]>
git.proxmox.com Git - ceph.git/blob - ceph/src/rgw/rgw_rest_role.cc
3 #include "common/errno.h"
4 #include "common/Formatter.h"
5 #include "common/ceph_json.h"
7 #include "include/types.h"
8 #include "rgw_string.h"
10 #include "rgw_common.h"
14 #include "rgw_rest_role.h"
16 #define dout_subsys ceph_subsys_rgw
20 void RGWRestRole::send_response()
23 set_req_state_err(s
, op_ret
);
29 int RGWRoleRead::verify_permission()
31 if (s
->auth
.identity
->is_anonymous()) {
35 if (!verify_user_permission(s
, RGW_PERM_READ
)) {
42 int RGWRoleWrite::verify_permission()
44 if (s
->auth
.identity
->is_anonymous()) {
48 if (!verify_user_permission(s
, RGW_PERM_WRITE
)) {
55 int RGWCreateRole::get_params()
57 role_name
= s
->info
.args
.get("RoleName");
58 role_path
= s
->info
.args
.get("Path");
59 trust_policy
= s
->info
.args
.get("AssumeRolePolicyDocument");
61 if (role_name
.empty() || trust_policy
.empty()) {
62 ldout(s
->cct
, 20) << "ERROR: one of role name or assume role policy document is empty"
67 if (!p
.parse(trust_policy
.c_str(), trust_policy
.length())) {
68 ldout(s
->cct
, 20) << "ERROR: failed to parse assume role policy doc" << dendl
;
69 return -ERR_MALFORMED_DOC
;
74 void RGWCreateRole::execute()
76 op_ret
= get_params();
81 s
->user
->user_id
.to_str(uid
);
82 RGWRole
role(s
->cct
, store
, role_name
, role_path
, trust_policy
, uid
);
83 op_ret
= role
.create(true);
85 if (op_ret
== -EEXIST
) {
86 op_ret
= -ERR_ROLE_EXISTS
;
90 s
->formatter
->open_object_section("role");
91 role
.dump(s
->formatter
);
92 s
->formatter
->close_section();
96 int RGWDeleteRole::get_params()
98 role_name
= s
->info
.args
.get("RoleName");
100 if (role_name
.empty()) {
101 ldout(s
->cct
, 20) << "ERROR: Role name is empty"<< dendl
;
108 void RGWDeleteRole::execute()
110 op_ret
= get_params();
114 RGWRole
role(s
->cct
, store
, role_name
);
115 op_ret
= role
.delete_obj();
117 if (op_ret
== -ENOENT
) {
118 op_ret
= -ERR_NO_ROLE_FOUND
;
122 int RGWGetRole::get_params()
124 role_name
= s
->info
.args
.get("RoleName");
126 if (role_name
.empty()) {
127 ldout(s
->cct
, 20) << "ERROR: Role name is empty"<< dendl
;
134 void RGWGetRole::execute()
136 op_ret
= get_params();
140 RGWRole
role(s
->cct
, store
, role_name
);
143 if (op_ret
== -ENOENT
) {
144 op_ret
= -ERR_NO_ROLE_FOUND
;
148 s
->formatter
->open_object_section("role");
149 role
.dump(s
->formatter
);
150 s
->formatter
->close_section();
154 int RGWModifyRole::get_params()
156 role_name
= s
->info
.args
.get("RoleName");
157 trust_policy
= s
->info
.args
.get("PolicyDocument");
159 if (role_name
.empty() || trust_policy
.empty()) {
160 ldout(s
->cct
, 20) << "ERROR: One of role name or trust policy is empty"<< dendl
;
164 if (!p
.parse(trust_policy
.c_str(), trust_policy
.length())) {
165 ldout(s
->cct
, 20) << "ERROR: failed to parse assume role policy doc" << dendl
;
166 return -ERR_MALFORMED_DOC
;
172 void RGWModifyRole::execute()
174 op_ret
= get_params();
178 RGWRole
role(s
->cct
, store
, role_name
);
180 if (op_ret
== -ENOENT
) {
181 op_ret
= -ERR_NO_ROLE_FOUND
;
185 role
.update_trust_policy(trust_policy
);
186 op_ret
= role
.update();
190 int RGWListRoles::get_params()
192 path_prefix
= s
->info
.args
.get("PathPrefix");
197 void RGWListRoles::execute()
199 op_ret
= get_params();
203 vector
<RGWRole
> result
;
204 op_ret
= RGWRole::get_roles_by_path_prefix(store
, s
->cct
, path_prefix
, result
);
207 s
->formatter
->open_array_section("Roles");
208 for (const auto& it
: result
) {
209 s
->formatter
->open_object_section("role");
210 it
.dump(s
->formatter
);
211 s
->formatter
->close_section();
213 s
->formatter
->close_section();
217 int RGWPutRolePolicy::get_params()
219 role_name
= s
->info
.args
.get("RoleName");
220 policy_name
= s
->info
.args
.get("PolicyName");
221 perm_policy
= s
->info
.args
.get("PolicyDocument");
223 if (role_name
.empty() || policy_name
.empty() || perm_policy
.empty()) {
224 ldout(s
->cct
, 20) << "ERROR: One of role name, policy name or perm policy is empty"<< dendl
;
228 if (!p
.parse(perm_policy
.c_str(), perm_policy
.length())) {
229 ldout(s
->cct
, 20) << "ERROR: failed to parse perm role policy doc" << dendl
;
230 return -ERR_MALFORMED_DOC
;
236 void RGWPutRolePolicy::execute()
238 op_ret
= get_params();
243 RGWRole
role(s
->cct
, store
, role_name
);
246 role
.set_perm_policy(policy_name
, perm_policy
);
247 op_ret
= role
.update();
251 int RGWGetRolePolicy::get_params()
253 role_name
= s
->info
.args
.get("RoleName");
254 policy_name
= s
->info
.args
.get("PolicyName");
256 if (role_name
.empty() || policy_name
.empty()) {
257 ldout(s
->cct
, 20) << "ERROR: One of role name or policy name is empty"<< dendl
;
263 void RGWGetRolePolicy::execute()
265 op_ret
= get_params();
270 RGWRole
role(g_ceph_context
, store
, role_name
);
273 if (op_ret
== -ENOENT
) {
274 op_ret
= -ERR_NO_ROLE_FOUND
;
279 op_ret
= role
.get_role_policy(policy_name
, perm_policy
);
282 s
->formatter
->open_object_section("GetRolePolicyResult");
283 s
->formatter
->dump_string("PolicyName", policy_name
);
284 s
->formatter
->dump_string("RoleName", role_name
);
285 s
->formatter
->dump_string("Permission policy", perm_policy
);
286 s
->formatter
->close_section();
291 int RGWListRolePolicies::get_params()
293 role_name
= s
->info
.args
.get("RoleName");
295 if (role_name
.empty()) {
296 ldout(s
->cct
, 20) << "ERROR: Role name is empty"<< dendl
;
302 void RGWListRolePolicies::execute()
304 op_ret
= get_params();
309 RGWRole
role(g_ceph_context
, store
, role_name
);
312 if (op_ret
== -ENOENT
) {
313 op_ret
= -ERR_NO_ROLE_FOUND
;
317 std::vector
<string
> policy_names
= role
.get_role_policy_names();
318 s
->formatter
->open_array_section("PolicyNames");
319 for (const auto& it
: policy_names
) {
320 s
->formatter
->dump_string("member", it
);
322 s
->formatter
->close_section();
326 int RGWDeleteRolePolicy::get_params()
328 role_name
= s
->info
.args
.get("RoleName");
329 policy_name
= s
->info
.args
.get("PolicyName");
331 if (role_name
.empty() || policy_name
.empty()) {
332 ldout(s
->cct
, 20) << "ERROR: One of role name or policy name is empty"<< dendl
;
338 void RGWDeleteRolePolicy::execute()
340 op_ret
= get_params();
345 RGWRole
role(g_ceph_context
, store
, role_name
);
348 if (op_ret
== -ENOENT
) {
349 op_ret
= -ERR_NO_ROLE_FOUND
;
353 op_ret
= role
.delete_policy(policy_name
);
354 if (op_ret
== -ENOENT
) {
355 op_ret
= -ERR_NO_ROLE_FOUND
;
359 op_ret
= role
.update();