ceph/src/rgw/rgw_role.h

   1 // -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
   2 // vim: ts=8 sw=2 smarttab ft=cpp
   3
   4 #ifndef CEPH_RGW_ROLE_H
   5 #define CEPH_RGW_ROLE_H
   6
   7 #include <string>
   8
   9 #include "common/async/yield_context.h"
  10
  11 #include "common/ceph_json.h"
  12 #include "common/ceph_context.h"
  13
  14 #include "rgw/rgw_rados.h"
  15
  16 struct RGWCtl;
  17
  18 class RGWRole
  19 {
  20   using string = std::string;
  21   static const string role_name_oid_prefix;
  22   static const string role_oid_prefix;
  23   static const string role_path_oid_prefix;
  24   static const string role_arn_prefix;
  25   static constexpr int MAX_ROLE_NAME_LEN = 64;
  26   static constexpr int MAX_PATH_NAME_LEN = 512;
  27   static constexpr uint64_t SESSION_DURATION_MIN = 3600; // in seconds
  28   static constexpr uint64_t SESSION_DURATION_MAX = 43200; // in seconds
  29
  30   CephContext *cct;
  31   RGWCtl *ctl;
  32   string id;
  33   string name;
  34   string path;
  35   string arn;
  36   string creation_date;
  37   string trust_policy;
  38   map<string, string> perm_policy_map;
  39   string tenant;
  40   uint64_t max_session_duration;
  41
  42   int store_info(bool exclusive, optional_yield y);
  43   int store_name(bool exclusive, optional_yield y);
  44   int store_path(bool exclusive, optional_yield y);
  45   int read_id(const string& role_name, const string& tenant, string& role_id, optional_yield y);
  46   int read_name(optional_yield y);
  47   int read_info(optional_yield y);
  48   bool validate_input();
  49   void extract_name_tenant(const std::string& str);
  50
  51 public:
  52   RGWRole(CephContext *cct,
  53           RGWCtl *ctl,
  54           string name,
  55           string path,
  56           string trust_policy,
  57           string tenant,
  58           string max_session_duration_str="")
  59   : cct(cct),
  60     ctl(ctl),
  61     name(std::move(name)),
  62     path(std::move(path)),
  63     trust_policy(std::move(trust_policy)),
  64     tenant(std::move(tenant)) {
  65     if (this->path.empty())
  66       this->path = "/";
  67     extract_name_tenant(this->name);
  68     if (max_session_duration_str.empty()) {
  69       max_session_duration = SESSION_DURATION_MIN;
  70     } else {
  71       max_session_duration = std::stoull(max_session_duration_str);
  72     }
  73   }
  74
  75   RGWRole(CephContext *cct,
  76           RGWCtl *ctl,
  77           string name,
  78           string tenant)
  79   : cct(cct),
  80     ctl(ctl),
  81     name(std::move(name)),
  82     tenant(std::move(tenant)) {
  83     extract_name_tenant(this->name);
  84   }
  85
  86   RGWRole(CephContext *cct,
  87           RGWCtl *ctl,
  88           string id)
  89   : cct(cct),
  90     ctl(ctl),
  91     id(std::move(id)) {}
  92
  93   RGWRole(CephContext *cct,
  94           RGWCtl *ctl)
  95   : cct(cct),
  96     ctl(ctl) {}
  97
  98   RGWRole() {}
  99
 100   ~RGWRole() = default;
 101
 102   void encode(bufferlist& bl) const {
 103     ENCODE_START(3, 1, bl);
 104     encode(id, bl);
 105     encode(name, bl);
 106     encode(path, bl);
 107     encode(arn, bl);
 108     encode(creation_date, bl);
 109     encode(trust_policy, bl);
 110     encode(perm_policy_map, bl);
 111     encode(tenant, bl);
 112     encode(max_session_duration, bl);
 113     ENCODE_FINISH(bl);
 114   }
 115
 116   void decode(bufferlist::const_iterator& bl) {
 117     DECODE_START(2, bl);
 118     decode(id, bl);
 119     decode(name, bl);
 120     decode(path, bl);
 121     decode(arn, bl);
 122     decode(creation_date, bl);
 123     decode(trust_policy, bl);
 124     decode(perm_policy_map, bl);
 125     if (struct_v >= 2) {
 126       decode(tenant, bl);
 127     }
 128     if (struct_v >= 3) {
 129       decode(max_session_duration, bl);
 130     }
 131     DECODE_FINISH(bl);
 132   }
 133
 134   const string& get_id() const { return id; }
 135   const string& get_name() const { return name; }
 136   const string& get_tenant() const { return tenant; }
 137   const string& get_path() const { return path; }
 138   const string& get_create_date() const { return creation_date; }
 139   const string& get_assume_role_policy() const { return trust_policy;}
 140   const uint64_t& get_max_session_duration() const { return max_session_duration; }
 141
 142   void set_id(const string& id) { this->id = id; }
 143
 144   int create(bool exclusive, optional_yield y);
 145   int delete_obj(optional_yield y);
 146   int get(optional_yield y);
 147   int get_by_id(optional_yield y);
 148   int update(optional_yield y);
 149   void update_trust_policy(string& trust_policy);
 150   void set_perm_policy(const string& policy_name, const string& perm_policy);
 151   vector<string> get_role_policy_names();
 152   int get_role_policy(const string& policy_name, string& perm_policy);
 153   int delete_policy(const string& policy_name);
 154   void dump(Formatter *f) const;
 155   void decode_json(JSONObj *obj);
 156
 157   static const string& get_names_oid_prefix();
 158   static const string& get_info_oid_prefix();
 159   static const string& get_path_oid_prefix();
 160   static int get_roles_by_path_prefix(RGWRados *store,
 161                                       CephContext *cct,
 162                                       const string& path_prefix,
 163                                       const string& tenant,
 164                                       vector<RGWRole>& roles,
 165                                       optional_yield y);
 166 };
 167 WRITE_CLASS_ENCODER(RGWRole)
 168 #endif /* CEPH_RGW_ROLE_H */