ceph/src/rgw/rgw_rest_iam.cc

   1 // -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
   2 // vim: ts=8 sw=2 smarttab ft=cpp
   3
   4 #include <boost/tokenizer.hpp>
   5
   6 #include "rgw_auth_s3.h"
   7 #include "rgw_rest_iam.h"
   8
   9 #include "rgw_rest_role.h"
  10 #include "rgw_rest_user_policy.h"
  11 #include "rgw_rest_oidc_provider.h"
  12
  13 #define dout_context g_ceph_context
  14 #define dout_subsys ceph_subsys_rgw
  15
  16 using namespace std;
  17
  18 using op_generator = RGWOp*(*)(const bufferlist&);
  19 static const std::unordered_map<std::string_view, op_generator> op_generators = {
  20   {"CreateRole", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWCreateRole(bl_post_body);}},
  21   {"DeleteRole", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWDeleteRole(bl_post_body);}},
  22   {"GetRole", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWGetRole;}},
  23   {"UpdateAssumeRolePolicy", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWModifyRoleTrustPolicy(bl_post_body);}},
  24   {"ListRoles", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWListRoles;}},
  25   {"PutRolePolicy", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWPutRolePolicy(bl_post_body);}},
  26   {"GetRolePolicy", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWGetRolePolicy;}},
  27   {"ListRolePolicies", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWListRolePolicies;}},
  28   {"DeleteRolePolicy", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWDeleteRolePolicy(bl_post_body);}},
  29   {"PutUserPolicy", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWPutUserPolicy;}},
  30   {"GetUserPolicy", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWGetUserPolicy;}},
  31   {"ListUserPolicies", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWListUserPolicies;}},
  32   {"DeleteUserPolicy", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWDeleteUserPolicy;}},
  33   {"CreateOpenIDConnectProvider", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWCreateOIDCProvider;}},
  34   {"ListOpenIDConnectProviders", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWListOIDCProviders;}},
  35   {"GetOpenIDConnectProvider", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWGetOIDCProvider;}},
  36   {"DeleteOpenIDConnectProvider", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWDeleteOIDCProvider;}},
  37   {"TagRole", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWTagRole(bl_post_body);}},
  38   {"ListRoleTags", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWListRoleTags;}},
  39   {"UntagRole", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWUntagRole(bl_post_body);}},
  40   {"UpdateRole", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWUpdateRole(bl_post_body);}}
  41 };
  42
  43 bool RGWHandler_REST_IAM::action_exists(const req_state* s)
  44 {
  45   if (s->info.args.exists("Action")) {
  46     const std::string action_name = s->info.args.get("Action");
  47     return op_generators.contains(action_name);
  48   }
  49   return false;
  50 }
  51
  52 RGWOp *RGWHandler_REST_IAM::op_post()
  53 {
  54   if (s->info.args.exists("Action")) {
  55     const std::string action_name = s->info.args.get("Action");
  56     const auto action_it = op_generators.find(action_name);
  57     if (action_it != op_generators.end()) {
  58       return action_it->second(bl_post_body);
  59     }
  60     ldpp_dout(s, 10) << "unknown action '" << action_name << "' for IAM handler" << dendl;
  61   } else {
  62     ldpp_dout(s, 10) << "missing action argument in IAM handler" << dendl;
  63   }
  64   return nullptr;
  65 }
  66
  67 int RGWHandler_REST_IAM::init(rgw::sal::Driver* driver,
  68                               req_state *s,
  69                               rgw::io::BasicClient *cio)
  70 {
  71   s->dialect = "iam";
  72   s->prot_flags = RGW_REST_IAM;
  73
  74   return RGWHandler_REST::init(driver, s, cio);
  75 }
  76
  77 int RGWHandler_REST_IAM::authorize(const DoutPrefixProvider* dpp, optional_yield y)
  78 {
  79   return RGW_Auth_S3::authorize(dpp, driver, auth_registry, s, y);
  80 }
  81
  82 RGWHandler_REST*
  83 RGWRESTMgr_IAM::get_handler(rgw::sal::Driver* driver,
  84                             req_state* const s,
  85                             const rgw::auth::StrategyRegistry& auth_registry,
  86                             const std::string& frontend_prefix)
  87 {
  88   bufferlist bl;
  89   return new RGWHandler_REST_IAM(auth_registry, bl);
  90 }