]>
git.proxmox.com Git - ceph.git/blob - ceph/src/rgw/rgw_rest_role.cc
1 // -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
2 // vim: ts=8 sw=2 smarttab
5 #include "common/errno.h"
6 #include "common/Formatter.h"
7 #include "common/ceph_json.h"
9 #include "include/types.h"
10 #include "rgw_string.h"
12 #include "rgw_common.h"
16 #include "rgw_rest_role.h"
18 #define dout_subsys ceph_subsys_rgw
20 void RGWRestRole::send_response()
23 set_req_state_err(s
, op_ret
);
29 int RGWRoleRead::verify_permission()
31 if (s
->auth
.identity
->is_anonymous()) {
35 if (!verify_user_permission(s
, RGW_PERM_READ
)) {
42 int RGWRoleWrite::verify_permission()
44 if (s
->auth
.identity
->is_anonymous()) {
48 if (!verify_user_permission(s
, RGW_PERM_WRITE
)) {
55 int RGWCreateRole::get_params()
57 role_name
= s
->info
.args
.get("RoleName");
58 role_path
= s
->info
.args
.get("Path");
59 trust_policy
= s
->info
.args
.get("AssumeRolePolicyDocument");
61 if (role_name
.empty() || trust_policy
.empty()) {
62 ldout(s
->cct
, 20) << "ERROR: one of role name or assume role policy document is empty"
67 if (!p
.parse(trust_policy
.c_str(), trust_policy
.length())) {
68 ldout(s
->cct
, 20) << "ERROR: failed to parse assume role policy doc" << dendl
;
69 return -ERR_MALFORMED_DOC
;
74 void RGWCreateRole::execute()
76 op_ret
= get_params();
80 RGWRole
role(s
->cct
, store
, role_name
, role_path
, trust_policy
, s
->user
->user_id
.tenant
);
81 op_ret
= role
.create(true);
83 if (op_ret
== -EEXIST
) {
84 op_ret
= -ERR_ROLE_EXISTS
;
88 s
->formatter
->open_object_section("role");
89 role
.dump(s
->formatter
);
90 s
->formatter
->close_section();
94 int RGWDeleteRole::get_params()
96 role_name
= s
->info
.args
.get("RoleName");
98 if (role_name
.empty()) {
99 ldout(s
->cct
, 20) << "ERROR: Role name is empty"<< dendl
;
106 void RGWDeleteRole::execute()
108 op_ret
= get_params();
112 RGWRole
role(s
->cct
, store
, role_name
, s
->user
->user_id
.tenant
);
113 op_ret
= role
.delete_obj();
115 if (op_ret
== -ENOENT
) {
116 op_ret
= -ERR_NO_ROLE_FOUND
;
120 int RGWGetRole::get_params()
122 role_name
= s
->info
.args
.get("RoleName");
124 if (role_name
.empty()) {
125 ldout(s
->cct
, 20) << "ERROR: Role name is empty"<< dendl
;
132 void RGWGetRole::execute()
134 op_ret
= get_params();
138 RGWRole
role(s
->cct
, store
, role_name
, s
->user
->user_id
.tenant
);
141 if (op_ret
== -ENOENT
) {
142 op_ret
= -ERR_NO_ROLE_FOUND
;
146 s
->formatter
->open_object_section("role");
147 role
.dump(s
->formatter
);
148 s
->formatter
->close_section();
152 int RGWModifyRole::get_params()
154 role_name
= s
->info
.args
.get("RoleName");
155 trust_policy
= s
->info
.args
.get("PolicyDocument");
157 if (role_name
.empty() || trust_policy
.empty()) {
158 ldout(s
->cct
, 20) << "ERROR: One of role name or trust policy is empty"<< dendl
;
162 if (!p
.parse(trust_policy
.c_str(), trust_policy
.length())) {
163 ldout(s
->cct
, 20) << "ERROR: failed to parse assume role policy doc" << dendl
;
164 return -ERR_MALFORMED_DOC
;
170 void RGWModifyRole::execute()
172 op_ret
= get_params();
176 RGWRole
role(s
->cct
, store
, role_name
, s
->user
->user_id
.tenant
);
178 if (op_ret
== -ENOENT
) {
179 op_ret
= -ERR_NO_ROLE_FOUND
;
183 role
.update_trust_policy(trust_policy
);
184 op_ret
= role
.update();
188 int RGWListRoles::get_params()
190 path_prefix
= s
->info
.args
.get("PathPrefix");
195 void RGWListRoles::execute()
197 op_ret
= get_params();
201 vector
<RGWRole
> result
;
202 op_ret
= RGWRole::get_roles_by_path_prefix(store
, s
->cct
, path_prefix
, s
->user
->user_id
.tenant
, result
);
205 s
->formatter
->open_array_section("Roles");
206 for (const auto& it
: result
) {
207 s
->formatter
->open_object_section("role");
208 it
.dump(s
->formatter
);
209 s
->formatter
->close_section();
211 s
->formatter
->close_section();
215 int RGWPutRolePolicy::get_params()
217 role_name
= s
->info
.args
.get("RoleName");
218 policy_name
= s
->info
.args
.get("PolicyName");
219 perm_policy
= s
->info
.args
.get("PolicyDocument");
221 if (role_name
.empty() || policy_name
.empty() || perm_policy
.empty()) {
222 ldout(s
->cct
, 20) << "ERROR: One of role name, policy name or perm policy is empty"<< dendl
;
226 if (!p
.parse(perm_policy
.c_str(), perm_policy
.length())) {
227 ldout(s
->cct
, 20) << "ERROR: failed to parse perm role policy doc" << dendl
;
228 return -ERR_MALFORMED_DOC
;
234 void RGWPutRolePolicy::execute()
236 op_ret
= get_params();
241 RGWRole
role(s
->cct
, store
, role_name
, s
->user
->user_id
.tenant
);
244 role
.set_perm_policy(policy_name
, perm_policy
);
245 op_ret
= role
.update();
249 int RGWGetRolePolicy::get_params()
251 role_name
= s
->info
.args
.get("RoleName");
252 policy_name
= s
->info
.args
.get("PolicyName");
254 if (role_name
.empty() || policy_name
.empty()) {
255 ldout(s
->cct
, 20) << "ERROR: One of role name or policy name is empty"<< dendl
;
261 void RGWGetRolePolicy::execute()
263 op_ret
= get_params();
268 RGWRole
role(g_ceph_context
, store
, role_name
, s
->user
->user_id
.tenant
);
271 if (op_ret
== -ENOENT
) {
272 op_ret
= -ERR_NO_ROLE_FOUND
;
277 op_ret
= role
.get_role_policy(policy_name
, perm_policy
);
280 s
->formatter
->open_object_section("GetRolePolicyResult");
281 s
->formatter
->dump_string("PolicyName", policy_name
);
282 s
->formatter
->dump_string("RoleName", role_name
);
283 s
->formatter
->dump_string("Permission policy", perm_policy
);
284 s
->formatter
->close_section();
289 int RGWListRolePolicies::get_params()
291 role_name
= s
->info
.args
.get("RoleName");
293 if (role_name
.empty()) {
294 ldout(s
->cct
, 20) << "ERROR: Role name is empty"<< dendl
;
300 void RGWListRolePolicies::execute()
302 op_ret
= get_params();
307 RGWRole
role(g_ceph_context
, store
, role_name
, s
->user
->user_id
.tenant
);
310 if (op_ret
== -ENOENT
) {
311 op_ret
= -ERR_NO_ROLE_FOUND
;
315 std::vector
<string
> policy_names
= role
.get_role_policy_names();
316 s
->formatter
->open_array_section("PolicyNames");
317 for (const auto& it
: policy_names
) {
318 s
->formatter
->dump_string("member", it
);
320 s
->formatter
->close_section();
324 int RGWDeleteRolePolicy::get_params()
326 role_name
= s
->info
.args
.get("RoleName");
327 policy_name
= s
->info
.args
.get("PolicyName");
329 if (role_name
.empty() || policy_name
.empty()) {
330 ldout(s
->cct
, 20) << "ERROR: One of role name or policy name is empty"<< dendl
;
336 void RGWDeleteRolePolicy::execute()
338 op_ret
= get_params();
343 RGWRole
role(g_ceph_context
, store
, role_name
, s
->user
->user_id
.tenant
);
346 if (op_ret
== -ENOENT
) {
347 op_ret
= -ERR_NO_ROLE_FOUND
;
351 op_ret
= role
.delete_policy(policy_name
);
352 if (op_ret
== -ENOENT
) {
353 op_ret
= -ERR_NO_ROLE_FOUND
;
357 op_ret
= role
.update();