]>
git.proxmox.com Git - ceph.git/blob - ceph/src/rgw/rgw_role.cc
4 #include "common/errno.h"
5 #include "common/Formatter.h"
6 #include "common/ceph_json.h"
7 #include "common/ceph_time.h"
10 #include "include/types.h"
11 #include "rgw_string.h"
13 #include "rgw_common.h"
14 #include "rgw_tools.h"
17 #define dout_subsys ceph_subsys_rgw
21 const string
RGWRole::role_name_oid_prefix
= "role_names.";
22 const string
RGWRole::role_oid_prefix
= "roles.";
23 const string
RGWRole::role_path_oid_prefix
= "role_paths.";
24 const string
RGWRole::role_arn_prefix
= "arn:aws:iam::";
26 int RGWRole::store_info(bool exclusive
)
28 string oid
= get_info_oid_prefix() + id
;
32 return rgw_put_system_obj(store
, store
->get_zone_params().roles_pool
, oid
,
33 bl
.c_str(), bl
.length(), exclusive
, NULL
, real_time(), NULL
);
36 int RGWRole::store_name(bool exclusive
)
41 string oid
= get_names_oid_prefix() + name
;
44 ::encode(nameToId
, bl
);
45 return rgw_put_system_obj(store
, store
->get_zone_params().roles_pool
, oid
,
46 bl
.c_str(), bl
.length(), exclusive
, NULL
, real_time(), NULL
);
49 int RGWRole::store_path(bool exclusive
)
51 string oid
= get_path_oid_prefix() + path
+ get_info_oid_prefix() + id
;
53 return rgw_put_system_obj(store
, store
->get_zone_params().roles_pool
, oid
,
54 NULL
, 0, exclusive
, NULL
, real_time(), NULL
);
57 int RGWRole::create(bool exclusive
)
61 /* check to see the name is not used */
62 ret
= read_id(name
, id
);
63 if (exclusive
&& ret
== 0) {
64 ldout(cct
, 0) << "ERROR: name " << name
<< " already in use for role id "
67 } else if ( ret
< 0 && ret
!= -ENOENT
) {
68 ldout(cct
, 0) << "failed reading role id " << id
<< ": "
69 << cpp_strerror(-ret
) << dendl
;
73 /* create unique id */
76 new_uuid
.generate_random();
77 new_uuid
.print(uuid_str
);
81 arn
= role_arn_prefix
+ uid
+ ":role" + path
+ name
;
84 real_clock::time_point t
= real_clock::now();
87 real_clock::to_timeval(t
, tv
);
91 gmtime_r(&tv
.tv_sec
, &result
);
92 strftime(buf
,30,"%Y-%m-%dT%H:%M:%S", &result
);
93 sprintf(buf
+ strlen(buf
),".%dZ",(int)tv
.tv_usec
/1000);
94 creation_date
.assign(buf
, strlen(buf
));
96 auto& pool
= store
->get_zone_params().roles_pool
;
97 ret
= store_info(exclusive
);
99 ldout(cct
, 0) << "ERROR: storing role info in pool: " << pool
.name
<< ": "
100 << id
<< ": " << cpp_strerror(-ret
) << dendl
;
104 ret
= store_name(exclusive
);
106 ldout(cct
, 0) << "ERROR: storing role name in pool: " << pool
.name
<< ": "
107 << name
<< ": " << cpp_strerror(-ret
) << dendl
;
109 //Delete the role info that was stored in the previous call
110 string oid
= get_info_oid_prefix() + id
;
111 int info_ret
= rgw_delete_system_obj(store
, pool
, oid
, NULL
);
113 ldout(cct
, 0) << "ERROR: cleanup of role id from pool: " << pool
.name
<< ": "
114 << id
<< ": " << cpp_strerror(-info_ret
) << dendl
;
119 ret
= store_path(exclusive
);
121 ldout(cct
, 0) << "ERROR: storing role path in pool: " << pool
.name
<< ": "
122 << path
<< ": " << cpp_strerror(-ret
) << dendl
;
123 //Delete the role info that was stored in the previous call
124 string oid
= get_info_oid_prefix() + id
;
125 int info_ret
= rgw_delete_system_obj(store
, pool
, oid
, NULL
);
127 ldout(cct
, 0) << "ERROR: cleanup of role id from pool: " << pool
.name
<< ": "
128 << id
<< ": " << cpp_strerror(-info_ret
) << dendl
;
130 //Delete role name that was stored in previous call
131 oid
= get_names_oid_prefix() + name
;
132 int name_ret
= rgw_delete_system_obj(store
, pool
, oid
, NULL
);
134 ldout(cct
, 0) << "ERROR: cleanup of role name from pool: " << pool
.name
<< ": "
135 << name
<< ": " << cpp_strerror(-name_ret
) << dendl
;
142 int RGWRole::delete_obj()
144 auto& pool
= store
->get_zone_params().roles_pool
;
146 int ret
= read_name();
156 if (! perm_policy_map
.empty()) {
157 return -ERR_DELETE_CONFLICT
;
161 string oid
= get_info_oid_prefix() + id
;
162 ret
= rgw_delete_system_obj(store
, pool
, oid
, NULL
);
164 ldout(cct
, 0) << "ERROR: deleting role id from pool: " << pool
.name
<< ": "
165 << id
<< ": " << cpp_strerror(-ret
) << dendl
;
169 oid
= get_names_oid_prefix() + name
;
170 ret
= rgw_delete_system_obj(store
, pool
, oid
, NULL
);
172 ldout(cct
, 0) << "ERROR: deleting role name from pool: " << pool
.name
<< ": "
173 << name
<< ": " << cpp_strerror(-ret
) << dendl
;
177 oid
= get_path_oid_prefix() + path
+ get_info_oid_prefix() + id
;
178 ret
= rgw_delete_system_obj(store
, pool
, oid
, NULL
);
180 ldout(cct
, 0) << "ERROR: deleting role path from pool: " << pool
.name
<< ": "
181 << path
<< ": " << cpp_strerror(-ret
) << dendl
;
188 int ret
= read_name();
201 int RGWRole::update()
203 auto& pool
= store
->get_zone_params().roles_pool
;
205 int ret
= store_info(false);
207 ldout(cct
, 0) << "ERROR: storing info in pool: " << pool
.name
<< ": "
208 << id
<< ": " << cpp_strerror(-ret
) << dendl
;
215 void RGWRole::set_perm_policy(const string
& policy_name
, const string
& perm_policy
)
217 perm_policy_map
[policy_name
] = perm_policy
;
220 vector
<string
> RGWRole::get_role_policy_names()
222 vector
<string
> policy_names
;
223 for (const auto& it
: perm_policy_map
)
225 policy_names
.push_back(std::move(it
.first
));
231 int RGWRole::get_role_policy(const string
& policy_name
, string
& perm_policy
)
233 const auto it
= perm_policy_map
.find(policy_name
);
234 if (it
== perm_policy_map
.end()) {
235 ldout(cct
, 0) << "ERROR: Policy name: " << policy_name
<< " not found" << dendl
;
238 perm_policy
= it
->second
;
243 int RGWRole::delete_policy(const string
& policy_name
)
245 const auto& it
= perm_policy_map
.find(policy_name
);
246 if (it
== perm_policy_map
.end()) {
247 ldout(cct
, 0) << "ERROR: Policy name: " << policy_name
<< " not found" << dendl
;
250 perm_policy_map
.erase(it
);
255 void RGWRole::dump(Formatter
*f
) const
257 encode_json("id", id
, f
);
258 encode_json("name", name
, f
);
259 encode_json("path", path
, f
);
260 encode_json("arn", arn
, f
);
261 encode_json("create_date", creation_date
, f
);
262 encode_json("assume_role_policy_document", trust_policy
, f
);
265 void RGWRole::decode_json(JSONObj
*obj
)
267 JSONDecoder::decode_json("id", id
, obj
);
268 JSONDecoder::decode_json("name", name
, obj
);
269 JSONDecoder::decode_json("path", path
, obj
);
270 JSONDecoder::decode_json("arn", arn
, obj
);
271 JSONDecoder::decode_json("create_date", creation_date
, obj
);
272 JSONDecoder::decode_json("assume_role_policy_document", trust_policy
, obj
);
275 int RGWRole::read_id(const string
& role_name
, string
& role_id
)
277 auto& pool
= store
->get_zone_params().roles_pool
;
278 string oid
= get_names_oid_prefix() + role_name
;
280 RGWObjectCtx
obj_ctx(store
);
282 int ret
= rgw_get_system_obj(store
, obj_ctx
, pool
, oid
, bl
, NULL
, NULL
);
287 RGWNameToId nameToId
;
289 bufferlist::iterator iter
= bl
.begin();
290 ::decode(nameToId
, iter
);
291 } catch (buffer::error
& err
) {
292 ldout(cct
, 0) << "ERROR: failed to decode role from pool: " << pool
.name
<< ": "
293 << role_name
<< dendl
;
296 role_id
= nameToId
.obj_id
;
300 int RGWRole::read_info()
302 auto& pool
= store
->get_zone_params().roles_pool
;
303 string oid
= get_info_oid_prefix() + id
;
305 RGWObjectCtx
obj_ctx(store
);
307 int ret
= rgw_get_system_obj(store
, obj_ctx
, pool
, oid
, bl
, NULL
, NULL
);
309 ldout(cct
, 0) << "ERROR: failed reading role info from pool: " << pool
.name
<<
310 ": " << id
<< ": " << cpp_strerror(-ret
) << dendl
;
315 bufferlist::iterator iter
= bl
.begin();
316 ::decode(*this, iter
);
317 } catch (buffer::error
& err
) {
318 ldout(cct
, 0) << "ERROR: failed to decode role info from pool: " << pool
.name
<<
326 int RGWRole::read_name()
328 auto& pool
= store
->get_zone_params().roles_pool
;
329 string oid
= get_names_oid_prefix() + name
;
331 RGWObjectCtx
obj_ctx(store
);
333 int ret
= rgw_get_system_obj(store
, obj_ctx
, pool
, oid
, bl
, NULL
, NULL
);
335 ldout(cct
, 0) << "ERROR: failed reading role name from pool: " << pool
.name
<< ": "
336 << name
<< ": " << cpp_strerror(-ret
) << dendl
;
340 RGWNameToId nameToId
;
342 bufferlist::iterator iter
= bl
.begin();
343 ::decode(nameToId
, iter
);
344 } catch (buffer::error
& err
) {
345 ldout(cct
, 0) << "ERROR: failed to decode role name from pool: " << pool
.name
<< ": "
349 id
= nameToId
.obj_id
;
353 void RGWRole::update_trust_policy(string
& trust_policy
)
355 this->trust_policy
= trust_policy
;
358 int RGWRole::get_roles_by_path_prefix(RGWRados
*store
, CephContext
*cct
, const string
& path_prefix
, vector
<RGWRole
>& roles
)
360 auto pool
= store
->get_zone_params().roles_pool
;
363 // List all roles if path prefix is empty
364 if (! path_prefix
.empty()) {
365 prefix
= role_path_oid_prefix
+ path_prefix
;
367 prefix
= role_path_oid_prefix
;
370 //Get the filtered objects
373 RGWListRawObjsCtx ctx
;
376 int r
= store
->list_raw_objects(pool
, prefix
, 1000, ctx
, oids
, &is_truncated
);
378 ldout(cct
, 0) << "ERROR: listing filtered objects failed: " << pool
.name
<< ": "
379 << prefix
<< ": " << cpp_strerror(-r
) << dendl
;
382 for (const auto& iter
: oids
) {
383 result
.push_back(iter
.substr(role_path_oid_prefix
.size()));
385 } while (is_truncated
);
387 for (const auto& it
: result
) {
388 //Find the role oid prefix from the end
389 size_t pos
= it
.rfind(role_oid_prefix
);
390 if (pos
== string::npos
) {
393 // Split the result into path and info_oid + id
394 string path
= it
.substr(0, pos
);
396 /*Make sure that prefix is part of path (False results could've been returned)
397 because of the role info oid + id appended to the path)*/
398 if(path_prefix
.empty() || path
.find(path_prefix
) != string::npos
) {
399 //Get id from info oid prefix + id
400 string id
= it
.substr(pos
+ role_oid_prefix
.length());
402 RGWRole
role(cct
, store
);
404 int ret
= role
.read_info();
408 roles
.push_back(std::move(role
));
415 const string
& RGWRole::get_names_oid_prefix()
417 return role_name_oid_prefix
;
420 const string
& RGWRole::get_info_oid_prefix()
422 return role_oid_prefix
;
425 const string
& RGWRole::get_path_oid_prefix()
427 return role_path_oid_prefix
;