |
866 | ||
867 | GetParams& set_objv_tracker(RGWObjVersionTracker *_objv_tracker) { | |
868 | objv_tracker = _objv_tracker; | |
869 | return *this; | |
870 | } | |
871 | ||
872 | GetParams& set_mtime(ceph::real_time *_mtime) { | |
873 | mtime = _mtime; | |
874 | return *this; | |
875 | } | |
876 | ||
877 | GetParams& set_cache_info(rgw_cache_entry_info *_cache_info) { | |
878 | cache_info = _cache_info; | |
879 | return *this; | |
880 | } | |
881 | ||
882 | GetParams& set_attrs(map<string, bufferlist> *_attrs) { | |
883 | attrs = _attrs; | |
884 | return *this; | |
885 | } | |
886 | }; | |
887 | ||
888 | struct PutParams { | |
889 | RGWUserInfo *old_info{nullptr}; | |
890 | RGWObjVersionTracker *objv_tracker{nullptr}; | |
891 | ceph::real_time mtime; | |
892 | bool exclusive{false}; | |
893 | map<string, bufferlist> *attrs{nullptr}; | |
894 | ||
895 | PutParams() {} | |
896 | ||
897 | PutParams& set_old_info(RGWUserInfo *_info) { | |
898 | old_info = _info; | |
899 | return *this; | |
900 | } | |
901 | ||
902 | PutParams& set_objv_tracker(RGWObjVersionTracker *_objv_tracker) { | |
903 | objv_tracker = _objv_tracker; | |
904 | return *this; | |
905 | } | |
906 | ||
907 | PutParams& set_mtime(const ceph::real_time& _mtime) { | |
908 | mtime = _mtime; | |
909 | return *this; | |
910 | } | |
911 | ||
912 | PutParams& set_exclusive(bool _exclusive) { | |
913 | exclusive = _exclusive; | |
914 | return *this; | |
915 | } | |
916 | ||
917 | PutParams& set_attrs(map<string, bufferlist> *_attrs) { | |
918 | attrs = _attrs; | |
919 | return *this; | |
920 | } | |
921 | }; | |
922 | ||
923 | struct RemoveParams { | |
924 | RGWObjVersionTracker *objv_tracker{nullptr}; | |
925 | ||
926 | RemoveParams() {} | |
927 | ||
928 | RemoveParams& set_objv_tracker(RGWObjVersionTracker *_objv_tracker) { | |
929 | objv_tracker = _objv_tracker; | |
930 | return *this; | |
931 | } | |
932 | }; | |
933 | ||
934 | int get_info_by_uid(const rgw_user& uid, RGWUserInfo *info, | |
935 | optional_yield y, const GetParams& params = {}); | |
936 | int get_info_by_email(const string& email, RGWUserInfo *info, | |
937 | optional_yield y, const GetParams& params = {}); | |
938 | int get_info_by_swift(const string& swift_name, RGWUserInfo *info, | |
939 | optional_yield y, const GetParams& params = {}); | |
940 | int get_info_by_access_key(const string& access_key, RGWUserInfo *info, | |
941 | optional_yield y, const GetParams& params = {}); | |
942 | ||
943 | int get_attrs_by_uid(const rgw_user& user_id, | |
944 | map<string, bufferlist> *attrs, | |
945 | optional_yield y, | |
946 | RGWObjVersionTracker *objv_tracker = nullptr); | |
947 | ||
948 | int store_info(const RGWUserInfo& info, optional_yield y, | |
949 | const PutParams& params = {}); | |
950 | int remove_info(const RGWUserInfo& info, optional_yield y, | |
951 | const RemoveParams& params = {}); | |
952 | ||
953 | int add_bucket(const rgw_user& user, | |
954 | const rgw_bucket& bucket, | |
955 | ceph::real_time creation_time); | |
956 | int remove_bucket(const rgw_user& user, | |
957 | const rgw_bucket& bucket); | |
958 | int list_buckets(const rgw_user& user, | |
959 | const string& marker, | |
960 | const string& end_marker, | |
961 | uint64_t max, | |
962 | bool need_stats, | |
963 | RGWUserBuckets *buckets, | |
964 | bool *is_truncated, | |
965 | uint64_t default_max = 1000); | |
966 | ||
967 | int flush_bucket_stats(const rgw_user& user, | |
968 | const RGWBucketEnt& ent); | |
969 | int complete_flush_stats(const rgw_user& user); | |
970 | int reset_stats(const rgw_user& user); | |
971 | int read_stats(const rgw_user& user, RGWStorageStats *stats, | |
972 | ceph::real_time *last_stats_sync = nullptr, /* last time a full stats sync completed */ | |
973 | ceph::real_time *last_stats_update = nullptr); /* last time a stats update was done */ | |
974 | int read_stats_async(const rgw_user& user, RGWGetUserStats_CB *ctx); | |
975 | }; | |
976 | ||
977 | class RGWUserMetaHandlerAllocator { | |
978 | public: | |
979 | static RGWMetadataHandler *alloc(RGWSI_User *user_svc); | |
980 | }; | |
7c673cae | 981 | |
7c673cae FG |
982 | |
983 | #endif |