ceph/src/rgw/rgw_role.h

   1 // -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
   2 // vim: ts=8 sw=2 smarttab ft=cpp
   3
   4 #ifndef CEPH_RGW_ROLE_H
   5 #define CEPH_RGW_ROLE_H
   6
   7 #include <string>
   8
   9 #include "common/ceph_context.h"
  10
  11 class RGWCtl;
  12
  13 class RGWRole
  14 {
  15   using string = std::string;
  16   static const string role_name_oid_prefix;
  17   static const string role_oid_prefix;
  18   static const string role_path_oid_prefix;
  19   static const string role_arn_prefix;
  20   static constexpr int MAX_ROLE_NAME_LEN = 64;
  21   static constexpr int MAX_PATH_NAME_LEN = 512;
  22   static constexpr uint64_t SESSION_DURATION_MIN = 3600; // in seconds
  23   static constexpr uint64_t SESSION_DURATION_MAX = 43200; // in seconds
  24
  25   CephContext *cct;
  26   RGWCtl *ctl;
  27   string id;
  28   string name;
  29   string path;
  30   string arn;
  31   string creation_date;
  32   string trust_policy;
  33   map<string, string> perm_policy_map;
  34   string tenant;
  35   uint64_t max_session_duration;
  36
  37   int store_info(bool exclusive);
  38   int store_name(bool exclusive);
  39   int store_path(bool exclusive);
  40   int read_id(const string& role_name, const string& tenant, string& role_id);
  41   int read_name();
  42   int read_info();
  43   void set_id(const string& id) { this->id = id; }
  44   bool validate_input();
  45   void extract_name_tenant(const std::string& str);
  46
  47 public:
  48   RGWRole(CephContext *cct,
  49           RGWCtl *ctl,
  50           string name,
  51           string path,
  52           string trust_policy,
  53           string tenant,
  54           string max_session_duration_str="")
  55   : cct(cct),
  56     ctl(ctl),
  57     name(std::move(name)),
  58     path(std::move(path)),
  59     trust_policy(std::move(trust_policy)),
  60     tenant(std::move(tenant)) {
  61     if (this->path.empty())
  62       this->path = "/";
  63     extract_name_tenant(this->name);
  64     if (max_session_duration_str.empty()) {
  65       max_session_duration = SESSION_DURATION_MIN;
  66     } else {
  67       max_session_duration = std::stoull(max_session_duration_str);
  68     }
  69   }
  70
  71   RGWRole(CephContext *cct,
  72           RGWCtl *ctl,
  73           string name,
  74           string tenant)
  75   : cct(cct),
  76     ctl(ctl),
  77     name(std::move(name)),
  78     tenant(std::move(tenant)) {
  79     extract_name_tenant(this->name);
  80   }
  81
  82   RGWRole(CephContext *cct,
  83           RGWCtl *ctl,
  84           string id)
  85   : cct(cct),
  86     ctl(ctl),
  87     id(std::move(id)) {}
  88
  89   RGWRole(CephContext *cct,
  90           RGWCtl *ctl)
  91   : cct(cct),
  92     ctl(ctl) {}
  93
  94   RGWRole() {}
  95
  96   ~RGWRole() = default;
  97
  98   void encode(bufferlist& bl) const {
  99     ENCODE_START(3, 1, bl);
 100     encode(id, bl);
 101     encode(name, bl);
 102     encode(path, bl);
 103     encode(arn, bl);
 104     encode(creation_date, bl);
 105     encode(trust_policy, bl);
 106     encode(perm_policy_map, bl);
 107     encode(tenant, bl);
 108     encode(max_session_duration, bl);
 109     ENCODE_FINISH(bl);
 110   }
 111
 112   void decode(bufferlist::const_iterator& bl) {
 113     DECODE_START(2, bl);
 114     decode(id, bl);
 115     decode(name, bl);
 116     decode(path, bl);
 117     decode(arn, bl);
 118     decode(creation_date, bl);
 119     decode(trust_policy, bl);
 120     decode(perm_policy_map, bl);
 121     if (struct_v >= 2) {
 122       decode(tenant, bl);
 123     }
 124     if (struct_v >= 3) {
 125       decode(max_session_duration, bl);
 126     }
 127     DECODE_FINISH(bl);
 128   }
 129
 130   const string& get_id() const { return id; }
 131   const string& get_name() const { return name; }
 132   const string& get_path() const { return path; }
 133   const string& get_create_date() const { return creation_date; }
 134   const string& get_assume_role_policy() const { return trust_policy;}
 135   const uint64_t& get_max_session_duration() const { return max_session_duration; }
 136
 137   int create(bool exclusive);
 138   int delete_obj();
 139   int get();
 140   int get_by_id();
 141   int update();
 142   void update_trust_policy(string& trust_policy);
 143   void set_perm_policy(const string& policy_name, const string& perm_policy);
 144   vector<string> get_role_policy_names();
 145   int get_role_policy(const string& policy_name, string& perm_policy);
 146   int delete_policy(const string& policy_name);
 147   void dump(Formatter *f) const;
 148   void decode_json(JSONObj *obj);
 149
 150   static const string& get_names_oid_prefix();
 151   static const string& get_info_oid_prefix();
 152   static const string& get_path_oid_prefix();
 153   static int get_roles_by_path_prefix(RGWRados *store,
 154                                       CephContext *cct,
 155                                       const string& path_prefix,
 156                                       const string& tenant,
 157                                       vector<RGWRole>& roles);
 158 };
 159 WRITE_CLASS_ENCODER(RGWRole)
 160 #endif /* CEPH_RGW_ROLE_H */
 161