ceph/src/rgw/rgw_role.h

   1 // -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
   2 // vim: ts=8 sw=2 smarttab ft=cpp
   3
   4 #ifndef CEPH_RGW_ROLE_H
   5 #define CEPH_RGW_ROLE_H
   6
   7 #include <string>
   8
   9 #include "common/ceph_context.h"
  10
  11 class RGWCtl;
  12
  13 class RGWRole
  14 {
  15   using string = std::string;
  16   static const string role_name_oid_prefix;
  17   static const string role_oid_prefix;
  18   static const string role_path_oid_prefix;
  19   static const string role_arn_prefix;
  20   static constexpr int MAX_ROLE_NAME_LEN = 64;
  21   static constexpr int MAX_PATH_NAME_LEN = 512;
  22   static constexpr uint64_t SESSION_DURATION_MIN = 3600; // in seconds
  23   static constexpr uint64_t SESSION_DURATION_MAX = 43200; // in seconds
  24
  25   CephContext *cct;
  26   RGWCtl *ctl;
  27   string id;
  28   string name;
  29   string path;
  30   string arn;
  31   string creation_date;
  32   string trust_policy;
  33   map<string, string> perm_policy_map;
  34   string tenant;
  35   uint64_t max_session_duration;
  36
  37   int store_info(bool exclusive);
  38   int store_name(bool exclusive);
  39   int store_path(bool exclusive);
  40   int read_id(const string& role_name, const string& tenant, string& role_id);
  41   int read_name();
  42   int read_info();
  43   bool validate_input();
  44   void extract_name_tenant(const std::string& str);
  45
  46 public:
  47   RGWRole(CephContext *cct,
  48           RGWCtl *ctl,
  49           string name,
  50           string path,
  51           string trust_policy,
  52           string tenant,
  53           string max_session_duration_str="")
  54   : cct(cct),
  55     ctl(ctl),
  56     name(std::move(name)),
  57     path(std::move(path)),
  58     trust_policy(std::move(trust_policy)),
  59     tenant(std::move(tenant)) {
  60     if (this->path.empty())
  61       this->path = "/";
  62     extract_name_tenant(this->name);
  63     if (max_session_duration_str.empty()) {
  64       max_session_duration = SESSION_DURATION_MIN;
  65     } else {
  66       max_session_duration = std::stoull(max_session_duration_str);
  67     }
  68   }
  69
  70   RGWRole(CephContext *cct,
  71           RGWCtl *ctl,
  72           string name,
  73           string tenant)
  74   : cct(cct),
  75     ctl(ctl),
  76     name(std::move(name)),
  77     tenant(std::move(tenant)) {
  78     extract_name_tenant(this->name);
  79   }
  80
  81   RGWRole(CephContext *cct,
  82           RGWCtl *ctl,
  83           string id)
  84   : cct(cct),
  85     ctl(ctl),
  86     id(std::move(id)) {}
  87
  88   RGWRole(CephContext *cct,
  89           RGWCtl *ctl)
  90   : cct(cct),
  91     ctl(ctl) {}
  92
  93   RGWRole() {}
  94
  95   ~RGWRole() = default;
  96
  97   void encode(bufferlist& bl) const {
  98     ENCODE_START(3, 1, bl);
  99     encode(id, bl);
 100     encode(name, bl);
 101     encode(path, bl);
 102     encode(arn, bl);
 103     encode(creation_date, bl);
 104     encode(trust_policy, bl);
 105     encode(perm_policy_map, bl);
 106     encode(tenant, bl);
 107     encode(max_session_duration, bl);
 108     ENCODE_FINISH(bl);
 109   }
 110
 111   void decode(bufferlist::const_iterator& bl) {
 112     DECODE_START(2, bl);
 113     decode(id, bl);
 114     decode(name, bl);
 115     decode(path, bl);
 116     decode(arn, bl);
 117     decode(creation_date, bl);
 118     decode(trust_policy, bl);
 119     decode(perm_policy_map, bl);
 120     if (struct_v >= 2) {
 121       decode(tenant, bl);
 122     }
 123     if (struct_v >= 3) {
 124       decode(max_session_duration, bl);
 125     }
 126     DECODE_FINISH(bl);
 127   }
 128
 129   const string& get_id() const { return id; }
 130   const string& get_name() const { return name; }
 131   const string& get_tenant() const { return tenant; }
 132   const string& get_path() const { return path; }
 133   const string& get_create_date() const { return creation_date; }
 134   const string& get_assume_role_policy() const { return trust_policy;}
 135   const uint64_t& get_max_session_duration() const { return max_session_duration; }
 136
 137   void set_id(const string& id) { this->id = id; }
 138
 139   int create(bool exclusive);
 140   int delete_obj();
 141   int get();
 142   int get_by_id();
 143   int update();
 144   void update_trust_policy(string& trust_policy);
 145   void set_perm_policy(const string& policy_name, const string& perm_policy);
 146   vector<string> get_role_policy_names();
 147   int get_role_policy(const string& policy_name, string& perm_policy);
 148   int delete_policy(const string& policy_name);
 149   void dump(Formatter *f) const;
 150   void decode_json(JSONObj *obj);
 151
 152   static const string& get_names_oid_prefix();
 153   static const string& get_info_oid_prefix();
 154   static const string& get_path_oid_prefix();
 155   static int get_roles_by_path_prefix(RGWRados *store,
 156                                       CephContext *cct,
 157                                       const string& path_prefix,
 158                                       const string& tenant,
 159                                       vector<RGWRole>& roles);
 160 };
 161 WRITE_CLASS_ENCODER(RGWRole)
 162 #endif /* CEPH_RGW_ROLE_H */
 163