1 // -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
2 // vim: ts=8 sw=2 smarttab ft=cpp
4 #ifndef CEPH_RGW_ROLE_H
5 #define CEPH_RGW_ROLE_H
9 #include "common/async/yield_context.h"
11 #include "common/ceph_json.h"
12 #include "common/ceph_context.h"
14 #include "rgw/rgw_rados.h"
20 using string
= std::string
;
21 static const string role_name_oid_prefix
;
22 static const string role_oid_prefix
;
23 static const string role_path_oid_prefix
;
24 static const string role_arn_prefix
;
25 static constexpr int MAX_ROLE_NAME_LEN
= 64;
26 static constexpr int MAX_PATH_NAME_LEN
= 512;
27 static constexpr uint64_t SESSION_DURATION_MIN
= 3600; // in seconds
28 static constexpr uint64_t SESSION_DURATION_MAX
= 43200; // in seconds
38 map
<string
, string
> perm_policy_map
;
40 uint64_t max_session_duration
;
42 int store_info(bool exclusive
, optional_yield y
);
43 int store_name(bool exclusive
, optional_yield y
);
44 int store_path(bool exclusive
, optional_yield y
);
45 int read_id(const string
& role_name
, const string
& tenant
, string
& role_id
, optional_yield y
);
46 int read_name(optional_yield y
);
47 int read_info(optional_yield y
);
48 bool validate_input();
49 void extract_name_tenant(const std::string
& str
);
52 RGWRole(CephContext
*cct
,
58 string max_session_duration_str
="")
61 name(std::move(name
)),
62 path(std::move(path
)),
63 trust_policy(std::move(trust_policy
)),
64 tenant(std::move(tenant
)) {
65 if (this->path
.empty())
67 extract_name_tenant(this->name
);
68 if (max_session_duration_str
.empty()) {
69 max_session_duration
= SESSION_DURATION_MIN
;
71 max_session_duration
= std::stoull(max_session_duration_str
);
75 RGWRole(CephContext
*cct
,
81 name(std::move(name
)),
82 tenant(std::move(tenant
)) {
83 extract_name_tenant(this->name
);
86 RGWRole(CephContext
*cct
,
93 RGWRole(CephContext
*cct
,
100 ~RGWRole() = default;
102 void encode(bufferlist
& bl
) const {
103 ENCODE_START(3, 1, bl
);
108 encode(creation_date
, bl
);
109 encode(trust_policy
, bl
);
110 encode(perm_policy_map
, bl
);
112 encode(max_session_duration
, bl
);
116 void decode(bufferlist::const_iterator
& bl
) {
122 decode(creation_date
, bl
);
123 decode(trust_policy
, bl
);
124 decode(perm_policy_map
, bl
);
129 decode(max_session_duration
, bl
);
134 const string
& get_id() const { return id
; }
135 const string
& get_name() const { return name
; }
136 const string
& get_tenant() const { return tenant
; }
137 const string
& get_path() const { return path
; }
138 const string
& get_create_date() const { return creation_date
; }
139 const string
& get_assume_role_policy() const { return trust_policy
;}
140 const uint64_t& get_max_session_duration() const { return max_session_duration
; }
142 void set_id(const string
& id
) { this->id
= id
; }
144 int create(bool exclusive
, optional_yield y
);
145 int delete_obj(optional_yield y
);
146 int get(optional_yield y
);
147 int get_by_id(optional_yield y
);
148 int update(optional_yield y
);
149 void update_trust_policy(string
& trust_policy
);
150 void set_perm_policy(const string
& policy_name
, const string
& perm_policy
);
151 vector
<string
> get_role_policy_names();
152 int get_role_policy(const string
& policy_name
, string
& perm_policy
);
153 int delete_policy(const string
& policy_name
);
154 void dump(Formatter
*f
) const;
155 void decode_json(JSONObj
*obj
);
157 static const string
& get_names_oid_prefix();
158 static const string
& get_info_oid_prefix();
159 static const string
& get_path_oid_prefix();
160 static int get_roles_by_path_prefix(RGWRados
*store
,
162 const string
& path_prefix
,
163 const string
& tenant
,
164 vector
<RGWRole
>& roles
,
167 WRITE_CLASS_ENCODER(RGWRole
)
168 #endif /* CEPH_RGW_ROLE_H */