]>
Commit | Line | Data |
---|---|---|
7c673cae | 1 | // -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*- |
9f95a23c | 2 | // vim: ts=8 sw=2 smarttab ft=cpp |
7c673cae FG |
3 | |
4 | #ifndef CEPH_RGW_USER_H | |
5 | #define CEPH_RGW_USER_H | |
6 | ||
7 | #include <string> | |
8 | #include <boost/algorithm/string.hpp> | |
11fdf7f2 | 9 | #include "include/ceph_assert.h" |
7c673cae FG |
10 | |
11 | #include "include/types.h" | |
12 | #include "rgw_common.h" | |
13 | #include "rgw_tools.h" | |
14 | ||
7c673cae FG |
15 | #include "rgw_string.h" |
16 | ||
17 | #include "common/Formatter.h" | |
18 | #include "rgw_formats.h" | |
9f95a23c | 19 | #include "rgw_metadata.h" |
7c673cae | 20 | |
7c673cae FG |
21 | #define RGW_USER_ANON_ID "anonymous" |
22 | ||
23 | #define SECRET_KEY_LEN 40 | |
24 | #define PUBLIC_ID_LEN 20 | |
25 | #define RAND_SUBUSER_LEN 5 | |
26 | ||
27 | #define XMLNS_AWS_S3 "http://s3.amazonaws.com/doc/2006-03-01/" | |
28 | ||
9f95a23c TL |
29 | class RGWUserCtl; |
30 | class RGWBucketCtl; | |
31 | class RGWUserBuckets; | |
32 | ||
33 | class RGWGetUserStats_CB; | |
34 | namespace rgw { namespace sal { | |
35 | class RGWRadosStore; | |
36 | } } | |
37 | ||
7c673cae FG |
38 | /** |
39 | * A string wrapper that includes encode/decode functions | |
40 | * for easily accessing a UID in all forms | |
41 | */ | |
42 | struct RGWUID | |
43 | { | |
44 | rgw_user user_id; | |
45 | void encode(bufferlist& bl) const { | |
46 | string s; | |
47 | user_id.to_str(s); | |
11fdf7f2 TL |
48 | using ceph::encode; |
49 | encode(s, bl); | |
7c673cae | 50 | } |
11fdf7f2 | 51 | void decode(bufferlist::const_iterator& bl) { |
7c673cae | 52 | string s; |
11fdf7f2 TL |
53 | using ceph::decode; |
54 | decode(s, bl); | |
7c673cae FG |
55 | user_id.from_str(s); |
56 | } | |
57 | }; | |
58 | WRITE_CLASS_ENCODER(RGWUID) | |
59 | ||
f67539c2 TL |
60 | extern int rgw_user_sync_all_stats(rgw::sal::RGWRadosStore *store, const rgw_user& user_id, optional_yield y); |
61 | extern int rgw_user_get_all_buckets_stats( | |
62 | rgw::sal::RGWRadosStore *store,const rgw_user& user_id, | |
63 | map<string, cls_user_bucket_entry>& buckets_usage_map, optional_yield y); | |
c07f9fc5 | 64 | |
7c673cae FG |
65 | /** |
66 | * Get the anonymous (ie, unauthenticated) user info. | |
67 | */ | |
68 | extern void rgw_get_anon_user(RGWUserInfo& info); | |
69 | ||
70 | /** | |
71 | * Save the given user information to storage. | |
72 | * Returns: 0 on success, -ERR# on failure. | |
73 | */ | |
9f95a23c | 74 | extern int rgw_store_user_info(RGWUserCtl *user_ctl, |
7c673cae FG |
75 | RGWUserInfo& info, |
76 | RGWUserInfo *old_info, | |
77 | RGWObjVersionTracker *objv_tracker, | |
78 | real_time mtime, | |
79 | bool exclusive, | |
f67539c2 | 80 | optional_yield y, |
9f95a23c | 81 | map<string, bufferlist> *pattrs = nullptr); |
7c673cae FG |
82 | |
83 | /** | |
84 | * Given an user_id, finds the user info associated with it. | |
85 | * returns: 0 on success, -ERR# on failure (including nonexistence) | |
86 | */ | |
9f95a23c | 87 | extern int rgw_get_user_info_by_uid(RGWUserCtl *user_ctl, |
7c673cae FG |
88 | const rgw_user& user_id, |
89 | RGWUserInfo& info, | |
f67539c2 | 90 | optional_yield y, |
9f95a23c TL |
91 | RGWObjVersionTracker *objv_tracker = nullptr, |
92 | real_time *pmtime = nullptr, | |
93 | rgw_cache_entry_info *cache_info = nullptr, | |
94 | map<string, bufferlist> *pattrs = nullptr); | |
7c673cae FG |
95 | /** |
96 | * Given an email, finds the user info associated with it. | |
97 | * returns: 0 on success, -ERR# on failure (including nonexistence) | |
98 | */ | |
9f95a23c TL |
99 | extern int rgw_get_user_info_by_email(RGWUserCtl *user_ctl, |
100 | string& email, RGWUserInfo& info, | |
f67539c2 | 101 | optional_yield y, |
9f95a23c TL |
102 | RGWObjVersionTracker *objv_tracker = NULL, |
103 | real_time *pmtime = nullptr); | |
7c673cae FG |
104 | /** |
105 | * Given an swift username, finds the user info associated with it. | |
106 | * returns: 0 on success, -ERR# on failure (including nonexistence) | |
107 | */ | |
9f95a23c | 108 | extern int rgw_get_user_info_by_swift(RGWUserCtl *user_ctl, |
7c673cae FG |
109 | const string& swift_name, |
110 | RGWUserInfo& info, /* out */ | |
f67539c2 | 111 | optional_yield y, |
7c673cae FG |
112 | RGWObjVersionTracker *objv_tracker = nullptr, |
113 | real_time *pmtime = nullptr); | |
114 | /** | |
115 | * Given an access key, finds the user info associated with it. | |
116 | * returns: 0 on success, -ERR# on failure (including nonexistence) | |
117 | */ | |
9f95a23c | 118 | extern int rgw_get_user_info_by_access_key(RGWUserCtl *user_ctl, |
7c673cae FG |
119 | const std::string& access_key, |
120 | RGWUserInfo& info, | |
f67539c2 TL |
121 | optional_yield y, |
122 | RGWObjVersionTracker* objv_tracker = nullptr, | |
7c673cae | 123 | real_time* pmtime = nullptr); |
7c673cae | 124 | |
7c673cae FG |
125 | extern void rgw_perm_to_str(uint32_t mask, char *buf, int len); |
126 | extern uint32_t rgw_str_to_perm(const char *str); | |
127 | ||
d2e6a577 FG |
128 | extern int rgw_validate_tenant_name(const string& t); |
129 | ||
7c673cae FG |
130 | enum ObjectKeyType { |
131 | KEY_TYPE_SWIFT, | |
132 | KEY_TYPE_S3, | |
133 | KEY_TYPE_UNDEFINED | |
134 | }; | |
135 | ||
136 | enum RGWKeyPoolOp { | |
137 | GENERATE_KEY, | |
138 | MODIFY_KEY | |
139 | }; | |
140 | ||
141 | enum RGWUserId { | |
142 | RGW_USER_ID, | |
143 | RGW_SWIFT_USERNAME, | |
144 | RGW_USER_EMAIL, | |
145 | RGW_ACCESS_KEY, | |
146 | }; | |
147 | ||
d2e6a577 FG |
148 | /* |
149 | * An RGWUser class along with supporting classes created | |
150 | * to support the creation of an RESTful administrative API | |
151 | */ | |
7c673cae FG |
152 | struct RGWUserAdminOpState { |
153 | // user attributes | |
154 | RGWUserInfo info; | |
155 | rgw_user user_id; | |
156 | std::string user_email; | |
157 | std::string display_name; | |
9f95a23c TL |
158 | rgw_user new_user_id; |
159 | bool overwrite_new_user = false; | |
7c673cae FG |
160 | int32_t max_buckets; |
161 | __u8 suspended; | |
162 | __u8 admin; | |
163 | __u8 system; | |
164 | __u8 exclusive; | |
165 | __u8 fetch_stats; | |
3efd9988 | 166 | __u8 sync_stats; |
7c673cae FG |
167 | std::string caps; |
168 | RGWObjVersionTracker objv; | |
169 | uint32_t op_mask; | |
170 | map<int, string> temp_url_keys; | |
171 | ||
172 | // subuser attributes | |
173 | std::string subuser; | |
174 | uint32_t perm_mask; | |
175 | ||
176 | // key_attributes | |
177 | std::string id; // access key | |
178 | std::string key; // secret key | |
179 | int32_t key_type; | |
180 | ||
11fdf7f2 TL |
181 | std::set<string> mfa_ids; |
182 | ||
7c673cae FG |
183 | // operation attributes |
184 | bool existing_user; | |
185 | bool existing_key; | |
186 | bool existing_subuser; | |
187 | bool existing_email; | |
188 | bool subuser_specified; | |
189 | bool gen_secret; | |
190 | bool gen_access; | |
191 | bool gen_subuser; | |
192 | bool id_specified; | |
193 | bool key_specified; | |
194 | bool type_specified; | |
195 | bool key_type_setbycontext; // key type set by user or subuser context | |
196 | bool purge_data; | |
197 | bool purge_keys; | |
198 | bool display_name_specified; | |
199 | bool user_email_specified; | |
200 | bool max_buckets_specified; | |
201 | bool perm_specified; | |
202 | bool op_mask_specified; | |
203 | bool caps_specified; | |
204 | bool suspension_op; | |
d2e6a577 | 205 | bool admin_specified = false; |
7c673cae FG |
206 | bool system_specified; |
207 | bool key_op; | |
208 | bool temp_url_key_specified; | |
209 | bool found_by_uid; | |
210 | bool found_by_email; | |
211 | bool found_by_key; | |
11fdf7f2 | 212 | bool mfa_ids_specified; |
7c673cae FG |
213 | |
214 | // req parameters | |
215 | bool populated; | |
216 | bool initialized; | |
217 | bool key_params_checked; | |
218 | bool subuser_params_checked; | |
219 | bool user_params_checked; | |
220 | ||
221 | bool bucket_quota_specified; | |
222 | bool user_quota_specified; | |
223 | ||
224 | RGWQuotaInfo bucket_quota; | |
225 | RGWQuotaInfo user_quota; | |
226 | ||
11fdf7f2 TL |
227 | // req parameters for listing user |
228 | std::string marker; | |
229 | uint32_t max_entries; | |
9f95a23c TL |
230 | rgw_placement_rule default_placement; // user default placement |
231 | bool default_placement_specified; | |
232 | ||
233 | list<string> placement_tags; // user default placement_tags | |
234 | bool placement_tags_specified; | |
11fdf7f2 TL |
235 | |
236 | void set_access_key(const std::string& access_key) { | |
7c673cae FG |
237 | if (access_key.empty()) |
238 | return; | |
239 | ||
240 | id = access_key; | |
241 | id_specified = true; | |
242 | gen_access = false; | |
243 | key_op = true; | |
244 | } | |
245 | ||
11fdf7f2 | 246 | void set_secret_key(const std::string& secret_key) { |
7c673cae FG |
247 | if (secret_key.empty()) |
248 | return; | |
249 | ||
250 | key = secret_key; | |
251 | key_specified = true; | |
252 | gen_secret = false; | |
253 | key_op = true; | |
254 | } | |
255 | ||
256 | void set_user_id(rgw_user& id) { | |
257 | if (id.empty()) | |
258 | return; | |
259 | ||
260 | user_id = id; | |
261 | } | |
262 | ||
9f95a23c TL |
263 | void set_new_user_id(rgw_user& id) { |
264 | if (id.empty()) | |
265 | return; | |
266 | ||
267 | new_user_id = id; | |
268 | } | |
269 | void set_overwrite_new_user(bool b) { | |
270 | overwrite_new_user = b; | |
271 | } | |
272 | ||
7c673cae | 273 | void set_user_email(std::string& email) { |
c07f9fc5 | 274 | /* always lowercase email address */ |
7c673cae FG |
275 | boost::algorithm::to_lower(email); |
276 | user_email = email; | |
277 | user_email_specified = true; | |
278 | } | |
279 | ||
11fdf7f2 | 280 | void set_display_name(const std::string& name) { |
7c673cae FG |
281 | if (name.empty()) |
282 | return; | |
283 | ||
284 | display_name = name; | |
285 | display_name_specified = true; | |
286 | } | |
287 | ||
288 | void set_subuser(std::string& _subuser) { | |
289 | if (_subuser.empty()) | |
290 | return; | |
291 | ||
292 | size_t pos = _subuser.find(":"); | |
293 | if (pos != string::npos) { | |
294 | rgw_user tmp_id; | |
295 | tmp_id.from_str(_subuser.substr(0, pos)); | |
296 | if (tmp_id.tenant.empty()) { | |
297 | user_id.id = tmp_id.id; | |
298 | } else { | |
299 | user_id = tmp_id; | |
300 | } | |
301 | subuser = _subuser.substr(pos+1); | |
302 | } else { | |
303 | subuser = _subuser; | |
304 | } | |
305 | ||
306 | subuser_specified = true; | |
307 | } | |
308 | ||
11fdf7f2 | 309 | void set_caps(const std::string& _caps) { |
7c673cae FG |
310 | if (_caps.empty()) |
311 | return; | |
312 | ||
313 | caps = _caps; | |
314 | caps_specified = true; | |
315 | } | |
316 | ||
317 | void set_perm(uint32_t perm) { | |
318 | perm_mask = perm; | |
319 | perm_specified = true; | |
320 | } | |
321 | ||
322 | void set_op_mask(uint32_t mask) { | |
323 | op_mask = mask; | |
324 | op_mask_specified = true; | |
325 | } | |
326 | ||
327 | void set_temp_url_key(const string& key, int index) { | |
328 | temp_url_keys[index] = key; | |
329 | temp_url_key_specified = true; | |
330 | } | |
331 | ||
332 | void set_key_type(int32_t type) { | |
333 | key_type = type; | |
334 | type_specified = true; | |
335 | } | |
336 | ||
337 | void set_suspension(__u8 is_suspended) { | |
338 | suspended = is_suspended; | |
339 | suspension_op = true; | |
340 | } | |
341 | ||
342 | void set_admin(__u8 is_admin) { | |
343 | admin = is_admin; | |
344 | admin_specified = true; | |
345 | } | |
346 | ||
347 | void set_system(__u8 is_system) { | |
348 | system = is_system; | |
349 | system_specified = true; | |
350 | } | |
351 | ||
352 | void set_exclusive(__u8 is_exclusive) { | |
353 | exclusive = is_exclusive; | |
354 | } | |
355 | ||
356 | void set_fetch_stats(__u8 is_fetch_stats) { | |
357 | fetch_stats = is_fetch_stats; | |
358 | } | |
359 | ||
3efd9988 FG |
360 | void set_sync_stats(__u8 is_sync_stats) { |
361 | sync_stats = is_sync_stats; | |
362 | } | |
363 | ||
7c673cae FG |
364 | void set_user_info(RGWUserInfo& user_info) { |
365 | user_id = user_info.user_id; | |
366 | info = user_info; | |
367 | } | |
368 | ||
369 | void set_max_buckets(int32_t mb) { | |
370 | max_buckets = mb; | |
371 | max_buckets_specified = true; | |
372 | } | |
373 | ||
374 | void set_gen_access() { | |
375 | gen_access = true; | |
376 | key_op = true; | |
377 | } | |
378 | ||
379 | void set_gen_secret() { | |
380 | gen_secret = true; | |
381 | key_op = true; | |
382 | } | |
383 | ||
384 | void set_generate_key() { | |
385 | if (id.empty()) | |
386 | gen_access = true; | |
387 | if (key.empty()) | |
388 | gen_secret = true; | |
389 | key_op = true; | |
390 | } | |
391 | ||
392 | void clear_generate_key() { | |
393 | gen_access = false; | |
394 | gen_secret = false; | |
395 | } | |
396 | ||
397 | void set_purge_keys() { | |
398 | purge_keys = true; | |
399 | key_op = true; | |
400 | } | |
401 | ||
402 | void set_bucket_quota(RGWQuotaInfo& quota) { | |
403 | bucket_quota = quota; | |
404 | bucket_quota_specified = true; | |
405 | } | |
406 | ||
407 | void set_user_quota(RGWQuotaInfo& quota) { | |
408 | user_quota = quota; | |
409 | user_quota_specified = true; | |
410 | } | |
411 | ||
11fdf7f2 TL |
412 | void set_mfa_ids(const std::set<string>& ids) { |
413 | mfa_ids = ids; | |
414 | mfa_ids_specified = true; | |
415 | } | |
416 | ||
9f95a23c TL |
417 | void set_default_placement(const rgw_placement_rule& _placement) { |
418 | default_placement = _placement; | |
419 | default_placement_specified = true; | |
420 | } | |
421 | ||
422 | void set_placement_tags(const list<string>& _tags) { | |
423 | placement_tags = _tags; | |
424 | placement_tags_specified = true; | |
425 | } | |
426 | ||
7c673cae FG |
427 | bool is_populated() { return populated; } |
428 | bool is_initialized() { return initialized; } | |
429 | bool has_existing_user() { return existing_user; } | |
430 | bool has_existing_key() { return existing_key; } | |
431 | bool has_existing_subuser() { return existing_subuser; } | |
432 | bool has_existing_email() { return existing_email; } | |
433 | bool has_subuser() { return subuser_specified; } | |
434 | bool has_key_op() { return key_op; } | |
435 | bool has_caps_op() { return caps_specified; } | |
436 | bool has_suspension_op() { return suspension_op; } | |
437 | bool has_subuser_perm() { return perm_specified; } | |
438 | bool has_op_mask() { return op_mask_specified; } | |
439 | bool will_gen_access() { return gen_access; } | |
440 | bool will_gen_secret() { return gen_secret; } | |
441 | bool will_gen_subuser() { return gen_subuser; } | |
442 | bool will_purge_keys() { return purge_keys; } | |
443 | bool will_purge_data() { return purge_data; } | |
444 | bool will_generate_subuser() { return gen_subuser; } | |
445 | bool has_bucket_quota() { return bucket_quota_specified; } | |
446 | bool has_user_quota() { return user_quota_specified; } | |
447 | void set_populated() { populated = true; } | |
448 | void clear_populated() { populated = false; } | |
449 | void set_initialized() { initialized = true; } | |
450 | void set_existing_user(bool flag) { existing_user = flag; } | |
451 | void set_existing_key(bool flag) { existing_key = flag; } | |
452 | void set_existing_subuser(bool flag) { existing_subuser = flag; } | |
453 | void set_existing_email(bool flag) { existing_email = flag; } | |
454 | void set_purge_data(bool flag) { purge_data = flag; } | |
455 | void set_generate_subuser(bool flag) { gen_subuser = flag; } | |
456 | __u8 get_suspension_status() { return suspended; } | |
457 | int32_t get_key_type() {return key_type; } | |
458 | uint32_t get_subuser_perm() { return perm_mask; } | |
459 | int32_t get_max_buckets() { return max_buckets; } | |
460 | uint32_t get_op_mask() { return op_mask; } | |
461 | RGWQuotaInfo& get_bucket_quota() { return bucket_quota; } | |
462 | RGWQuotaInfo& get_user_quota() { return user_quota; } | |
11fdf7f2 | 463 | set<string>& get_mfa_ids() { return mfa_ids; } |
7c673cae FG |
464 | |
465 | rgw_user& get_user_id() { return user_id; } | |
466 | std::string get_subuser() { return subuser; } | |
467 | std::string get_access_key() { return id; } | |
468 | std::string get_secret_key() { return key; } | |
469 | std::string get_caps() { return caps; } | |
470 | std::string get_user_email() { return user_email; } | |
471 | std::string get_display_name() { return display_name; } | |
9f95a23c TL |
472 | rgw_user& get_new_uid() { return new_user_id; } |
473 | bool get_overwrite_new_user() const { return overwrite_new_user; } | |
7c673cae FG |
474 | map<int, std::string>& get_temp_url_keys() { return temp_url_keys; } |
475 | ||
476 | RGWUserInfo& get_user_info() { return info; } | |
477 | ||
478 | map<std::string, RGWAccessKey> *get_swift_keys() { return &info.swift_keys; } | |
479 | map<std::string, RGWAccessKey> *get_access_keys() { return &info.access_keys; } | |
480 | map<std::string, RGWSubUser> *get_subusers() { return &info.subusers; } | |
481 | ||
482 | RGWUserCaps *get_caps_obj() { return &info.caps; } | |
483 | ||
484 | std::string build_default_swift_kid() { | |
485 | if (user_id.empty() || subuser.empty()) | |
486 | return ""; | |
487 | ||
488 | std::string kid; | |
489 | user_id.to_str(kid); | |
490 | kid.append(":"); | |
491 | kid.append(subuser); | |
492 | ||
493 | return kid; | |
494 | } | |
495 | ||
496 | std::string generate_subuser() { | |
497 | if (user_id.empty()) | |
498 | return ""; | |
499 | ||
500 | std::string generated_subuser; | |
501 | user_id.to_str(generated_subuser); | |
502 | std::string rand_suffix; | |
503 | ||
504 | int sub_buf_size = RAND_SUBUSER_LEN + 1; | |
505 | char sub_buf[RAND_SUBUSER_LEN + 1]; | |
506 | ||
11fdf7f2 | 507 | gen_rand_alphanumeric_upper(g_ceph_context, sub_buf, sub_buf_size); |
7c673cae FG |
508 | |
509 | rand_suffix = sub_buf; | |
510 | if (rand_suffix.empty()) | |
511 | return ""; | |
512 | ||
513 | generated_subuser.append(rand_suffix); | |
514 | subuser = generated_subuser; | |
515 | ||
516 | return generated_subuser; | |
517 | } | |
518 | ||
519 | RGWUserAdminOpState() : user_id(RGW_USER_ANON_ID) | |
520 | { | |
521 | max_buckets = RGW_DEFAULT_MAX_BUCKETS; | |
522 | key_type = -1; | |
523 | perm_mask = RGW_PERM_NONE; | |
524 | suspended = 0; | |
525 | admin = 0; | |
526 | system = 0; | |
527 | exclusive = 0; | |
528 | fetch_stats = 0; | |
529 | op_mask = 0; | |
530 | ||
531 | existing_user = false; | |
532 | existing_key = false; | |
533 | existing_subuser = false; | |
534 | existing_email = false; | |
535 | subuser_specified = false; | |
536 | caps_specified = false; | |
537 | purge_keys = false; | |
538 | gen_secret = false; | |
539 | gen_access = false; | |
540 | gen_subuser = false; | |
541 | id_specified = false; | |
542 | key_specified = false; | |
543 | type_specified = false; | |
544 | key_type_setbycontext = false; | |
545 | purge_data = false; | |
546 | display_name_specified = false; | |
547 | user_email_specified = false; | |
548 | max_buckets_specified = false; | |
549 | perm_specified = false; | |
550 | op_mask_specified = false; | |
551 | suspension_op = false; | |
552 | system_specified = false; | |
553 | key_op = false; | |
554 | populated = false; | |
555 | initialized = false; | |
556 | key_params_checked = false; | |
557 | subuser_params_checked = false; | |
558 | user_params_checked = false; | |
559 | bucket_quota_specified = false; | |
560 | temp_url_key_specified = false; | |
561 | user_quota_specified = false; | |
562 | found_by_uid = false; | |
563 | found_by_email = false; | |
564 | found_by_key = false; | |
11fdf7f2 | 565 | mfa_ids_specified = false; |
9f95a23c TL |
566 | default_placement_specified = false; |
567 | placement_tags_specified = false; | |
11fdf7f2 TL |
568 | max_entries = 1000; |
569 | marker = ""; | |
7c673cae FG |
570 | } |
571 | }; | |
572 | ||
573 | class RGWUser; | |
574 | ||
575 | class RGWAccessKeyPool | |
576 | { | |
9f95a23c | 577 | RGWUser *user{nullptr}; |
7c673cae FG |
578 | |
579 | std::map<std::string, int, ltstr_nocase> key_type_map; | |
580 | rgw_user user_id; | |
9f95a23c TL |
581 | rgw::sal::RGWRadosStore *store{nullptr}; |
582 | RGWUserCtl *user_ctl{nullptr}; | |
7c673cae | 583 | |
9f95a23c TL |
584 | map<std::string, RGWAccessKey> *swift_keys{nullptr}; |
585 | map<std::string, RGWAccessKey> *access_keys{nullptr}; | |
7c673cae FG |
586 | |
587 | // we don't want to allow keys for the anonymous user or a null user | |
9f95a23c | 588 | bool keys_allowed{false}; |
7c673cae FG |
589 | |
590 | private: | |
591 | int create_key(RGWUserAdminOpState& op_state, std::string *err_msg = NULL); | |
f67539c2 TL |
592 | int generate_key(RGWUserAdminOpState& op_state, optional_yield y, |
593 | std::string *err_msg = NULL); | |
7c673cae FG |
594 | int modify_key(RGWUserAdminOpState& op_state, std::string *err_msg = NULL); |
595 | ||
596 | int check_key_owner(RGWUserAdminOpState& op_state); | |
597 | bool check_existing_key(RGWUserAdminOpState& op_state); | |
598 | int check_op(RGWUserAdminOpState& op_state, std::string *err_msg = NULL); | |
599 | ||
600 | /* API Contract Fulfilment */ | |
f67539c2 TL |
601 | int execute_add(RGWUserAdminOpState& op_state, std::string *err_msg, |
602 | bool defer_save, optional_yield y); | |
603 | int execute_remove(RGWUserAdminOpState& op_state, std::string *err_msg, | |
604 | bool defer_save, optional_yield y); | |
605 | int remove_subuser_keys(RGWUserAdminOpState& op_state, std::string *err_msg, | |
606 | bool defer_save, optional_yield y); | |
607 | ||
608 | int add(RGWUserAdminOpState& op_state, std::string *err_msg, bool defer_save, | |
609 | optional_yield y); | |
610 | int remove(RGWUserAdminOpState& op_state, std::string *err_msg, | |
611 | bool defer_save, optional_yield y); | |
7c673cae FG |
612 | public: |
613 | explicit RGWAccessKeyPool(RGWUser* usr); | |
7c673cae FG |
614 | |
615 | int init(RGWUserAdminOpState& op_state); | |
616 | ||
617 | /* API Contracted Methods */ | |
f67539c2 TL |
618 | int add(RGWUserAdminOpState& op_state, optional_yield y, |
619 | std::string *err_msg = NULL); | |
620 | int remove(RGWUserAdminOpState& op_state, optional_yield y, | |
621 | std::string *err_msg = NULL); | |
7c673cae FG |
622 | |
623 | friend class RGWUser; | |
624 | friend class RGWSubUserPool; | |
625 | }; | |
626 | ||
627 | class RGWSubUserPool | |
628 | { | |
9f95a23c | 629 | RGWUser *user{nullptr}; |
7c673cae FG |
630 | |
631 | rgw_user user_id; | |
9f95a23c TL |
632 | rgw::sal::RGWRadosStore *store{nullptr}; |
633 | RGWUserCtl *user_ctl{nullptr}; | |
634 | bool subusers_allowed{false}; | |
7c673cae | 635 | |
9f95a23c | 636 | map<string, RGWSubUser> *subuser_map{nullptr}; |
7c673cae FG |
637 | |
638 | private: | |
639 | int check_op(RGWUserAdminOpState& op_state, std::string *err_msg = NULL); | |
640 | ||
641 | /* API Contract Fulfillment */ | |
f67539c2 TL |
642 | int execute_add(RGWUserAdminOpState& op_state, std::string *err_msg, bool defer_save, optional_yield y); |
643 | int execute_remove(RGWUserAdminOpState& op_state, std::string *err_msg, bool defer_save, optional_yield y); | |
644 | int execute_modify(RGWUserAdminOpState& op_state, std::string *err_msg, bool defer_save, optional_yield y); | |
645 | ||
646 | int add(RGWUserAdminOpState& op_state, std::string *err_msg, bool defer_save, | |
647 | optional_yield y); | |
648 | int remove(RGWUserAdminOpState& op_state, std::string *err_msg, bool defer_save, optional_yield y); | |
649 | int modify(RGWUserAdminOpState& op_state, optional_yield y, std::string *err_msg, bool defer_save); | |
7c673cae FG |
650 | public: |
651 | explicit RGWSubUserPool(RGWUser *user); | |
7c673cae FG |
652 | |
653 | bool exists(std::string subuser); | |
654 | int init(RGWUserAdminOpState& op_state); | |
655 | ||
656 | /* API contracted methods */ | |
f67539c2 TL |
657 | int add(RGWUserAdminOpState& op_state, optional_yield y, |
658 | std::string *err_msg = NULL); | |
659 | int remove(RGWUserAdminOpState& op_state, optional_yield y, std::string *err_msg = NULL); | |
660 | int modify(RGWUserAdminOpState& op_state, optional_yield y, std::string *err_msg = NULL); | |
7c673cae FG |
661 | |
662 | friend class RGWUser; | |
663 | }; | |
664 | ||
665 | class RGWUserCapPool | |
666 | { | |
9f95a23c TL |
667 | RGWUserCaps *caps{nullptr}; |
668 | bool caps_allowed{false}; | |
669 | RGWUser *user{nullptr}; | |
7c673cae FG |
670 | |
671 | private: | |
f67539c2 TL |
672 | int add(RGWUserAdminOpState& op_state, std::string *err_msg, bool defer_save, |
673 | optional_yield y); | |
674 | int remove(RGWUserAdminOpState& op_state, std::string *err_msg, bool defer_save, | |
675 | optional_yield y); | |
7c673cae FG |
676 | |
677 | public: | |
678 | explicit RGWUserCapPool(RGWUser *user); | |
7c673cae FG |
679 | |
680 | int init(RGWUserAdminOpState& op_state); | |
681 | ||
682 | /* API contracted methods */ | |
f67539c2 TL |
683 | int add(RGWUserAdminOpState& op_state, optional_yield y, |
684 | std::string *err_msg = NULL); | |
685 | int remove(RGWUserAdminOpState& op_state, optional_yield y, std::string *err_msg = NULL); | |
7c673cae FG |
686 | |
687 | friend class RGWUser; | |
688 | }; | |
689 | ||
690 | class RGWUser | |
691 | { | |
692 | ||
693 | private: | |
694 | RGWUserInfo old_info; | |
9f95a23c TL |
695 | rgw::sal::RGWRadosStore *store{nullptr}; |
696 | RGWUserCtl *user_ctl{nullptr}; | |
7c673cae FG |
697 | |
698 | rgw_user user_id; | |
9f95a23c | 699 | bool info_stored{false}; |
7c673cae FG |
700 | |
701 | void set_populated() { info_stored = true; } | |
702 | void clear_populated() { info_stored = false; } | |
703 | bool is_populated() { return info_stored; } | |
704 | ||
705 | int check_op(RGWUserAdminOpState& req, std::string *err_msg); | |
f67539c2 | 706 | int update(RGWUserAdminOpState& op_state, std::string *err_msg, optional_yield y); |
7c673cae FG |
707 | |
708 | void clear_members(); | |
709 | void init_default(); | |
710 | ||
711 | /* API Contract Fulfillment */ | |
f67539c2 TL |
712 | int execute_add(RGWUserAdminOpState& op_state, std::string *err_msg, |
713 | optional_yield y); | |
714 | int execute_remove(RGWUserAdminOpState& op_state, | |
9f95a23c | 715 | std::string *err_msg, optional_yield y); |
f67539c2 TL |
716 | int execute_modify(RGWUserAdminOpState& op_state, std::string *err_msg, optional_yield y); |
717 | int execute_rename(RGWUserAdminOpState& op_state, std::string *err_msg, optional_yield y); | |
7c673cae FG |
718 | |
719 | public: | |
720 | RGWUser(); | |
7c673cae | 721 | |
f67539c2 TL |
722 | int init(rgw::sal::RGWRadosStore *storage, RGWUserAdminOpState& op_state, |
723 | optional_yield y); | |
7c673cae | 724 | |
9f95a23c | 725 | int init_storage(rgw::sal::RGWRadosStore *storage); |
f67539c2 | 726 | int init(RGWUserAdminOpState& op_state, optional_yield y); |
7c673cae FG |
727 | int init_members(RGWUserAdminOpState& op_state); |
728 | ||
9f95a23c TL |
729 | rgw::sal::RGWRadosStore *get_store() { return store; } |
730 | RGWUserCtl *get_user_ctl() { return user_ctl; } | |
7c673cae FG |
731 | |
732 | /* API Contracted Members */ | |
733 | RGWUserCapPool caps; | |
734 | RGWAccessKeyPool keys; | |
735 | RGWSubUserPool subusers; | |
736 | ||
737 | /* API Contracted Methods */ | |
f67539c2 | 738 | int add(RGWUserAdminOpState& op_state, optional_yield y, std::string *err_msg = NULL); |
9f95a23c TL |
739 | |
740 | int remove(RGWUserAdminOpState& op_state, optional_yield y, std::string *err_msg = NULL); | |
741 | ||
f67539c2 | 742 | int rename(RGWUserAdminOpState& op_state, optional_yield y, std::string *err_msg = NULL); |
7c673cae FG |
743 | |
744 | /* remove an already populated RGWUser */ | |
745 | int remove(std::string *err_msg = NULL); | |
746 | ||
f67539c2 | 747 | int modify(RGWUserAdminOpState& op_state, optional_yield y, std::string *err_msg = NULL); |
7c673cae FG |
748 | |
749 | /* retrieve info from an existing user in the RGW system */ | |
f67539c2 TL |
750 | int info(RGWUserAdminOpState& op_state, RGWUserInfo& fetched_info, optional_yield y, |
751 | std::string *err_msg = NULL); | |
7c673cae FG |
752 | |
753 | /* info from an already populated RGWUser */ | |
754 | int info (RGWUserInfo& fetched_info, std::string *err_msg = NULL); | |
755 | ||
11fdf7f2 TL |
756 | /* list the existing users */ |
757 | int list(RGWUserAdminOpState& op_state, RGWFormatterFlusher& flusher); | |
758 | ||
7c673cae FG |
759 | friend class RGWAccessKeyPool; |
760 | friend class RGWSubUserPool; | |
761 | friend class RGWUserCapPool; | |
762 | }; | |
763 | ||
11fdf7f2 | 764 | /* Wrappers for admin API functionality */ |
7c673cae FG |
765 | |
766 | class RGWUserAdminOp_User | |
767 | { | |
768 | public: | |
9f95a23c | 769 | static int list(rgw::sal::RGWRadosStore *store, |
11fdf7f2 TL |
770 | RGWUserAdminOpState& op_state, RGWFormatterFlusher& flusher); |
771 | ||
9f95a23c | 772 | static int info(rgw::sal::RGWRadosStore *store, |
f67539c2 TL |
773 | RGWUserAdminOpState& op_state, RGWFormatterFlusher& flusher, |
774 | optional_yield y); | |
7c673cae | 775 | |
9f95a23c | 776 | static int create(rgw::sal::RGWRadosStore *store, |
f67539c2 TL |
777 | RGWUserAdminOpState& op_state, RGWFormatterFlusher& flusher, |
778 | optional_yield y); | |
7c673cae | 779 | |
9f95a23c | 780 | static int modify(rgw::sal::RGWRadosStore *store, |
f67539c2 | 781 | RGWUserAdminOpState& op_state, RGWFormatterFlusher& flusher, optional_yield y); |
7c673cae | 782 | |
9f95a23c TL |
783 | static int remove(rgw::sal::RGWRadosStore *store, |
784 | RGWUserAdminOpState& op_state, RGWFormatterFlusher& flusher, optional_yield y); | |
7c673cae FG |
785 | }; |
786 | ||
787 | class RGWUserAdminOp_Subuser | |
788 | { | |
789 | public: | |
9f95a23c | 790 | static int create(rgw::sal::RGWRadosStore *store, |
f67539c2 TL |
791 | RGWUserAdminOpState& op_state, RGWFormatterFlusher& flusher, |
792 | optional_yield y); | |
7c673cae | 793 | |
9f95a23c | 794 | static int modify(rgw::sal::RGWRadosStore *store, |
f67539c2 TL |
795 | RGWUserAdminOpState& op_state, RGWFormatterFlusher& flusher, |
796 | optional_yield y); | |
7c673cae | 797 | |
9f95a23c | 798 | static int remove(rgw::sal::RGWRadosStore *store, |
f67539c2 TL |
799 | RGWUserAdminOpState& op_state, RGWFormatterFlusher& flusher, |
800 | optional_yield y); | |
7c673cae FG |
801 | }; |
802 | ||
803 | class RGWUserAdminOp_Key | |
804 | { | |
805 | public: | |
9f95a23c | 806 | static int create(rgw::sal::RGWRadosStore *store, |
f67539c2 TL |
807 | RGWUserAdminOpState& op_state, RGWFormatterFlusher& flusher, |
808 | optional_yield y); | |
7c673cae | 809 | |
9f95a23c | 810 | static int remove(rgw::sal::RGWRadosStore *store, |
f67539c2 TL |
811 | RGWUserAdminOpState& op_state, RGWFormatterFlusher& flusher, |
812 | optional_yield y); | |
7c673cae FG |
813 | }; |
814 | ||
815 | class RGWUserAdminOp_Caps | |
816 | { | |
817 | public: | |
9f95a23c | 818 | static int add(rgw::sal::RGWRadosStore *store, |
f67539c2 TL |
819 | RGWUserAdminOpState& op_state, RGWFormatterFlusher& flusher, |
820 | optional_yield y); | |
7c673cae | 821 | |
9f95a23c | 822 | static int remove(rgw::sal::RGWRadosStore *store, |
f67539c2 TL |
823 | RGWUserAdminOpState& op_state, RGWFormatterFlusher& flusher, |
824 | optional_yield y); | |
7c673cae FG |
825 | }; |
826 | ||
9f95a23c TL |
827 | struct RGWUserCompleteInfo { |
828 | RGWUserInfo info; | |
829 | map<string, bufferlist> attrs; | |
830 | bool has_attrs{false}; | |
831 | ||
832 | void dump(Formatter * const f) const { | |
833 | info.dump(f); | |
834 | encode_json("attrs", attrs, f); | |
835 | } | |
836 | ||
837 | void decode_json(JSONObj *obj) { | |
838 | decode_json_obj(info, obj); | |
839 | has_attrs = JSONDecoder::decode_json("attrs", attrs, obj); | |
840 | } | |
841 | }; | |
842 | ||
843 | class RGWUserMetadataObject : public RGWMetadataObject { | |
844 | RGWUserCompleteInfo uci; | |
845 | public: | |
846 | RGWUserMetadataObject() {} | |
847 | RGWUserMetadataObject(const RGWUserCompleteInfo& _uci, const obj_version& v, real_time m) | |
848 | : uci(_uci) { | |
849 | objv = v; | |
850 | mtime = m; | |
851 | } | |
852 | ||
853 | void dump(Formatter *f) const override { | |
854 | uci.dump(f); | |
855 | } | |
856 | ||
857 | RGWUserCompleteInfo& get_uci() { | |
858 | return uci; | |
859 | } | |
860 | }; | |
861 | ||
862 | class RGWUserMetadataHandler; | |
863 | ||
864 | class RGWUserCtl | |
865 | { | |
866 | struct Svc { | |
867 | RGWSI_Zone *zone{nullptr}; | |
868 | RGWSI_User *user{nullptr}; | |
869 | } svc; | |
870 | ||
871 | struct Ctl { | |
872 | RGWBucketCtl *bucket{nullptr}; | |
873 | } ctl; | |
874 | ||
875 | RGWUserMetadataHandler *umhandler; | |
876 | RGWSI_MetaBackend_Handler *be_handler{nullptr}; | |
877 | ||
878 | public: | |
879 | RGWUserCtl(RGWSI_Zone *zone_svc, | |
880 | RGWSI_User *user_svc, | |
881 | RGWUserMetadataHandler *_umhandler); | |
882 | ||
883 | void init(RGWBucketCtl *bucket_ctl) { | |
884 | ctl.bucket = bucket_ctl; | |
885 | } | |
886 | ||
887 | RGWBucketCtl *get_bucket_ctl() { | |
888 | return ctl.bucket; | |
889 | } | |
890 | ||
891 | struct GetParams { | |
892 | RGWObjVersionTracker *objv_tracker{nullptr}; | |
893 | ceph::real_time *mtime{nullptr}; | |
894 | rgw_cache_entry_info *cache_info{nullptr}; | |
895 | map<string, bufferlist> *attrs{nullptr}; | |
896 | ||
897 | GetParams() {} | |
898 | ||
899 | GetParams& set_objv_tracker(RGWObjVersionTracker *_objv_tracker) { | |
900 | objv_tracker = _objv_tracker; | |
901 | return *this; | |
902 | } | |
903 | ||
904 | GetParams& set_mtime(ceph::real_time *_mtime) { | |
905 | mtime = _mtime; | |
906 | return *this; | |
907 | } | |
908 | ||
909 | GetParams& set_cache_info(rgw_cache_entry_info *_cache_info) { | |
910 | cache_info = _cache_info; | |
911 | return *this; | |
912 | } | |
913 | ||
914 | GetParams& set_attrs(map<string, bufferlist> *_attrs) { | |
915 | attrs = _attrs; | |
916 | return *this; | |
917 | } | |
918 | }; | |
919 | ||
920 | struct PutParams { | |
921 | RGWUserInfo *old_info{nullptr}; | |
922 | RGWObjVersionTracker *objv_tracker{nullptr}; | |
923 | ceph::real_time mtime; | |
924 | bool exclusive{false}; | |
925 | map<string, bufferlist> *attrs{nullptr}; | |
926 | ||
927 | PutParams() {} | |
928 | ||
929 | PutParams& set_old_info(RGWUserInfo *_info) { | |
930 | old_info = _info; | |
931 | return *this; | |
932 | } | |
933 | ||
934 | PutParams& set_objv_tracker(RGWObjVersionTracker *_objv_tracker) { | |
935 | objv_tracker = _objv_tracker; | |
936 | return *this; | |
937 | } | |
938 | ||
939 | PutParams& set_mtime(const ceph::real_time& _mtime) { | |
940 | mtime = _mtime; | |
941 | return *this; | |
942 | } | |
943 | ||
944 | PutParams& set_exclusive(bool _exclusive) { | |
945 | exclusive = _exclusive; | |
946 | return *this; | |
947 | } | |
948 | ||
949 | PutParams& set_attrs(map<string, bufferlist> *_attrs) { | |
950 | attrs = _attrs; | |
951 | return *this; | |
952 | } | |
953 | }; | |
954 | ||
955 | struct RemoveParams { | |
956 | RGWObjVersionTracker *objv_tracker{nullptr}; | |
957 | ||
958 | RemoveParams() {} | |
959 | ||
960 | RemoveParams& set_objv_tracker(RGWObjVersionTracker *_objv_tracker) { | |
961 | objv_tracker = _objv_tracker; | |
962 | return *this; | |
963 | } | |
964 | }; | |
965 | ||
966 | int get_info_by_uid(const rgw_user& uid, RGWUserInfo *info, | |
967 | optional_yield y, const GetParams& params = {}); | |
968 | int get_info_by_email(const string& email, RGWUserInfo *info, | |
969 | optional_yield y, const GetParams& params = {}); | |
970 | int get_info_by_swift(const string& swift_name, RGWUserInfo *info, | |
971 | optional_yield y, const GetParams& params = {}); | |
972 | int get_info_by_access_key(const string& access_key, RGWUserInfo *info, | |
973 | optional_yield y, const GetParams& params = {}); | |
974 | ||
975 | int get_attrs_by_uid(const rgw_user& user_id, | |
976 | map<string, bufferlist> *attrs, | |
977 | optional_yield y, | |
978 | RGWObjVersionTracker *objv_tracker = nullptr); | |
979 | ||
980 | int store_info(const RGWUserInfo& info, optional_yield y, | |
981 | const PutParams& params = {}); | |
982 | int remove_info(const RGWUserInfo& info, optional_yield y, | |
983 | const RemoveParams& params = {}); | |
984 | ||
985 | int add_bucket(const rgw_user& user, | |
986 | const rgw_bucket& bucket, | |
f67539c2 TL |
987 | ceph::real_time creation_time, |
988 | optional_yield y); | |
9f95a23c | 989 | int remove_bucket(const rgw_user& user, |
f67539c2 | 990 | const rgw_bucket& bucket, optional_yield y); |
9f95a23c TL |
991 | int list_buckets(const rgw_user& user, |
992 | const string& marker, | |
993 | const string& end_marker, | |
994 | uint64_t max, | |
995 | bool need_stats, | |
996 | RGWUserBuckets *buckets, | |
997 | bool *is_truncated, | |
f67539c2 | 998 | optional_yield y, |
9f95a23c TL |
999 | uint64_t default_max = 1000); |
1000 | ||
1001 | int flush_bucket_stats(const rgw_user& user, | |
f67539c2 TL |
1002 | const RGWBucketEnt& ent, |
1003 | optional_yield y); | |
1004 | int complete_flush_stats(const rgw_user& user, optional_yield y); | |
1005 | int reset_stats(const rgw_user& user, optional_yield y); | |
9f95a23c | 1006 | int read_stats(const rgw_user& user, RGWStorageStats *stats, |
f67539c2 | 1007 | optional_yield y, |
9f95a23c TL |
1008 | ceph::real_time *last_stats_sync = nullptr, /* last time a full stats sync completed */ |
1009 | ceph::real_time *last_stats_update = nullptr); /* last time a stats update was done */ | |
1010 | int read_stats_async(const rgw_user& user, RGWGetUserStats_CB *ctx); | |
1011 | }; | |
1012 | ||
1013 | class RGWUserMetaHandlerAllocator { | |
1014 | public: | |
1015 | static RGWMetadataHandler *alloc(RGWSI_User *user_svc); | |
1016 | }; | |
7c673cae | 1017 | |
7c673cae FG |
1018 | |
1019 | #endif |