// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
-// vim: ts=8 sw=2 smarttab
+// vim: ts=8 sw=2 smarttab ft=cpp
+
/*
* Ceph - scalable distributed file system
*
*
*/
-#ifndef CEPH_RGW_COMMON_H
-#define CEPH_RGW_COMMON_H
+#pragma once
#include <array>
-
-#include <boost/utility/string_view.hpp>
+#include <string_view>
+#include <atomic>
+#include <unordered_map>
#include "common/ceph_crypto.h"
-#include "common/perf_counters.h"
-#include "acconfig.h"
+#include "common/random_string.h"
#include "rgw_acl.h"
+#include "rgw_bucket_layout.h"
#include "rgw_cors.h"
#include "rgw_iam_policy.h"
#include "rgw_quota.h"
#include "rgw_string.h"
+#include "common/async/yield_context.h"
#include "rgw_website.h"
+#include "rgw_object_lock.h"
+#include "rgw_tag.h"
+#include "rgw_op_type.h"
+#include "rgw_sync_policy.h"
#include "cls/version/cls_version_types.h"
#include "cls/user/cls_user_types.h"
#include "cls/rgw/cls_rgw_types.h"
#include "include/rados/librados.hpp"
+#include "rgw_public_access.h"
+#include "common/tracer.h"
namespace ceph {
class Formatter;
}
-using ceph::crypto::MD5;
+namespace rgw::sal {
+ class User;
+ class Bucket;
+ class Object;
+ using Attrs = std::map<std::string, ceph::buffer::list>;
+}
+using ceph::crypto::MD5;
#define RGW_ATTR_PREFIX "user.rgw."
#define RGW_SYS_PARAM_PREFIX "rgwx-"
#define RGW_ATTR_ACL RGW_ATTR_PREFIX "acl"
+#define RGW_ATTR_RATELIMIT RGW_ATTR_PREFIX "ratelimit"
#define RGW_ATTR_LC RGW_ATTR_PREFIX "lc"
#define RGW_ATTR_CORS RGW_ATTR_PREFIX "cors"
#define RGW_ATTR_ETAG RGW_ATTR_PREFIX "etag"
* user through custom HTTP header named X-Static-Large-Object. */
#define RGW_ATTR_SLO_UINDICATOR RGW_ATTR_META_PREFIX "static-large-object"
#define RGW_ATTR_X_ROBOTS_TAG RGW_ATTR_PREFIX "x-robots-tag"
+#define RGW_ATTR_STORAGE_CLASS RGW_ATTR_PREFIX "storage_class"
+
+/* S3 Object Lock*/
+#define RGW_ATTR_OBJECT_LOCK RGW_ATTR_PREFIX "object-lock"
+#define RGW_ATTR_OBJECT_RETENTION RGW_ATTR_PREFIX "object-retention"
+#define RGW_ATTR_OBJECT_LEGAL_HOLD RGW_ATTR_PREFIX "object-legal-hold"
+
#define RGW_ATTR_PG_VER RGW_ATTR_PREFIX "pg_ver"
#define RGW_ATTR_SOURCE_ZONE RGW_ATTR_PREFIX "source_zone"
#define RGW_ATTR_COMPRESSION RGW_ATTR_PREFIX "compression"
+#define RGW_ATTR_APPEND_PART_NUM RGW_ATTR_PREFIX "append_part_num"
+
/* IAM Policy */
#define RGW_ATTR_IAM_POLICY RGW_ATTR_PREFIX "iam-policy"
-
+#define RGW_ATTR_USER_POLICY RGW_ATTR_PREFIX "user-policy"
+#define RGW_ATTR_PUBLIC_ACCESS RGW_ATTR_PREFIX "public-access"
/* RGW File Attributes */
#define RGW_ATTR_UNIX_KEY1 RGW_ATTR_PREFIX "unix-key1"
#define RGW_ATTR_CRYPT_KEYMD5 RGW_ATTR_CRYPT_PREFIX "keymd5"
#define RGW_ATTR_CRYPT_KEYID RGW_ATTR_CRYPT_PREFIX "keyid"
#define RGW_ATTR_CRYPT_KEYSEL RGW_ATTR_CRYPT_PREFIX "keysel"
+#define RGW_ATTR_CRYPT_CONTEXT RGW_ATTR_CRYPT_PREFIX "context"
+#define RGW_ATTR_CRYPT_DATAKEY RGW_ATTR_CRYPT_PREFIX "datakey"
+
+/* SSE-S3 Encryption Attributes */
+#define RGW_ATTR_BUCKET_ENCRYPTION_PREFIX RGW_ATTR_PREFIX "sse-s3."
+#define RGW_ATTR_BUCKET_ENCRYPTION_POLICY RGW_ATTR_BUCKET_ENCRYPTION_PREFIX "policy"
+#define RGW_ATTR_BUCKET_ENCRYPTION_KEY_ID RGW_ATTR_BUCKET_ENCRYPTION_PREFIX "key-id"
-#define RGW_BUCKETS_OBJ_SUFFIX ".buckets"
+#define RGW_ATTR_TRACE RGW_ATTR_PREFIX "trace"
#define RGW_FORMAT_PLAIN 0
#define RGW_FORMAT_XML 1
#define RGW_REST_SWIFT_AUTH 0x2
#define RGW_REST_S3 0x4
#define RGW_REST_WEBSITE 0x8
+#define RGW_REST_STS 0x10
+#define RGW_REST_IAM 0x20
#define RGW_SUSPENDED_USER_AUID (uint64_t)-2
#define ERR_NO_SUCH_LC 2041
#define ERR_NO_SUCH_USER 2042
#define ERR_NO_SUCH_SUBUSER 2043
-#define ERR_NO_SUCH_CORS_CONFIGURATION 2044
+#define ERR_MFA_REQUIRED 2044
+#define ERR_NO_SUCH_CORS_CONFIGURATION 2045
+#define ERR_NO_SUCH_OBJECT_LOCK_CONFIGURATION 2046
+#define ERR_INVALID_RETENTION_PERIOD 2047
+#define ERR_NO_SUCH_BUCKET_ENCRYPTION_CONFIGURATION 2048
#define ERR_USER_SUSPENDED 2100
#define ERR_INTERNAL_ERROR 2200
#define ERR_NOT_IMPLEMENTED 2201
#define ERR_MALFORMED_ACL_ERROR 2212
#define ERR_ZONEGROUP_DEFAULT_PLACEMENT_MISCONFIGURATION 2213
#define ERR_INVALID_ENCRYPTION_ALGORITHM 2214
+#define ERR_INVALID_CORS_RULES_ERROR 2215
+#define ERR_NO_CORS_FOUND 2216
+#define ERR_INVALID_WEBSITE_ROUTING_RULES_ERROR 2217
+#define ERR_RATE_LIMITED 2218
+#define ERR_POSITION_NOT_EQUAL_TO_LENGTH 2219
+#define ERR_OBJECT_NOT_APPENDABLE 2220
+#define ERR_INVALID_BUCKET_STATE 2221
+#define ERR_INVALID_OBJECT_STATE 2222
#define ERR_BUSY_RESHARDING 2300
+#define ERR_NO_SUCH_ENTITY 2301
+#define ERR_LIMIT_EXCEEDED 2302
+
+// STS Errors
+#define ERR_PACKED_POLICY_TOO_LARGE 2400
+#define ERR_INVALID_IDENTITY_TOKEN 2401
+
+#define ERR_NO_SUCH_TAG_SET 2402
#ifndef UINT32_MAX
#define UINT32_MAX (0xffffffffu)
typedef void *RGWAccessHandle;
-
-/* perf counter */
-
-extern PerfCounters *perfcounter;
-
-extern int rgw_perf_start(CephContext *cct);
-extern void rgw_perf_stop(CephContext *cct);
-
-enum {
- l_rgw_first = 15000,
- l_rgw_req,
- l_rgw_failed_req,
-
- l_rgw_get,
- l_rgw_get_b,
- l_rgw_get_lat,
-
- l_rgw_put,
- l_rgw_put_b,
- l_rgw_put_lat,
-
- l_rgw_qlen,
- l_rgw_qactive,
-
- l_rgw_cache_hit,
- l_rgw_cache_miss,
-
- l_rgw_keystone_token_cache_hit,
- l_rgw_keystone_token_cache_miss,
-
- l_rgw_last,
-};
-
-
- /* size should be the required string size + 1 */
-extern int gen_rand_base64(CephContext *cct, char *dest, int size);
-extern int gen_rand_alphanumeric(CephContext *cct, char *dest, int size);
-extern int gen_rand_alphanumeric_lower(CephContext *cct, char *dest, int size);
-extern int gen_rand_alphanumeric_upper(CephContext *cct, char *dest, int size);
-extern int gen_rand_alphanumeric_no_underscore(CephContext *cct, char *dest, int size);
-extern int gen_rand_alphanumeric_plain(CephContext *cct, char *dest, int size);
-
-extern int gen_rand_alphanumeric_lower(CephContext *cct, string *str, int length);
-
enum RGWIntentEvent {
DEL_OBJ = 0,
DEL_DIR = 1,
};
-enum RGWObjCategory {
- RGW_OBJ_CATEGORY_NONE = 0,
- RGW_OBJ_CATEGORY_MAIN = 1,
- RGW_OBJ_CATEGORY_SHADOW = 2,
- RGW_OBJ_CATEGORY_MULTIMETA = 3,
+enum HostStyle {
+ PathStyle = 0,
+ VirtualStyle = 1,
};
/** Store error returns for output at a different point in the program */
};
-
/* Helper class used for RGWHTTPArgs parsing */
class NameVal
{
- string str;
- string name;
- string val;
+ const std::string str;
+ std::string name;
+ std::string val;
public:
- explicit NameVal(string nv) : str(nv) {}
+ explicit NameVal(const std::string& nv) : str(nv) {}
int parse();
- string& get_name() { return name; }
- string& get_val() { return val; }
+ std::string& get_name() { return name; }
+ std::string& get_val() { return val; }
};
/** Stores the XML arguments associated with the HTTP request in req_state*/
-class RGWHTTPArgs
-{
- string str, empty_str;
- map<string, string> val_map;
- map<string, string> sys_val_map;
- map<string, string> sub_resources;
- bool has_resp_modifier;
- bool admin_subresource_added;
+class RGWHTTPArgs {
+ std::string str, empty_str;
+ std::map<std::string, std::string> val_map;
+ std::map<std::string, std::string> sys_val_map;
+ std::map<std::string, std::string> sub_resources;
+ bool has_resp_modifier = false;
+ bool admin_subresource_added = false;
public:
- RGWHTTPArgs() : has_resp_modifier(false), admin_subresource_added(false) {}
+ RGWHTTPArgs() = default;
+ explicit RGWHTTPArgs(const std::string& s, const DoutPrefixProvider *dpp) {
+ set(s);
+ parse(dpp);
+ }
/** Set the arguments; as received */
- void set(string s) {
+ void set(const std::string& s) {
has_resp_modifier = false;
val_map.clear();
sub_resources.clear();
str = s;
}
/** parse the received arguments */
- int parse();
- void append(const string& name, const string& val);
+ int parse(const DoutPrefixProvider *dpp);
+ void append(const std::string& name, const std::string& val);
+ void remove(const std::string& name);
/** Get the value for a specific argument parameter */
- const string& get(const string& name, bool *exists = NULL) const;
+ const std::string& get(const std::string& name, bool *exists = NULL) const;
boost::optional<const std::string&>
get_optional(const std::string& name) const;
- int get_bool(const string& name, bool *val, bool *exists);
- int get_bool(const char *name, bool *val, bool *exists);
- void get_bool(const char *name, bool *val, bool def_val);
+ int get_bool(const std::string& name, bool *val, bool *exists) const;
+ int get_bool(const char *name, bool *val, bool *exists) const;
+ void get_bool(const char *name, bool *val, bool def_val) const;
+ int get_int(const char *name, int *val, int def_val) const;
/** Get the value for specific system argument parameter */
- std::string sys_get(const string& name, bool *exists = nullptr) const;
+ std::string sys_get(const std::string& name, bool *exists = nullptr) const;
/** see if a parameter is contained in this RGWHTTPArgs */
bool exists(const char *name) const {
bool sub_resource_exists(const char *name) const {
return (sub_resources.find(name) != std::end(sub_resources));
}
- map<string, string>& get_params() {
+ bool exist_obj_excl_sub_resource() const {
+ const char* const obj_sub_resource[] = {"append", "torrent", "uploadId",
+ "partNumber", "versionId"};
+ for (unsigned i = 0; i != std::size(obj_sub_resource); i++) {
+ if (sub_resource_exists(obj_sub_resource[i])) return true;
+ }
+ return false;
+ }
+
+ std::map<std::string, std::string>& get_params() {
+ return val_map;
+ }
+ const std::map<std::string, std::string>& get_params() const {
return val_map;
}
+ std::map<std::string, std::string>& get_sys_params() {
+ return sys_val_map;
+ }
+ const std::map<std::string, std::string>& get_sys_params() const {
+ return sys_val_map;
+ }
const std::map<std::string, std::string>& get_sub_resources() const {
return sub_resources;
}
return has_resp_modifier;
}
void set_system() { /* make all system params visible */
- map<string, string>::iterator iter;
+ std::map<std::string, std::string>::iterator iter;
for (iter = sys_val_map.begin(); iter != sys_val_map.end(); ++iter) {
val_map[iter->first] = iter->second;
}
}
- const string& get_str() {
+ const std::string& get_str() {
return str;
}
-};
+}; // RGWHTTPArgs
-const char *rgw_conf_get(const map<string, string, ltstr_nocase>& conf_map, const char *name, const char *def_val);
-int rgw_conf_get_int(const map<string, string, ltstr_nocase>& conf_map, const char *name, int def_val);
-bool rgw_conf_get_bool(const map<string, string, ltstr_nocase>& conf_map, const char *name, bool def_val);
+const char *rgw_conf_get(const std::map<std::string, std::string, ltstr_nocase>& conf_map, const char *name, const char *def_val);
+int rgw_conf_get_int(const std::map<std::string, std::string, ltstr_nocase>& conf_map, const char *name, int def_val);
+bool rgw_conf_get_bool(const std::map<std::string, std::string, ltstr_nocase>& conf_map, const char *name, bool def_val);
class RGWEnv;
class RGWConf {
friend class RGWEnv;
-protected:
- void init(CephContext *cct, RGWEnv* env);
+ int enable_ops_log;
+ int enable_usage_log;
+ uint8_t defer_to_bucket_acls;
+ void init(CephContext *cct);
public:
RGWConf()
: enable_ops_log(1),
enable_usage_log(1),
defer_to_bucket_acls(0) {
}
-
- int enable_ops_log;
- int enable_usage_log;
- uint8_t defer_to_bucket_acls;
};
class RGWEnv {
- std::map<string, string, ltstr_nocase> env_map;
-public:
+ std::map<std::string, std::string, ltstr_nocase> env_map;
RGWConf conf;
-
+public:
void init(CephContext *cct);
void init(CephContext *cct, char **envp);
void set(std::string name, std::string val);
size_t get_size(const char *name, size_t def_val = 0) const;
bool exists(const char *name) const;
bool exists_prefix(const char *prefix) const;
-
void remove(const char *name);
+ const std::map<std::string, std::string, ltstr_nocase>& get_map() const { return env_map; }
+ int get_enable_ops_log() const {
+ return conf.enable_ops_log;
+ }
+
+ int get_enable_usage_log() const {
+ return conf.enable_usage_log;
+ }
- const std::map<string, string, ltstr_nocase>& get_map() const { return env_map; }
+ int get_defer_to_bucket_acls() const {
+ return conf.defer_to_bucket_acls;
+ }
};
+// return true if the connection is secure. this either means that the
+// connection arrived via ssl, or was forwarded as https by a trusted proxy
+bool rgw_transport_is_secure(CephContext *cct, const RGWEnv& env);
+
enum http_op {
OP_GET,
OP_PUT,
OP_UNKNOWN,
};
-enum RGWOpType {
- RGW_OP_UNKNOWN = 0,
- RGW_OP_GET_OBJ,
- RGW_OP_LIST_BUCKETS,
- RGW_OP_STAT_ACCOUNT,
- RGW_OP_LIST_BUCKET,
- RGW_OP_GET_BUCKET_LOGGING,
- RGW_OP_GET_BUCKET_LOCATION,
- RGW_OP_GET_BUCKET_VERSIONING,
- RGW_OP_SET_BUCKET_VERSIONING,
- RGW_OP_GET_BUCKET_WEBSITE,
- RGW_OP_SET_BUCKET_WEBSITE,
- RGW_OP_STAT_BUCKET,
- RGW_OP_CREATE_BUCKET,
- RGW_OP_DELETE_BUCKET,
- RGW_OP_PUT_OBJ,
- RGW_OP_STAT_OBJ,
- RGW_OP_POST_OBJ,
- RGW_OP_PUT_METADATA_ACCOUNT,
- RGW_OP_PUT_METADATA_BUCKET,
- RGW_OP_PUT_METADATA_OBJECT,
- RGW_OP_SET_TEMPURL,
- RGW_OP_DELETE_OBJ,
- RGW_OP_COPY_OBJ,
- RGW_OP_GET_ACLS,
- RGW_OP_PUT_ACLS,
- RGW_OP_GET_CORS,
- RGW_OP_PUT_CORS,
- RGW_OP_DELETE_CORS,
- RGW_OP_OPTIONS_CORS,
- RGW_OP_GET_REQUEST_PAYMENT,
- RGW_OP_SET_REQUEST_PAYMENT,
- RGW_OP_INIT_MULTIPART,
- RGW_OP_COMPLETE_MULTIPART,
- RGW_OP_ABORT_MULTIPART,
- RGW_OP_LIST_MULTIPART,
- RGW_OP_LIST_BUCKET_MULTIPARTS,
- RGW_OP_DELETE_MULTI_OBJ,
- RGW_OP_BULK_DELETE,
- RGW_OP_SET_ATTRS,
- RGW_OP_GET_CROSS_DOMAIN_POLICY,
- RGW_OP_GET_HEALTH_CHECK,
- RGW_OP_GET_INFO,
- RGW_OP_CREATE_ROLE,
- RGW_OP_DELETE_ROLE,
- RGW_OP_GET_ROLE,
- RGW_OP_MODIFY_ROLE,
- RGW_OP_LIST_ROLES,
- RGW_OP_PUT_ROLE_POLICY,
- RGW_OP_GET_ROLE_POLICY,
- RGW_OP_LIST_ROLE_POLICIES,
- RGW_OP_DELETE_ROLE_POLICY,
- RGW_OP_PUT_BUCKET_POLICY,
- RGW_OP_GET_BUCKET_POLICY,
- RGW_OP_DELETE_BUCKET_POLICY,
- RGW_OP_PUT_OBJ_TAGGING,
- RGW_OP_GET_OBJ_TAGGING,
- RGW_OP_DELETE_OBJ_TAGGING,
- RGW_OP_PUT_LC,
- RGW_OP_GET_LC,
- RGW_OP_DELETE_LC,
- /* rgw specific */
- RGW_OP_ADMIN_SET_METADATA,
- RGW_OP_GET_OBJ_LAYOUT,
- RGW_OP_BULK_UPLOAD,
- RGW_OP_METADATA_SEARCH,
- RGW_OP_CONFIG_BUCKET_META_SEARCH,
- RGW_OP_GET_BUCKET_META_SEARCH,
- RGW_OP_DEL_BUCKET_META_SEARCH,
-};
-
class RGWAccessControlPolicy;
class JSONObj;
struct RGWAccessKey {
- string id; // AccessKey
- string key; // SecretKey
- string subuser;
+ std::string id; // AccessKey
+ std::string key; // SecretKey
+ std::string subuser;
RGWAccessKey() {}
RGWAccessKey(std::string _id, std::string _key)
void encode(bufferlist& bl) const {
ENCODE_START(2, 2, bl);
- ::encode(id, bl);
- ::encode(key, bl);
- ::encode(subuser, bl);
+ encode(id, bl);
+ encode(key, bl);
+ encode(subuser, bl);
ENCODE_FINISH(bl);
}
- void decode(bufferlist::iterator& bl) {
+ void decode(bufferlist::const_iterator& bl) {
DECODE_START_LEGACY_COMPAT_LEN_32(2, 2, 2, bl);
- ::decode(id, bl);
- ::decode(key, bl);
- ::decode(subuser, bl);
+ decode(id, bl);
+ decode(key, bl);
+ decode(subuser, bl);
DECODE_FINISH(bl);
}
void dump(Formatter *f) const;
void dump_plain(Formatter *f) const;
- void dump(Formatter *f, const string& user, bool swift) const;
- static void generate_test_instances(list<RGWAccessKey*>& o);
+ void dump(Formatter *f, const std::string& user, bool swift) const;
+ static void generate_test_instances(std::list<RGWAccessKey*>& o);
void decode_json(JSONObj *obj);
void decode_json(JSONObj *obj, bool swift);
WRITE_CLASS_ENCODER(RGWAccessKey)
struct RGWSubUser {
- string name;
+ std::string name;
uint32_t perm_mask;
RGWSubUser() : perm_mask(0) {}
void encode(bufferlist& bl) const {
ENCODE_START(2, 2, bl);
- ::encode(name, bl);
- ::encode(perm_mask, bl);
+ encode(name, bl);
+ encode(perm_mask, bl);
ENCODE_FINISH(bl);
}
- void decode(bufferlist::iterator& bl) {
+ void decode(bufferlist::const_iterator& bl) {
DECODE_START_LEGACY_COMPAT_LEN_32(2, 2, 2, bl);
- ::decode(name, bl);
- ::decode(perm_mask, bl);
+ decode(name, bl);
+ decode(perm_mask, bl);
DECODE_FINISH(bl);
}
void dump(Formatter *f) const;
- void dump(Formatter *f, const string& user) const;
- static void generate_test_instances(list<RGWSubUser*>& o);
+ void dump(Formatter *f, const std::string& user) const;
+ static void generate_test_instances(std::list<RGWSubUser*>& o);
void decode_json(JSONObj *obj);
};
class RGWUserCaps
{
- map<string, uint32_t> caps;
+ std::map<std::string, uint32_t> caps;
- int get_cap(const string& cap, string& type, uint32_t *perm);
- int add_cap(const string& cap);
- int remove_cap(const string& cap);
+ int get_cap(const std::string& cap, std::string& type, uint32_t *perm);
+ int add_cap(const std::string& cap);
+ int remove_cap(const std::string& cap);
public:
- static int parse_cap_perm(const string& str, uint32_t *perm);
- int add_from_string(const string& str);
- int remove_from_string(const string& str);
+ static int parse_cap_perm(const std::string& str, uint32_t *perm);
+ int add_from_string(const std::string& str);
+ int remove_from_string(const std::string& str);
void encode(bufferlist& bl) const {
ENCODE_START(1, 1, bl);
- ::encode(caps, bl);
+ encode(caps, bl);
ENCODE_FINISH(bl);
}
- void decode(bufferlist::iterator& bl) {
+ void decode(bufferlist::const_iterator& bl) {
DECODE_START(1, bl);
- ::decode(caps, bl);
+ decode(caps, bl);
DECODE_FINISH(bl);
}
- int check_cap(const string& cap, uint32_t perm);
- bool is_valid_cap_type(const string& tp);
+ int check_cap(const std::string& cap, uint32_t perm) const;
+ bool is_valid_cap_type(const std::string& tp);
void dump(Formatter *f) const;
void dump(Formatter *f, const char *name) const;
void decode_json_obj(obj_version& v, JSONObj *obj);
-enum RGWUserSourceType
+
+
+enum RGWIdentityType
{
TYPE_NONE=0,
TYPE_RGW=1,
TYPE_KEYSTONE=2,
- TYPE_LDAP=3
+ TYPE_LDAP=3,
+ TYPE_ROLE=4,
+ TYPE_WEB=5,
};
+static std::string RGW_STORAGE_CLASS_STANDARD = "STANDARD";
+
+struct rgw_placement_rule {
+ std::string name;
+ std::string storage_class;
+
+ rgw_placement_rule() {}
+ rgw_placement_rule(const std::string& _n, const std::string& _sc) : name(_n), storage_class(_sc) {}
+ rgw_placement_rule(const rgw_placement_rule& _r, const std::string& _sc) : name(_r.name) {
+ if (!_sc.empty()) {
+ storage_class = _sc;
+ } else {
+ storage_class = _r.storage_class;
+ }
+ }
+
+ bool empty() const {
+ return name.empty() && storage_class.empty();
+ }
+
+ void inherit_from(const rgw_placement_rule& r) {
+ if (name.empty()) {
+ name = r.name;
+ }
+ if (storage_class.empty()) {
+ storage_class = r.storage_class;
+ }
+ }
+
+ void clear() {
+ name.clear();
+ storage_class.clear();
+ }
+
+ void init(const std::string& n, const std::string& c) {
+ name = n;
+ storage_class = c;
+ }
+
+ static const std::string& get_canonical_storage_class(const std::string& storage_class) {
+ if (storage_class.empty()) {
+ return RGW_STORAGE_CLASS_STANDARD;
+ }
+ return storage_class;
+ }
+
+ const std::string& get_storage_class() const {
+ return get_canonical_storage_class(storage_class);
+ }
+
+ int compare(const rgw_placement_rule& r) const {
+ int c = name.compare(r.name);
+ if (c != 0) {
+ return c;
+ }
+ return get_storage_class().compare(r.get_storage_class());
+ }
+
+ bool operator==(const rgw_placement_rule& r) const {
+ return (name == r.name &&
+ get_storage_class() == r.get_storage_class());
+ }
+
+ bool operator!=(const rgw_placement_rule& r) const {
+ return !(*this == r);
+ }
+
+ void encode(bufferlist& bl) const {
+ /* no ENCODE_START/END due to backward compatibility */
+ std::string s = to_str();
+ ceph::encode(s, bl);
+ }
+
+ void decode(bufferlist::const_iterator& bl) {
+ std::string s;
+ ceph::decode(s, bl);
+ from_str(s);
+ }
+
+ std::string to_str() const {
+ if (standard_storage_class()) {
+ return name;
+ }
+ return to_str_explicit();
+ }
+
+ std::string to_str_explicit() const {
+ return name + "/" + storage_class;
+ }
+
+ void from_str(const std::string& s) {
+ size_t pos = s.find("/");
+ if (pos == std::string::npos) {
+ name = s;
+ storage_class.clear();
+ return;
+ }
+ name = s.substr(0, pos);
+ storage_class = s.substr(pos + 1);
+ }
+
+ bool standard_storage_class() const {
+ return storage_class.empty() || storage_class == RGW_STORAGE_CLASS_STANDARD;
+ }
+};
+WRITE_CLASS_ENCODER(rgw_placement_rule)
+
+void encode_json(const char *name, const rgw_placement_rule& val, ceph::Formatter *f);
+void decode_json_obj(rgw_placement_rule& v, JSONObj *obj);
+
+inline std::ostream& operator<<(std::ostream& out, const rgw_placement_rule& rule) {
+ return out << rule.to_str();
+}
+
+class RateLimiter;
+struct RGWRateLimitInfo {
+ int64_t max_write_ops;
+ int64_t max_read_ops;
+ int64_t max_write_bytes;
+ int64_t max_read_bytes;
+ bool enabled = false;
+ RGWRateLimitInfo()
+ : max_write_ops(0), max_read_ops(0), max_write_bytes(0), max_read_bytes(0) {}
+
+ void encode(bufferlist& bl) const {
+ ENCODE_START(1, 1, bl);
+ encode(max_write_ops, bl);
+ encode(max_read_ops, bl);
+ encode(max_write_bytes, bl);
+ encode(max_read_bytes, bl);
+ encode(enabled, bl);
+ ENCODE_FINISH(bl);
+ }
+ void decode(bufferlist::const_iterator& bl) {
+ DECODE_START(1, bl);
+ decode(max_write_ops,bl);
+ decode(max_read_ops, bl);
+ decode(max_write_bytes,bl);
+ decode(max_read_bytes, bl);
+ decode(enabled, bl);
+ DECODE_FINISH(bl);
+ }
+
+ void dump(Formatter *f) const;
+
+ void decode_json(JSONObj *obj);
+
+};
+WRITE_CLASS_ENCODER(RGWRateLimitInfo)
+
struct RGWUserInfo
{
- uint64_t auid;
rgw_user user_id;
- string display_name;
- string user_email;
- map<string, RGWAccessKey> access_keys;
- map<string, RGWAccessKey> swift_keys;
- map<string, RGWSubUser> subusers;
+ std::string display_name;
+ std::string user_email;
+ std::map<std::string, RGWAccessKey> access_keys;
+ std::map<std::string, RGWAccessKey> swift_keys;
+ std::map<std::string, RGWSubUser> subusers;
__u8 suspended;
int32_t max_buckets;
uint32_t op_mask;
RGWUserCaps caps;
__u8 admin;
__u8 system;
- string default_placement;
- list<string> placement_tags;
+ rgw_placement_rule default_placement;
+ std::list<std::string> placement_tags;
RGWQuotaInfo bucket_quota;
- map<int, string> temp_url_keys;
+ std::map<int, std::string> temp_url_keys;
RGWQuotaInfo user_quota;
uint32_t type;
+ std::set<std::string> mfa_ids;
+ std::string assumed_role_arn;
RGWUserInfo()
- : auid(0),
- suspended(0),
+ : suspended(0),
max_buckets(RGW_DEFAULT_MAX_BUCKETS),
op_mask(RGW_OP_TYPE_ALL),
admin(0),
type(TYPE_NONE) {
}
- RGWAccessKey* get_key0() {
+ RGWAccessKey* get_key(const std::string& access_key) {
if (access_keys.empty())
return nullptr;
+
+ auto k = access_keys.find(access_key);
+ if (k == access_keys.end())
+ return nullptr;
else
- return &(access_keys.begin()->second);
+ return &(k->second);
}
void encode(bufferlist& bl) const {
- ENCODE_START(19, 9, bl);
- ::encode(auid, bl);
- string access_key;
- string secret_key;
+ ENCODE_START(22, 9, bl);
+ encode((uint64_t)0, bl); // old auid
+ std::string access_key;
+ std::string secret_key;
if (!access_keys.empty()) {
- map<string, RGWAccessKey>::const_iterator iter = access_keys.begin();
+ std::map<std::string, RGWAccessKey>::const_iterator iter = access_keys.begin();
const RGWAccessKey& k = iter->second;
access_key = k.id;
secret_key = k.key;
}
- ::encode(access_key, bl);
- ::encode(secret_key, bl);
- ::encode(display_name, bl);
- ::encode(user_email, bl);
- string swift_name;
- string swift_key;
+ encode(access_key, bl);
+ encode(secret_key, bl);
+ encode(display_name, bl);
+ encode(user_email, bl);
+ std::string swift_name;
+ std::string swift_key;
if (!swift_keys.empty()) {
- map<string, RGWAccessKey>::const_iterator iter = swift_keys.begin();
+ std::map<std::string, RGWAccessKey>::const_iterator iter = swift_keys.begin();
const RGWAccessKey& k = iter->second;
swift_name = k.id;
swift_key = k.key;
}
- ::encode(swift_name, bl);
- ::encode(swift_key, bl);
- ::encode(user_id.id, bl);
- ::encode(access_keys, bl);
- ::encode(subusers, bl);
- ::encode(suspended, bl);
- ::encode(swift_keys, bl);
- ::encode(max_buckets, bl);
- ::encode(caps, bl);
- ::encode(op_mask, bl);
- ::encode(system, bl);
- ::encode(default_placement, bl);
- ::encode(placement_tags, bl);
- ::encode(bucket_quota, bl);
- ::encode(temp_url_keys, bl);
- ::encode(user_quota, bl);
- ::encode(user_id.tenant, bl);
- ::encode(admin, bl);
- ::encode(type, bl);
+ encode(swift_name, bl);
+ encode(swift_key, bl);
+ encode(user_id.id, bl);
+ encode(access_keys, bl);
+ encode(subusers, bl);
+ encode(suspended, bl);
+ encode(swift_keys, bl);
+ encode(max_buckets, bl);
+ encode(caps, bl);
+ encode(op_mask, bl);
+ encode(system, bl);
+ encode(default_placement, bl);
+ encode(placement_tags, bl);
+ encode(bucket_quota, bl);
+ encode(temp_url_keys, bl);
+ encode(user_quota, bl);
+ encode(user_id.tenant, bl);
+ encode(admin, bl);
+ encode(type, bl);
+ encode(mfa_ids, bl);
+ encode(assumed_role_arn, bl);
+ encode(user_id.ns, bl);
ENCODE_FINISH(bl);
}
- void decode(bufferlist::iterator& bl) {
- DECODE_START_LEGACY_COMPAT_LEN_32(19, 9, 9, bl);
- if (struct_v >= 2) ::decode(auid, bl);
- else auid = CEPH_AUTH_UID_DEFAULT;
- string access_key;
- string secret_key;
- ::decode(access_key, bl);
- ::decode(secret_key, bl);
+ void decode(bufferlist::const_iterator& bl) {
+ DECODE_START_LEGACY_COMPAT_LEN_32(22, 9, 9, bl);
+ if (struct_v >= 2) {
+ uint64_t old_auid;
+ decode(old_auid, bl);
+ }
+ std::string access_key;
+ std::string secret_key;
+ decode(access_key, bl);
+ decode(secret_key, bl);
if (struct_v < 6) {
RGWAccessKey k;
k.id = access_key;
k.key = secret_key;
access_keys[access_key] = k;
}
- ::decode(display_name, bl);
- ::decode(user_email, bl);
+ decode(display_name, bl);
+ decode(user_email, bl);
/* We populate swift_keys map later nowadays, but we have to decode. */
- string swift_name;
- string swift_key;
- if (struct_v >= 3) ::decode(swift_name, bl);
- if (struct_v >= 4) ::decode(swift_key, bl);
+ std::string swift_name;
+ std::string swift_key;
+ if (struct_v >= 3) decode(swift_name, bl);
+ if (struct_v >= 4) decode(swift_key, bl);
if (struct_v >= 5)
- ::decode(user_id.id, bl);
+ decode(user_id.id, bl);
else
user_id.id = access_key;
if (struct_v >= 6) {
- ::decode(access_keys, bl);
- ::decode(subusers, bl);
+ decode(access_keys, bl);
+ decode(subusers, bl);
}
suspended = 0;
if (struct_v >= 7) {
- ::decode(suspended, bl);
+ decode(suspended, bl);
}
if (struct_v >= 8) {
- ::decode(swift_keys, bl);
+ decode(swift_keys, bl);
}
if (struct_v >= 10) {
- ::decode(max_buckets, bl);
+ decode(max_buckets, bl);
} else {
max_buckets = RGW_DEFAULT_MAX_BUCKETS;
}
if (struct_v >= 11) {
- ::decode(caps, bl);
+ decode(caps, bl);
}
if (struct_v >= 12) {
- ::decode(op_mask, bl);
+ decode(op_mask, bl);
} else {
op_mask = RGW_OP_TYPE_ALL;
}
if (struct_v >= 13) {
- ::decode(system, bl);
- ::decode(default_placement, bl);
- ::decode(placement_tags, bl); /* tags of allowed placement rules */
+ decode(system, bl);
+ decode(default_placement, bl);
+ decode(placement_tags, bl); /* tags of allowed placement rules */
}
if (struct_v >= 14) {
- ::decode(bucket_quota, bl);
+ decode(bucket_quota, bl);
}
if (struct_v >= 15) {
- ::decode(temp_url_keys, bl);
+ decode(temp_url_keys, bl);
}
if (struct_v >= 16) {
- ::decode(user_quota, bl);
+ decode(user_quota, bl);
}
if (struct_v >= 17) {
- ::decode(user_id.tenant, bl);
+ decode(user_id.tenant, bl);
} else {
user_id.tenant.clear();
}
if (struct_v >= 18) {
- ::decode(admin, bl);
+ decode(admin, bl);
}
if (struct_v >= 19) {
- ::decode(type, bl);
+ decode(type, bl);
}
- DECODE_FINISH(bl);
- }
- void dump(Formatter *f) const;
- static void generate_test_instances(list<RGWUserInfo*>& o);
-
- void decode_json(JSONObj *obj);
-};
-WRITE_CLASS_ENCODER(RGWUserInfo)
-
-struct rgw_pool {
- std::string name;
- std::string ns;
-
- rgw_pool() = default;
- rgw_pool(const rgw_pool& _p) : name(_p.name), ns(_p.ns) {}
- rgw_pool(rgw_pool&&) = default;
- rgw_pool(const string& _s) {
- from_str(_s);
- }
- rgw_pool(const string& _name, const string& _ns) : name(_name), ns(_ns) {}
-
- string to_str() const;
- void from_str(const string& s);
-
- void init(const string& _s) {
- from_str(_s);
- }
-
- bool empty() const {
- return name.empty();
- }
-
- int compare(const rgw_pool& p) const {
- int r = name.compare(p.name);
- if (r != 0) {
- return r;
+ if (struct_v >= 20) {
+ decode(mfa_ids, bl);
}
- return ns.compare(p.ns);
- }
-
- void encode(bufferlist& bl) const {
- ENCODE_START(10, 10, bl);
- ::encode(name, bl);
- ::encode(ns, bl);
- ENCODE_FINISH(bl);
- }
-
- void decode_from_bucket(bufferlist::iterator& bl);
-
- void decode(bufferlist::iterator& bl) {
- DECODE_START_LEGACY_COMPAT_LEN(10, 3, 3, bl);
-
- ::decode(name, bl);
-
- if (struct_v < 10) {
-
- /*
- * note that rgw_pool can be used where rgw_bucket was used before
- * therefore we inherit rgw_bucket's old versions. However, we only
- * need the first field from rgw_bucket. unless we add more fields
- * in which case we'll need to look at struct_v, and check the actual
- * version. Anything older than 10 needs to be treated as old rgw_bucket
- */
-
+ if (struct_v >= 21) {
+ decode(assumed_role_arn, bl);
+ }
+ if (struct_v >= 22) {
+ decode(user_id.ns, bl);
} else {
- ::decode(ns, bl);
+ user_id.ns.clear();
}
-
DECODE_FINISH(bl);
}
-
- rgw_pool& operator=(const rgw_pool&) = default;
-
- bool operator==(const rgw_pool& p) const {
- return (compare(p) == 0);
- }
- bool operator!=(const rgw_pool& p) const {
- return !(*this == p);
- }
- bool operator<(const rgw_pool& p) const {
- int r = name.compare(p.name);
- if (r == 0) {
- return (ns.compare(p.ns) < 0);
- }
- return (r < 0);
- }
-};
-WRITE_CLASS_ENCODER(rgw_pool)
-
-struct rgw_data_placement_target {
- rgw_pool data_pool;
- rgw_pool data_extra_pool;
- rgw_pool index_pool;
-
- rgw_data_placement_target() = default;
- rgw_data_placement_target(const rgw_data_placement_target&) = default;
- rgw_data_placement_target(rgw_data_placement_target&&) = default;
-
- rgw_data_placement_target(const rgw_pool& data_pool,
- const rgw_pool& data_extra_pool,
- const rgw_pool& index_pool)
- : data_pool(data_pool),
- data_extra_pool(data_extra_pool),
- index_pool(index_pool) {
- }
-
- rgw_data_placement_target&
- operator=(const rgw_data_placement_target&) = default;
-
- const rgw_pool& get_data_extra_pool() const {
- if (data_extra_pool.empty()) {
- return data_pool;
- }
- return data_extra_pool;
- }
-
- int compare(const rgw_data_placement_target& t) {
- int c = data_pool.compare(t.data_pool);
- if (c != 0) {
- return c;
- }
- c = data_extra_pool.compare(t.data_extra_pool);
- if (c != 0) {
- return c;
- }
- return index_pool.compare(t.index_pool);
- };
-
void dump(Formatter *f) const;
+ static void generate_test_instances(std::list<RGWUserInfo*>& o);
+
void decode_json(JSONObj *obj);
};
-
-inline ostream& operator<<(ostream& out, const rgw_pool& p) {
- out << p.to_str();
- return out;
-}
+WRITE_CLASS_ENCODER(RGWUserInfo)
struct rgw_raw_obj {
rgw_pool pool;
rgw_raw_obj(const rgw_pool& _pool, const std::string& _oid) {
init(_pool, _oid);
}
- rgw_raw_obj(const rgw_pool& _pool, const std::string& _oid, const string& _loc) : loc(_loc) {
+ rgw_raw_obj(const rgw_pool& _pool, const std::string& _oid, const std::string& _loc) : loc(_loc) {
init(_pool, _oid);
}
void encode(bufferlist& bl) const {
ENCODE_START(6, 6, bl);
- ::encode(pool, bl);
- ::encode(oid, bl);
- ::encode(loc, bl);
+ encode(pool, bl);
+ encode(oid, bl);
+ encode(loc, bl);
ENCODE_FINISH(bl);
}
- void decode_from_rgw_obj(bufferlist::iterator& bl);
+ void decode_from_rgw_obj(bufferlist::const_iterator& bl);
- void decode(bufferlist::iterator& bl) {
+ void decode(bufferlist::const_iterator& bl) {
unsigned ofs = bl.get_off();
DECODE_START(6, bl);
if (struct_v < 6) {
decode_from_rgw_obj(bl);
return;
}
- ::decode(pool, bl);
- ::decode(oid, bl);
- ::decode(loc, bl);
+ decode(pool, bl);
+ decode(oid, bl);
+ decode(loc, bl);
DECODE_FINISH(bl);
}
};
WRITE_CLASS_ENCODER(rgw_raw_obj)
-inline ostream& operator<<(ostream& out, const rgw_raw_obj& o) {
+inline std::ostream& operator<<(std::ostream& out, const rgw_raw_obj& o) {
out << o.pool << ":" << o.oid;
return out;
}
-struct rgw_bucket {
- std::string tenant;
- std::string name;
- std::string marker;
- std::string bucket_id;
- rgw_data_placement_target explicit_placement;
-
- std::string oid; /*
- * runtime in-memory only info. If not empty, points to the bucket instance object
- */
-
- rgw_bucket() { }
- // cppcheck-suppress noExplicitConstructor
- explicit rgw_bucket(const rgw_user& u, const cls_user_bucket& b) :
- tenant(u.tenant),
- name(b.name),
- marker(b.marker),
- bucket_id(b.bucket_id),
- explicit_placement(b.explicit_placement.data_pool,
- b.explicit_placement.data_extra_pool,
- b.explicit_placement.index_pool) {}
- rgw_bucket(const rgw_bucket&) = default;
- rgw_bucket(rgw_bucket&&) = default;
-
- void convert(cls_user_bucket *b) const {
- b->name = name;
- b->marker = marker;
- b->bucket_id = bucket_id;
- b->explicit_placement.data_pool = explicit_placement.data_pool.to_str();
- b->explicit_placement.data_extra_pool = explicit_placement.data_extra_pool.to_str();
- b->explicit_placement.index_pool = explicit_placement.index_pool.to_str();
- }
-
- void encode(bufferlist& bl) const {
- ENCODE_START(10, 10, bl);
- ::encode(name, bl);
- ::encode(marker, bl);
- ::encode(bucket_id, bl);
- ::encode(tenant, bl);
- bool encode_explicit = !explicit_placement.data_pool.empty();
- ::encode(encode_explicit, bl);
- if (encode_explicit) {
- ::encode(explicit_placement.data_pool, bl);
- ::encode(explicit_placement.data_extra_pool, bl);
- ::encode(explicit_placement.index_pool, bl);
- }
- ENCODE_FINISH(bl);
- }
- void decode(bufferlist::iterator& bl) {
- DECODE_START_LEGACY_COMPAT_LEN(10, 3, 3, bl);
- ::decode(name, bl);
- if (struct_v < 10) {
- ::decode(explicit_placement.data_pool.name, bl);
- }
- if (struct_v >= 2) {
- ::decode(marker, bl);
- if (struct_v <= 3) {
- uint64_t id;
- ::decode(id, bl);
- char buf[16];
- snprintf(buf, sizeof(buf), "%llu", (long long)id);
- bucket_id = buf;
- } else {
- ::decode(bucket_id, bl);
- }
- }
- if (struct_v < 10) {
- if (struct_v >= 5) {
- ::decode(explicit_placement.index_pool.name, bl);
- } else {
- explicit_placement.index_pool = explicit_placement.data_pool;
- }
- if (struct_v >= 7) {
- ::decode(explicit_placement.data_extra_pool.name, bl);
- }
- }
- if (struct_v >= 8) {
- ::decode(tenant, bl);
- }
- if (struct_v >= 10) {
- bool decode_explicit = !explicit_placement.data_pool.empty();
- ::decode(decode_explicit, bl);
- if (decode_explicit) {
- ::decode(explicit_placement.data_pool, bl);
- ::decode(explicit_placement.data_extra_pool, bl);
- ::decode(explicit_placement.index_pool, bl);
- }
- }
- DECODE_FINISH(bl);
- }
-
- void update_bucket_id(const string& new_bucket_id) {
- bucket_id = new_bucket_id;
- oid.clear();
- }
-
- // format a key for the bucket/instance. pass delim=0 to skip a field
- std::string get_key(char tenant_delim = '/',
- char id_delim = ':') const;
-
- const rgw_pool& get_data_extra_pool() const {
- return explicit_placement.get_data_extra_pool();
- }
-
- void dump(Formatter *f) const;
- void decode_json(JSONObj *obj);
- static void generate_test_instances(list<rgw_bucket*>& o);
-
- rgw_bucket& operator=(const rgw_bucket&) = default;
-
- bool operator<(const rgw_bucket& b) const {
- return name.compare(b.name) < 0;
- }
- bool operator==(const rgw_bucket& b) const {
- return (name == b.name) && (bucket_id == b.bucket_id);
- }
-};
-WRITE_CLASS_ENCODER(rgw_bucket)
-
-inline ostream& operator<<(ostream& out, const rgw_bucket &b) {
- out << b.name << "[" << b.marker << "])";
- return out;
-}
-
-struct rgw_bucket_shard {
+struct rgw_bucket_placement {
+ rgw_placement_rule placement_rule;
rgw_bucket bucket;
- int shard_id;
-
- rgw_bucket_shard() : shard_id(-1) {}
- rgw_bucket_shard(const rgw_bucket& _b, int _sid) : bucket(_b), shard_id(_sid) {}
-
- std::string get_key(char tenant_delim = '/', char id_delim = ':',
- char shard_delim = ':') const;
- bool operator<(const rgw_bucket_shard& b) const {
- if (bucket < b.bucket) {
- return true;
- }
- if (b.bucket < bucket) {
- return false;
- }
- return shard_id < b.shard_id;
- }
+ void dump(Formatter *f) const;
};
-
struct RGWObjVersionTracker {
obj_version read_version;
obj_version write_version;
void prepare_op_for_read(librados::ObjectReadOperation *op);
void prepare_op_for_write(librados::ObjectWriteOperation *op);
- void apply_write() {
- read_version = write_version;
- write_version = obj_version();
- }
+ void apply_write();
void clear() {
read_version = obj_version();
void generate_new_write_ver(CephContext *cct);
};
+inline std::ostream& operator<<(std::ostream& out, const obj_version &v)
+{
+ out << v.tag << ":" << v.ver;
+ return out;
+}
+
+inline std::ostream& operator<<(std::ostream& out, const RGWObjVersionTracker &ot)
+{
+ out << "{r=" << ot.read_version << ",w=" << ot.write_version << "}";
+ return out;
+}
+
enum RGWBucketFlags {
BUCKET_SUSPENDED = 0x1,
BUCKET_VERSIONED = 0x2,
BUCKET_VERSIONS_SUSPENDED = 0x4,
BUCKET_DATASYNC_DISABLED = 0X8,
+ BUCKET_MFA_ENABLED = 0X10,
+ BUCKET_OBJ_LOCK_ENABLED = 0X20,
};
-enum RGWBucketIndexType {
- RGWBIType_Normal = 0,
- RGWBIType_Indexless = 1,
-};
-
-inline ostream& operator<<(ostream& out, const RGWBucketIndexType &index_type)
-{
- switch (index_type) {
- case RGWBIType_Normal:
- return out << "Normal";
- case RGWBIType_Indexless:
- return out << "Indexless";
- default:
- return out << "Unknown";
- }
-}
-
-struct RGWBucketInfo
-{
- enum BIShardsHashType {
- MOD = 0
- };
+class RGWSI_Zone;
+struct RGWBucketInfo {
rgw_bucket bucket;
rgw_user owner;
- uint32_t flags;
- string zonegroup;
+ uint32_t flags{0};
+ std::string zonegroup;
ceph::real_time creation_time;
- string placement_rule;
- bool has_instance_obj;
+ rgw_placement_rule placement_rule;
+ bool has_instance_obj{false};
RGWObjVersionTracker objv_tracker; /* we don't need to serialize this, for runtime tracking */
- obj_version ep_objv; /* entry point object version, for runtime tracking only */
RGWQuotaInfo quota;
+ // layout of bucket index objects
+ rgw::BucketLayout layout;
+
// Represents the number of bucket index object shards:
- // - value of 0 indicates there is no sharding (this is by default before this
- // feature is implemented).
+ // - value of 0 indicates there is no sharding (this is by default
+ // before this feature is implemented).
// - value of UINT32_T::MAX indicates this is a blind bucket.
- uint32_t num_shards;
-
- // Represents the bucket index shard hash type.
- uint8_t bucket_index_shard_hash_type;
// Represents the shard number for blind bucket.
const static uint32_t NUM_SHARDS_BLIND_BUCKET;
- bool requester_pays;
+ bool requester_pays{false};
- bool has_website;
+ bool has_website{false};
RGWBucketWebsiteConf website_conf;
- RGWBucketIndexType index_type;
+ bool swift_versioning{false};
+ std::string swift_ver_location;
- bool swift_versioning;
- string swift_ver_location;
+ std::map<std::string, uint32_t> mdsearch_config;
- map<string, uint32_t> mdsearch_config;
+ // resharding
+ cls_rgw_reshard_status reshard_status{cls_rgw_reshard_status::NOT_RESHARDING};
+ std::string new_bucket_instance_id;
- /* resharding */
- uint8_t reshard_status;
- string new_bucket_instance_id;
+ RGWObjectLock obj_lock;
+
+ std::optional<rgw_sync_policy_info> sync_policy;
+
+ void encode(bufferlist& bl) const;
+ void decode(bufferlist::const_iterator& bl);
- void encode(bufferlist& bl) const {
- ENCODE_START(19, 4, bl);
- ::encode(bucket, bl);
- ::encode(owner.id, bl);
- ::encode(flags, bl);
- ::encode(zonegroup, bl);
- uint64_t ct = real_clock::to_time_t(creation_time);
- ::encode(ct, bl);
- ::encode(placement_rule, bl);
- ::encode(has_instance_obj, bl);
- ::encode(quota, bl);
- ::encode(num_shards, bl);
- ::encode(bucket_index_shard_hash_type, bl);
- ::encode(requester_pays, bl);
- ::encode(owner.tenant, bl);
- ::encode(has_website, bl);
- if (has_website) {
- ::encode(website_conf, bl);
- }
- ::encode((uint32_t)index_type, bl);
- ::encode(swift_versioning, bl);
- if (swift_versioning) {
- ::encode(swift_ver_location, bl);
- }
- ::encode(creation_time, bl);
- ::encode(mdsearch_config, bl);
- ::encode(reshard_status, bl);
- ::encode(new_bucket_instance_id, bl);
- ENCODE_FINISH(bl);
- }
- void decode(bufferlist::iterator& bl) {
- DECODE_START_LEGACY_COMPAT_LEN_32(19, 4, 4, bl);
- ::decode(bucket, bl);
- if (struct_v >= 2) {
- string s;
- ::decode(s, bl);
- owner.from_str(s);
- }
- if (struct_v >= 3)
- ::decode(flags, bl);
- if (struct_v >= 5)
- ::decode(zonegroup, bl);
- if (struct_v >= 6) {
- uint64_t ct;
- ::decode(ct, bl);
- if (struct_v < 17)
- creation_time = ceph::real_clock::from_time_t((time_t)ct);
- }
- if (struct_v >= 7)
- ::decode(placement_rule, bl);
- if (struct_v >= 8)
- ::decode(has_instance_obj, bl);
- if (struct_v >= 9)
- ::decode(quota, bl);
- if (struct_v >= 10)
- ::decode(num_shards, bl);
- if (struct_v >= 11)
- ::decode(bucket_index_shard_hash_type, bl);
- if (struct_v >= 12)
- ::decode(requester_pays, bl);
- if (struct_v >= 13)
- ::decode(owner.tenant, bl);
- if (struct_v >= 14) {
- ::decode(has_website, bl);
- if (has_website) {
- ::decode(website_conf, bl);
- } else {
- website_conf = RGWBucketWebsiteConf();
- }
- }
- if (struct_v >= 15) {
- uint32_t it;
- ::decode(it, bl);
- index_type = (RGWBucketIndexType)it;
- } else {
- index_type = RGWBIType_Normal;
- }
- swift_versioning = false;
- swift_ver_location.clear();
- if (struct_v >= 16) {
- ::decode(swift_versioning, bl);
- if (swift_versioning) {
- ::decode(swift_ver_location, bl);
- }
- }
- if (struct_v >= 17) {
- ::decode(creation_time, bl);
- }
- if (struct_v >= 18) {
- ::decode(mdsearch_config, bl);
- }
- if (struct_v >= 19) {
- ::decode(reshard_status, bl);
- ::decode(new_bucket_instance_id, bl);
- }
- DECODE_FINISH(bl);
- }
void dump(Formatter *f) const;
- static void generate_test_instances(list<RGWBucketInfo*>& o);
+ static void generate_test_instances(std::list<RGWBucketInfo*>& o);
void decode_json(JSONObj *obj);
bool versioned() const { return (flags & BUCKET_VERSIONED) != 0; }
- int versioning_status() { return flags & (BUCKET_VERSIONED | BUCKET_VERSIONS_SUSPENDED); }
- bool versioning_enabled() { return versioning_status() == BUCKET_VERSIONED; }
+ int versioning_status() const { return flags & (BUCKET_VERSIONED | BUCKET_VERSIONS_SUSPENDED | BUCKET_MFA_ENABLED); }
+ bool versioning_enabled() const { return (versioning_status() & (BUCKET_VERSIONED | BUCKET_VERSIONS_SUSPENDED)) == BUCKET_VERSIONED; }
+ bool mfa_enabled() const { return (versioning_status() & BUCKET_MFA_ENABLED) != 0; }
bool datasync_flag_enabled() const { return (flags & BUCKET_DATASYNC_DISABLED) == 0; }
+ bool obj_lock_enabled() const { return (flags & BUCKET_OBJ_LOCK_ENABLED) != 0; }
bool has_swift_versioning() const {
/* A bucket may be versioned through one mechanism only. */
return swift_versioning && !versioned();
}
- RGWBucketInfo() : flags(0), has_instance_obj(false), num_shards(0), bucket_index_shard_hash_type(MOD), requester_pays(false),
- has_website(false), swift_versioning(false), reshard_status(0) {}
+ void set_sync_policy(rgw_sync_policy_info&& policy);
+
+ bool empty_sync_policy() const;
+
+ RGWBucketInfo();
+ ~RGWBucketInfo();
};
WRITE_CLASS_ENCODER(RGWBucketInfo)
void encode(bufferlist& bl) const {
ENCODE_START(10, 8, bl);
- ::encode(bucket, bl);
- ::encode(owner.id, bl);
- ::encode(linked, bl);
+ encode(bucket, bl);
+ encode(owner.id, bl);
+ encode(linked, bl);
uint64_t ctime = (uint64_t)real_clock::to_time_t(creation_time);
- ::encode(ctime, bl);
- ::encode(owner, bl);
- ::encode(creation_time, bl);
+ encode(ctime, bl);
+ encode(owner, bl);
+ encode(creation_time, bl);
ENCODE_FINISH(bl);
}
- void decode(bufferlist::iterator& bl) {
- bufferlist::iterator orig_iter = bl;
+ void decode(bufferlist::const_iterator& bl) {
+ auto orig_iter = bl;
DECODE_START_LEGACY_COMPAT_LEN_32(10, 4, 4, bl);
if (struct_v < 8) {
/* ouch, old entry, contains the bucket info itself */
return;
}
has_bucket_info = false;
- ::decode(bucket, bl);
- ::decode(owner.id, bl);
- ::decode(linked, bl);
+ decode(bucket, bl);
+ decode(owner.id, bl);
+ decode(linked, bl);
uint64_t ctime;
- ::decode(ctime, bl);
+ decode(ctime, bl);
if (struct_v < 10) {
creation_time = real_clock::from_time_t((time_t)ctime);
}
if (struct_v >= 9) {
- ::decode(owner, bl);
+ decode(owner, bl);
}
if (struct_v >= 10) {
- ::decode(creation_time, bl);
+ decode(creation_time, bl);
}
DECODE_FINISH(bl);
}
void dump(Formatter *f) const;
void decode_json(JSONObj *obj);
+ static void generate_test_instances(std::list<RGWBucketEntryPoint*>& o);
};
WRITE_CLASS_ENCODER(RGWBucketEntryPoint)
RGWObjCategory category;
uint64_t size;
uint64_t size_rounded;
- uint64_t size_utilized{0}; //< size after compression, encryption
uint64_t num_objects;
+ uint64_t size_utilized{0}; //< size after compression, encryption
+ bool dump_utilized; // whether dump should include utilized values
- RGWStorageStats()
- : category(RGW_OBJ_CATEGORY_NONE),
+ RGWStorageStats(bool _dump_utilized=true)
+ : category(RGWObjCategory::None),
size(0),
size_rounded(0),
- num_objects(0) {}
+ num_objects(0),
+ dump_utilized(_dump_utilized)
+ {}
void dump(Formatter *f) const;
-};
+}; // RGWStorageStats
class RGWEnv;
namespace auth {
namespace s3 {
class AWSBrowserUploadAbstractor;
+ class STSEngine;
}
class Completer;
}
}
}
+using meta_map_t = boost::container::flat_map <std::string, std::string>;
struct req_info {
const RGWEnv *env;
RGWHTTPArgs args;
- map<string, string> x_meta_map;
+ meta_map_t x_meta_map;
+ meta_map_t crypt_attribute_map;
- string host;
+ std::string host;
const char *method;
- string script_uri;
- string request_uri;
- string request_uri_aws4;
- string effective_uri;
- string request_params;
- string domain;
+ std::string script_uri;
+ std::string request_uri;
+ std::string request_uri_aws4;
+ std::string effective_uri;
+ std::string request_params;
+ std::string domain;
+ std::string storage_class;
req_info(CephContext *cct, const RGWEnv *env);
void rebuild_from(req_info& src);
- void init_meta_info(bool *found_bad_meta);
+ void init_meta_info(const DoutPrefixProvider *dpp, bool *found_bad_meta);
};
typedef cls_rgw_obj_key rgw_obj_index_key;
struct rgw_obj_key {
- string name;
- string instance;
- string ns;
+ std::string name;
+ std::string instance;
+ std::string ns;
rgw_obj_key() {}
// cppcheck-suppress noExplicitConstructor
- rgw_obj_key(const string& n) : name(n) {}
- rgw_obj_key(const string& n, const string& i) : name(n), instance(i) {}
- rgw_obj_key(const string& n, const string& i, const string& _ns) : name(n), instance(i), ns(_ns) {}
+ rgw_obj_key(const std::string& n) : name(n) {}
+ rgw_obj_key(const std::string& n, const std::string& i) : name(n), instance(i) {}
+ rgw_obj_key(const std::string& n, const std::string& i, const std::string& _ns) : name(n), instance(i), ns(_ns) {}
rgw_obj_key(const rgw_obj_index_key& k) {
parse_index_key(k.name, &name, &ns);
instance = k.instance;
}
- static void parse_index_key(const string& key, string *name, string *ns) {
+ static void parse_index_key(const std::string& key, std::string *name, std::string *ns) {
if (key[0] != '_') {
*name = key;
ns->clear();
*ns = key.substr(1, pos -1);
}
- void set(const string& n) {
+ void set(const std::string& n) {
name = n;
instance.clear();
ns.clear();
}
- void set(const string& n, const string& i) {
+ void set(const std::string& n, const std::string& i) {
name = n;
instance = i;
ns.clear();
}
- void set(const string& n, const string& i, const string& _ns) {
+ void set(const std::string& n, const std::string& i, const std::string& _ns) {
name = n;
instance = i;
ns = _ns;
return true;
}
- void set_instance(const string& i) {
+ void set_instance(const std::string& i) {
instance = i;
}
- string get_index_key_name() const {
+ const std::string& get_instance() const {
+ return instance;
+ }
+
+ void set_ns(const std::string& _ns) {
+ ns = _ns;
+ }
+
+ const std::string& get_ns() const {
+ return ns;
+ }
+
+ std::string get_index_key_name() const {
if (ns.empty()) {
if (name.size() < 1 || name[0] != '_') {
return name;
}
- return string("_") + name;
+ return std::string("_") + name;
};
char buf[ns.size() + 16];
snprintf(buf, sizeof(buf), "_%s_", ns.c_str());
- return string(buf) + name;
+ return std::string(buf) + name;
};
void get_index_key(rgw_obj_index_key *key) const {
key->instance = instance;
}
- string get_loc() const {
+ std::string get_loc() const {
/*
* For backward compatibility. Older versions used to have object locator on all objects,
* however, the name was the effective object locator. This had the same effect as not
return name;
}
- return string();
+ return {};
}
bool empty() const {
return have_instance() && !have_null_instance();
}
- string get_oid() const {
+ std::string get_oid() const {
if (ns.empty() && !need_to_encode_instance()) {
if (name.size() < 1 || name[0] != '_') {
return name;
}
- return string("_") + name;
+ return std::string("_") + name;
}
- string oid = "_";
+ std::string oid = "_";
oid.append(ns);
if (need_to_encode_instance()) {
- oid.append(string(":") + instance);
+ oid.append(std::string(":") + instance);
}
oid.append("_");
oid.append(name);
return !(k < *this);
}
- static void parse_ns_field(string& ns, string& instance) {
+ static void parse_ns_field(std::string& ns, std::string& instance) {
int pos = ns.find(':');
if (pos >= 0) {
instance = ns.substr(pos + 1);
}
}
- static bool parse_raw_oid(const string& oid, rgw_obj_key *key) {
+ // takes an oid and parses out the namespace (ns), name, and
+ // instance
+ static bool parse_raw_oid(const std::string& oid, rgw_obj_key *key) {
key->instance.clear();
key->ns.clear();
if (oid[0] != '_') {
return true;
}
- if (oid[0] != '_' || oid.size() < 3) // for namespace, min size would be 3: _x_
+ if (oid.size() < 3) // for namespace, min size would be 3: _x_
return false;
- int pos = oid.find('_', 1);
- if (pos <= 1) // if it starts with __, it's not in our namespace
+ size_t pos = oid.find('_', 2); // oid must match ^_[^_].+$
+ if (pos == std::string::npos)
return false;
key->ns = oid.substr(1, pos - 1);
* and cuts down the name to the unmangled version. If it is not
* part of the given namespace, it returns false.
*/
- static bool oid_to_key_in_ns(const string& oid, rgw_obj_key *key, const string& ns) {
+ static bool oid_to_key_in_ns(const std::string& oid, rgw_obj_key *key, const std::string& ns) {
bool ret = parse_raw_oid(oid, key);
if (!ret) {
return ret;
}
/**
- * Given a mangled object name and an empty namespace string, this
- * function extracts the namespace into the string and sets the object
+ * Given a mangled object name and an empty namespace std::string, this
+ * function extracts the namespace into the std::string and sets the object
* name to be the unmangled version.
*
* It returns true after successfully doing so, or
* false if it fails.
*/
- static bool strip_namespace_from_name(string& name, string& ns, string& instance) {
+ static bool strip_namespace_from_name(std::string& name, std::string& ns, std::string& instance) {
ns.clear();
instance.clear();
if (name[0] != '_') {
}
size_t pos = name.find('_', 1);
- if (pos == string::npos) {
+ if (pos == std::string::npos) {
return false;
}
}
ns = name.substr(1, pos-1);
- name = name.substr(pos+1, string::npos);
+ name = name.substr(pos+1, std::string::npos);
parse_ns_field(ns, instance);
return true;
void encode(bufferlist& bl) const {
ENCODE_START(2, 1, bl);
- ::encode(name, bl);
- ::encode(instance, bl);
- ::encode(ns, bl);
+ encode(name, bl);
+ encode(instance, bl);
+ encode(ns, bl);
ENCODE_FINISH(bl);
}
- void decode(bufferlist::iterator& bl) {
+ void decode(bufferlist::const_iterator& bl) {
DECODE_START(2, bl);
- ::decode(name, bl);
- ::decode(instance, bl);
+ decode(name, bl);
+ decode(instance, bl);
if (struct_v >= 2) {
- ::decode(ns, bl);
+ decode(ns, bl);
}
DECODE_FINISH(bl);
}
void dump(Formatter *f) const;
void decode_json(JSONObj *obj);
-};
-WRITE_CLASS_ENCODER(rgw_obj_key)
-inline ostream& operator<<(ostream& out, const rgw_obj_key &o) {
- if (o.instance.empty()) {
- return out << o.name;
- } else {
- return out << o.name << "[" << o.instance << "]";
+ std::string to_str() const {
+ if (instance.empty()) {
+ return name;
+ }
+ char buf[name.size() + instance.size() + 16];
+ snprintf(buf, sizeof(buf), "%s[%s]", name.c_str(), instance.c_str());
+ return buf;
}
-}
+};
+WRITE_CLASS_ENCODER(rgw_obj_key)
-inline ostream& operator<<(ostream& out, const rgw_obj_index_key &o) {
- if (o.instance.empty()) {
- return out << o.name;
- } else {
- return out << o.name << "[" << o.instance << "]";
- }
+inline std::ostream& operator<<(std::ostream& out, const rgw_obj_key &o) {
+ return out << o.to_str();
}
struct req_init_state {
/* Keeps [[tenant]:]bucket until we parse the token. */
- string url_bucket;
- string src_bucket;
+ std::string url_bucket;
+ std::string src_bucket;
};
-/* XXX why don't RGWRequest (or descendants) hold this state? */
-class RGWRequest;
-
#include "rgw_auth.h"
+class RGWObjectCtx;
+class RGWSysObjectCtx;
+
/** Store all the state necessary to complete and respond to an HTTP request*/
-struct req_state {
+struct req_state : DoutPrefixProvider {
CephContext *cct;
- rgw::io::BasicClient *cio;
- RGWRequest *req{nullptr}; /// XXX: re-remove??
- http_op op;
+ rgw::io::BasicClient *cio{nullptr};
+ http_op op{OP_UNKNOWN};
RGWOpType op_type{};
- bool content_started;
- int format;
- ceph::Formatter *formatter;
- string decoded_uri;
- string relative_uri;
- const char *length;
- int64_t content_length;
- map<string, string> generic_attrs;
+ std::shared_ptr<RateLimiter> ratelimit_data;
+ RGWRateLimitInfo user_ratelimit;
+ RGWRateLimitInfo bucket_ratelimit;
+ std::string ratelimit_bucket_marker;
+ std::string ratelimit_user_name;
+ bool content_started{false};
+ int format{0};
+ ceph::Formatter *formatter{nullptr};
+ std::string decoded_uri;
+ std::string relative_uri;
+ const char *length{nullptr};
+ int64_t content_length{0};
+ std::map<std::string, std::string> generic_attrs;
rgw_err err;
- bool expect_cont;
- uint64_t obj_size;
+ bool expect_cont{false};
+ uint64_t obj_size{0};
bool enable_ops_log;
bool enable_usage_log;
uint8_t defer_to_bucket_acls;
- uint32_t perm_mask;
+ uint32_t perm_mask{0};
/* Set once when url_bucket is parsed and not violated thereafter. */
- string account_name;
-
- string bucket_tenant;
- string bucket_name;
-
- rgw_bucket bucket;
- rgw_obj_key object;
- string src_tenant_name;
- string src_bucket_name;
- rgw_obj_key src_object;
+ std::string account_name;
+
+ std::string bucket_tenant;
+ std::string bucket_name;
+
+ /* bucket is only created in rgw_build_bucket_policies() and should never be
+ * overwritten */
+ std::unique_ptr<rgw::sal::Bucket> bucket;
+ std::unique_ptr<rgw::sal::Object> object;
+ std::string src_tenant_name;
+ std::string src_bucket_name;
+ std::unique_ptr<rgw::sal::Object> src_object;
ACLOwner bucket_owner;
ACLOwner owner;
- string zonegroup_name;
- string zonegroup_endpoint;
- string bucket_instance_id;
- int bucket_instance_shard_id;
+ std::string zonegroup_name;
+ std::string zonegroup_endpoint;
+ std::string bucket_instance_id;
+ int bucket_instance_shard_id{-1};
+ std::string redirect_zone_endpoint;
- string redirect;
+ std::string redirect;
- RGWBucketInfo bucket_info;
- map<string, bufferlist> bucket_attrs;
- bool bucket_exists;
+ real_time bucket_mtime;
+ std::map<std::string, ceph::bufferlist> bucket_attrs;
+ bool bucket_exists{false};
+ rgw_placement_rule dest_placement;
- bool has_bad_meta;
+ bool has_bad_meta{false};
- RGWUserInfo *user;
+ std::unique_ptr<rgw::sal::User> user;
struct {
/* TODO(rzarzynski): switch out to the static_ptr for both members. */
friend class RGWPostObj_ObjStore_S3;
/* Reader. */
friend class rgw::auth::s3::AWSBrowserUploadAbstractor;
+ friend class rgw::auth::s3::STSEngine;
std::string access_key;
std::string signature;
std::string x_amz_algorithm;
std::string x_amz_credential;
std::string x_amz_date;
+ std::string x_amz_security_token;
ceph::bufferlist encoded_policy;
} s3_postobj_creds;
} auth;
rgw::IAM::Environment env;
boost::optional<rgw::IAM::Policy> iam_policy;
+ boost::optional<PublicAccessBlockConfiguration> bucket_access_conf;
+ std::vector<rgw::IAM::Policy> iam_user_policies;
/* Is the request made by an user marked as a system one?
* Being system user means we also have the admin status. */
- bool system_request;
+ bool system_request{false};
- string canned_acl;
- bool has_acl_header;
- bool local_source; /* source is local */
+ std::string canned_acl;
+ bool has_acl_header{false};
+ bool local_source{false}; /* source is local */
- int prot_flags;
+ int prot_flags{0};
/* Content-Disposition override for TempURL of Swift API. */
struct {
- string override;
- string fallback;
+ std::string override;
+ std::string fallback;
} content_disp;
- string host_id;
+ std::string host_id;
req_info info;
req_init_state init_state;
- utime_t time;
- void *obj_ctx;
- string dialect;
- string req_id;
- string trans_id;
+ using Clock = ceph::coarse_real_clock;
+ Clock::time_point time;
- req_state(CephContext* _cct, RGWEnv* e, RGWUserInfo* u);
+ Clock::duration time_elapsed() const { return Clock::now() - time; }
+
+ RGWObjectCtx *obj_ctx{nullptr};
+ std::string dialect;
+ std::string req_id;
+ std::string trans_id;
+ uint64_t id;
+
+ RGWObjTags tagset;
+
+ bool mfa_verified{false};
+
+ /// optional coroutine context
+ optional_yield yield{null_yield};
+
+ //token claims from STS token for ops log (can be used for Keystone token also)
+ std::vector<std::string> token_claims;
+
+ std::vector<rgw::IAM::Policy> session_policies;
+
+ jspan trace;
+
+ //Principal tags that come in as part of AssumeRoleWithWebIdentity
+ std::vector<std::pair<std::string, std::string>> principal_tags;
+
+ req_state(CephContext* _cct, RGWEnv* e, uint64_t id);
~req_state();
+
+ void set_user(std::unique_ptr<rgw::sal::User>& u) { user.swap(u); }
bool is_err() const { return err.is_err(); }
+
+ // implements DoutPrefixProvider
+ std::ostream& gen_prefix(std::ostream& out) const override;
+ CephContext* get_cct() const override { return cct; }
+ unsigned get_subsys() const override { return ceph_subsys_rgw; }
};
void set_req_state_err(struct req_state*, int);
-void set_req_state_err(struct req_state*, int, const string&);
+void set_req_state_err(struct req_state*, int, const std::string&);
void set_req_state_err(struct rgw_err&, int, const int);
void dump(struct req_state*);
/* The placement_rule is necessary to calculate per-storage-policy statics
* of the Swift API. Although the info available in RGWBucketInfo, we need
* to duplicate it here to not affect the performance of buckets listing. */
- std::string placement_rule;
+ rgw_placement_rule placement_rule;
RGWBucketEnt()
: size(0),
ENCODE_START(7, 5, bl);
uint64_t s = size;
__u32 mt = ceph::real_clock::to_time_t(creation_time);
- string empty_str; // originally had the bucket name here, but we encode bucket later
- ::encode(empty_str, bl);
- ::encode(s, bl);
- ::encode(mt, bl);
- ::encode(count, bl);
- ::encode(bucket, bl);
+ std::string empty_str; // originally had the bucket name here, but we encode bucket later
+ encode(empty_str, bl);
+ encode(s, bl);
+ encode(mt, bl);
+ encode(count, bl);
+ encode(bucket, bl);
s = size_rounded;
- ::encode(s, bl);
- ::encode(creation_time, bl);
- ::encode(placement_rule, bl);
+ encode(s, bl);
+ encode(creation_time, bl);
+ encode(placement_rule, bl);
ENCODE_FINISH(bl);
}
- void decode(bufferlist::iterator& bl) {
- DECODE_START_LEGACY_COMPAT_LEN(6, 5, 5, bl);
+ void decode(bufferlist::const_iterator& bl) {
+ DECODE_START_LEGACY_COMPAT_LEN(7, 5, 5, bl);
__u32 mt;
uint64_t s;
- string empty_str; // backward compatibility
- ::decode(empty_str, bl);
- ::decode(s, bl);
- ::decode(mt, bl);
+ std::string empty_str; // backward compatibility
+ decode(empty_str, bl);
+ decode(s, bl);
+ decode(mt, bl);
size = s;
if (struct_v < 6) {
creation_time = ceph::real_clock::from_time_t(mt);
}
if (struct_v >= 2)
- ::decode(count, bl);
+ decode(count, bl);
if (struct_v >= 3)
- ::decode(bucket, bl);
+ decode(bucket, bl);
if (struct_v >= 4)
- ::decode(s, bl);
+ decode(s, bl);
size_rounded = s;
if (struct_v >= 6)
- ::decode(creation_time, bl);
+ decode(creation_time, bl);
if (struct_v >= 7)
- ::decode(placement_rule, bl);
+ decode(placement_rule, bl);
DECODE_FINISH(bl);
}
void dump(Formatter *f) const;
- static void generate_test_instances(list<RGWBucketEnt*>& o);
+ static void generate_test_instances(std::list<RGWBucketEnt*>& o);
};
WRITE_CLASS_ENCODER(RGWBucketEnt)
bucket = b;
key.set(name);
}
- void init(const rgw_bucket& b, const std::string& name, const string& i, const string& n) {
+ void init(const rgw_bucket& b, const std::string& name, const std::string& i, const std::string& n) {
bucket = b;
key.set(name, i, n);
}
- void init_ns(const rgw_bucket& b, const std::string& name, const string& n) {
+ void init_ns(const rgw_bucket& b, const std::string& name, const std::string& n) {
bucket = b;
key.name = name;
key.instance.clear();
key = k;
}
- string get_oid() const {
+ std::string get_oid() const {
return key.get_oid();
}
- const string& get_hash_object() const {
+ const std::string& get_hash_object() const {
return index_hash_source.empty() ? key.name : index_hash_source;
}
void encode(bufferlist& bl) const {
ENCODE_START(6, 6, bl);
- ::encode(bucket, bl);
- ::encode(key.ns, bl);
- ::encode(key.name, bl);
- ::encode(key.instance, bl);
-// ::encode(placement_id, bl);
+ encode(bucket, bl);
+ encode(key.ns, bl);
+ encode(key.name, bl);
+ encode(key.instance, bl);
+// encode(placement_id, bl);
ENCODE_FINISH(bl);
}
- void decode(bufferlist::iterator& bl) {
+ void decode(bufferlist::const_iterator& bl) {
DECODE_START_LEGACY_COMPAT_LEN(6, 3, 3, bl);
if (struct_v < 6) {
- string s;
- ::decode(bucket.name, bl); /* bucket.name */
- ::decode(s, bl); /* loc */
- ::decode(key.ns, bl);
- ::decode(key.name, bl);
+ std::string s;
+ decode(bucket.name, bl); /* bucket.name */
+ decode(s, bl); /* loc */
+ decode(key.ns, bl);
+ decode(key.name, bl);
if (struct_v >= 2)
- ::decode(bucket, bl);
+ decode(bucket, bl);
if (struct_v >= 4)
- ::decode(key.instance, bl);
+ decode(key.instance, bl);
if (key.ns.empty() && key.instance.empty()) {
if (key.name[0] == '_') {
key.name = key.name.substr(1);
}
} else {
if (struct_v >= 5) {
- ::decode(key.name, bl);
+ decode(key.name, bl);
} else {
ssize_t pos = key.name.find('_', 1);
if (pos < 0) {
- throw buffer::error();
+ throw buffer::malformed_input();
}
key.name = key.name.substr(pos + 1);
}
}
} else {
- ::decode(bucket, bl);
- ::decode(key.ns, bl);
- ::decode(key.name, bl);
- ::decode(key.instance, bl);
-// ::decode(placement_id, bl);
+ decode(bucket, bl);
+ decode(key.ns, bl);
+ decode(key.name, bl);
+ decode(key.instance, bl);
+// decode(placement_id, bl);
}
DECODE_FINISH(bl);
}
void dump(Formatter *f) const;
- static void generate_test_instances(list<rgw_obj*>& o);
+ static void generate_test_instances(std::list<rgw_obj*>& o);
bool operator==(const rgw_obj& o) const {
return (key == o.key) &&
WRITE_CLASS_ENCODER(rgw_obj)
struct rgw_cache_entry_info {
- string cache_locator;
+ std::string cache_locator;
uint64_t gen;
rgw_cache_entry_info() : gen(0) {}
};
-inline ostream& operator<<(ostream& out, const rgw_obj &o) {
+inline std::ostream& operator<<(std::ostream& out, const rgw_obj &o) {
return out << o.bucket.name << ":" << o.get_oid();
}
+struct multipart_upload_info
+{
+ rgw_placement_rule dest_placement;
+
+ void encode(bufferlist& bl) const {
+ ENCODE_START(1, 1, bl);
+ encode(dest_placement, bl);
+ ENCODE_FINISH(bl);
+ }
+
+ void decode(bufferlist::const_iterator& bl) {
+ DECODE_START(1, bl);
+ decode(dest_placement, bl);
+ DECODE_FINISH(bl);
+ }
+};
+WRITE_CLASS_ENCODER(multipart_upload_info)
+
static inline void buf_to_hex(const unsigned char* const buf,
const size_t len,
char* const str)
if (!s)
return def_val;
- return (strcasecmp(s, "on") == 0 ||
+ return (strcasecmp(s, "true") == 0 ||
+ strcasecmp(s, "on") == 0 ||
strcasecmp(s, "yes") == 0 ||
strcasecmp(s, "1") == 0);
}
-static inline void append_rand_alpha(CephContext *cct, const string& src, string& dest, int len)
+static inline void append_rand_alpha(CephContext *cct, const std::string& src, std::string& dest, int len)
{
dest = src;
char buf[len + 1];
dest.append(buf);
}
-static inline const char *rgw_obj_category_name(RGWObjCategory category)
-{
- switch (category) {
- case RGW_OBJ_CATEGORY_NONE:
- return "rgw.none";
- case RGW_OBJ_CATEGORY_MAIN:
- return "rgw.main";
- case RGW_OBJ_CATEGORY_SHADOW:
- return "rgw.shadow";
- case RGW_OBJ_CATEGORY_MULTIMETA:
- return "rgw.multimeta";
- }
-
- return "unknown";
-}
-
static inline uint64_t rgw_rounded_kb(uint64_t bytes)
{
return (bytes + 1023) / 1024;
return ((bytes + 4095) & ~4095) / 1024;
}
-extern string rgw_string_unquote(const string& s);
-extern void parse_csv_string(const string& ival, vector<string>& ovals);
-extern int parse_key_value(string& in_str, string& key, string& val);
-extern int parse_key_value(string& in_str, const char *delim, string& key, string& val);
+/* implement combining step, S3 header canonicalization; k is a
+ * valid header and in lc form */
+void rgw_add_amz_meta_header(
+ meta_map_t& x_meta_map,
+ const std::string& k,
+ const std::string& v);
-extern boost::optional<std::pair<boost::string_view, boost::string_view>>
-parse_key_value(const boost::string_view& in_str,
- const boost::string_view& delim);
-extern boost::optional<std::pair<boost::string_view, boost::string_view>>
-parse_key_value(const boost::string_view& in_str);
+enum rgw_set_action_if_set {
+ DISCARD=0, OVERWRITE, APPEND
+};
+
+bool rgw_set_amz_meta_header(
+ meta_map_t& x_meta_map,
+ const std::string& k,
+ const std::string& v, rgw_set_action_if_set f);
+
+extern std::string rgw_string_unquote(const std::string& s);
+extern void parse_csv_string(const std::string& ival, std::vector<std::string>& ovals);
+extern int parse_key_value(std::string& in_str, std::string& key, std::string& val);
+extern int parse_key_value(std::string& in_str, const char *delim, std::string& key, std::string& val);
+
+extern boost::optional<std::pair<std::string_view,std::string_view>>
+parse_key_value(const std::string_view& in_str,
+ const std::string_view& delim);
+extern boost::optional<std::pair<std::string_view,std::string_view>>
+parse_key_value(const std::string_view& in_str);
/** time parsing */
extern int parse_time(const char *time_str, real_time *time);
extern bool parse_rfc2616(const char *s, struct tm *t);
extern bool parse_iso8601(const char *s, struct tm *t, uint32_t *pns = NULL, bool extended_format = true);
-extern string rgw_trim_whitespace(const string& src);
-extern boost::string_view rgw_trim_whitespace(const boost::string_view& src);
-extern string rgw_trim_quotes(const string& val);
+extern std::string rgw_trim_whitespace(const std::string& src);
+extern std::string_view rgw_trim_whitespace(const std::string_view& src);
+extern std::string rgw_trim_quotes(const std::string& val);
extern void rgw_to_iso8601(const real_time& t, char *dest, int buf_size);
-extern void rgw_to_iso8601(const real_time& t, string *dest);
+extern void rgw_to_iso8601(const real_time& t, std::string *dest);
extern std::string rgw_to_asctime(const utime_t& t);
+struct perm_state_base {
+ CephContext *cct;
+ const rgw::IAM::Environment& env;
+ rgw::auth::Identity *identity;
+ const RGWBucketInfo bucket_info;
+ int perm_mask;
+ bool defer_to_bucket_acls;
+ boost::optional<PublicAccessBlockConfiguration> bucket_access_conf;
+
+ perm_state_base(CephContext *_cct,
+ const rgw::IAM::Environment& _env,
+ rgw::auth::Identity *_identity,
+ const RGWBucketInfo& _bucket_info,
+ int _perm_mask,
+ bool _defer_to_bucket_acls,
+ boost::optional<PublicAccessBlockConfiguration> _bucket_acess_conf = boost::none) :
+ cct(_cct),
+ env(_env),
+ identity(_identity),
+ bucket_info(_bucket_info),
+ perm_mask(_perm_mask),
+ defer_to_bucket_acls(_defer_to_bucket_acls),
+ bucket_access_conf(_bucket_acess_conf)
+ {}
+
+ virtual ~perm_state_base() {}
+
+ virtual const char *get_referer() const = 0;
+ virtual std::optional<bool> get_request_payer() const = 0; /*
+ * empty state means that request_payer param was not passed in
+ */
+
+};
+
+struct perm_state : public perm_state_base {
+ const char *referer;
+ bool request_payer;
+
+ perm_state(CephContext *_cct,
+ const rgw::IAM::Environment& _env,
+ rgw::auth::Identity *_identity,
+ const RGWBucketInfo& _bucket_info,
+ int _perm_mask,
+ bool _defer_to_bucket_acls,
+ const char *_referer,
+ bool _request_payer) : perm_state_base(_cct,
+ _env,
+ _identity,
+ _bucket_info,
+ _perm_mask,
+ _defer_to_bucket_acls),
+ referer(_referer),
+ request_payer(_request_payer) {}
+
+ const char *get_referer() const override {
+ return referer;
+ }
+
+ std::optional<bool> get_request_payer() const override {
+ return request_payer;
+ }
+};
+
+/** Check if the req_state's user has the necessary permissions
+ * to do the requested action */
+bool verify_bucket_permission_no_policy(
+ const DoutPrefixProvider* dpp,
+ struct perm_state_base * const s,
+ RGWAccessControlPolicy * const user_acl,
+ RGWAccessControlPolicy * const bucket_acl,
+ const int perm);
+
+bool verify_user_permission_no_policy(const DoutPrefixProvider* dpp,
+ struct perm_state_base * const s,
+ RGWAccessControlPolicy * const user_acl,
+ const int perm);
+
+bool verify_object_permission_no_policy(const DoutPrefixProvider* dpp,
+ struct perm_state_base * const s,
+ RGWAccessControlPolicy * const user_acl,
+ RGWAccessControlPolicy * const bucket_acl,
+ RGWAccessControlPolicy * const object_acl,
+ const int perm);
+
/** Check if the req_state's user has the necessary permissions
* to do the requested action */
-bool verify_user_permission(struct req_state * const s,
+rgw::IAM::Effect eval_identity_or_session_policies(const std::vector<rgw::IAM::Policy>& user_policies,
+ const rgw::IAM::Environment& env,
+ const uint64_t op,
+ const rgw::ARN& arn);
+bool verify_user_permission(const DoutPrefixProvider* dpp,
+ struct req_state * const s,
RGWAccessControlPolicy * const user_acl,
- const int perm);
-bool verify_user_permission(struct req_state * const s,
- const int perm);
+ const std::vector<rgw::IAM::Policy>& user_policies,
+ const std::vector<rgw::IAM::Policy>& session_policies,
+ const rgw::ARN& res,
+ const uint64_t op);
+bool verify_user_permission_no_policy(const DoutPrefixProvider* dpp,
+ struct req_state * const s,
+ RGWAccessControlPolicy * const user_acl,
+ const int perm);
+bool verify_user_permission(const DoutPrefixProvider* dpp,
+ struct req_state * const s,
+ const rgw::ARN& res,
+ const uint64_t op);
+bool verify_user_permission_no_policy(const DoutPrefixProvider* dpp,
+ struct req_state * const s,
+ int perm);
bool verify_bucket_permission(
+ const DoutPrefixProvider* dpp,
struct req_state * const s,
const rgw_bucket& bucket,
RGWAccessControlPolicy * const user_acl,
RGWAccessControlPolicy * const bucket_acl,
const boost::optional<rgw::IAM::Policy>& bucket_policy,
+ const std::vector<rgw::IAM::Policy>& identity_policies,
+ const std::vector<rgw::IAM::Policy>& session_policies,
const uint64_t op);
-bool verify_bucket_permission(struct req_state * const s, const uint64_t op);
+bool verify_bucket_permission(const DoutPrefixProvider* dpp, struct req_state * const s, const uint64_t op);
bool verify_bucket_permission_no_policy(
+ const DoutPrefixProvider* dpp,
struct req_state * const s,
RGWAccessControlPolicy * const user_acl,
RGWAccessControlPolicy * const bucket_acl,
const int perm);
-bool verify_bucket_permission_no_policy(struct req_state * const s,
+bool verify_bucket_permission_no_policy(const DoutPrefixProvider* dpp,
+ struct req_state * const s,
const int perm);
int verify_bucket_owner_or_policy(struct req_state* const s,
const uint64_t op);
extern bool verify_object_permission(
+ const DoutPrefixProvider* dpp,
struct req_state * const s,
const rgw_obj& obj,
RGWAccessControlPolicy * const user_acl,
RGWAccessControlPolicy * const bucket_acl,
RGWAccessControlPolicy * const object_acl,
const boost::optional<rgw::IAM::Policy>& bucket_policy,
+ const std::vector<rgw::IAM::Policy>& identity_policies,
+ const std::vector<rgw::IAM::Policy>& session_policies,
const uint64_t op);
-extern bool verify_object_permission(struct req_state *s, uint64_t op);
+extern bool verify_object_permission(const DoutPrefixProvider* dpp, struct req_state *s, uint64_t op);
extern bool verify_object_permission_no_policy(
+ const DoutPrefixProvider* dpp,
struct req_state * const s,
RGWAccessControlPolicy * const user_acl,
RGWAccessControlPolicy * const bucket_acl,
RGWAccessControlPolicy * const object_acl,
int perm);
-extern bool verify_object_permission_no_policy(struct req_state *s,
+extern bool verify_object_permission_no_policy(const DoutPrefixProvider* dpp, struct req_state *s,
int perm);
+extern int verify_object_lock(
+ const DoutPrefixProvider* dpp,
+ const rgw::sal::Attrs& attrs,
+ const bool bypass_perm,
+ const bool bypass_governance_mode);
+
/** Convert an input URL into a sane object name
- * by converting %-escaped strings into characters, etc*/
-extern void rgw_uri_escape_char(char c, string& dst);
-extern std::string url_decode(const boost::string_view& src_str,
+ * by converting %-escaped std::strings into characters, etc*/
+extern void rgw_uri_escape_char(char c, std::string& dst);
+extern std::string url_decode(const std::string_view& src_str,
bool in_query = false);
-extern void url_encode(const std::string& src,
- string& dst);
-extern std::string url_encode(const std::string& src);
+extern void url_encode(const std::string& src, std::string& dst,
+ bool encode_slash = true);
+extern std::string url_encode(const std::string& src, bool encode_slash = true);
+extern std::string url_remove_prefix(const std::string& url); // Removes hhtp, https and www from url
/* destination should be CEPH_CRYPTO_HMACSHA1_DIGESTSIZE bytes long */
extern void calc_hmac_sha1(const char *key, int key_len,
const char *msg, int msg_len, char *dest);
-using sha1_digest_t = \
- std::array<char, CEPH_CRYPTO_HMACSHA1_DIGESTSIZE>;
-
static inline sha1_digest_t
-calc_hmac_sha1(const boost::string_view& key, const boost::string_view& msg) {
+calc_hmac_sha1(const std::string_view& key, const std::string_view& msg) {
sha1_digest_t dest;
- calc_hmac_sha1(key.data(), key.size(), msg.data(), msg.size(), dest.data());
+ calc_hmac_sha1(key.data(), key.size(), msg.data(), msg.size(),
+ reinterpret_cast<char*>(dest.v));
return dest;
}
const char *msg, int msg_len,
char *dest);
-using sha256_digest_t = \
- std::array<unsigned char, CEPH_CRYPTO_HMACSHA256_DIGESTSIZE>;
-
static inline sha256_digest_t
calc_hmac_sha256(const char *key, const int key_len,
const char *msg, const int msg_len) {
- std::array<unsigned char, CEPH_CRYPTO_HMACSHA256_DIGESTSIZE> dest;
+ sha256_digest_t dest;
calc_hmac_sha256(key, key_len, msg, msg_len,
- reinterpret_cast<char*>(dest.data()));
+ reinterpret_cast<char*>(dest.v));
return dest;
}
static inline sha256_digest_t
-calc_hmac_sha256(const boost::string_view& key, const boost::string_view& msg) {
- std::array<unsigned char, CEPH_CRYPTO_HMACSHA256_DIGESTSIZE> dest;
+calc_hmac_sha256(const std::string_view& key, const std::string_view& msg) {
+ sha256_digest_t dest;
calc_hmac_sha256(key.data(), key.size(),
msg.data(), msg.size(),
- reinterpret_cast<char*>(dest.data()));
+ reinterpret_cast<char*>(dest.v));
+ return dest;
+}
+
+static inline sha256_digest_t
+calc_hmac_sha256(const sha256_digest_t &key,
+ const std::string_view& msg) {
+ sha256_digest_t dest;
+ calc_hmac_sha256(reinterpret_cast<const char*>(key.v), sha256_digest_t::SIZE,
+ msg.data(), msg.size(),
+ reinterpret_cast<char*>(dest.v));
return dest;
}
static inline sha256_digest_t
calc_hmac_sha256(const std::vector<unsigned char>& key,
- const boost::string_view& msg) {
- std::array<unsigned char, CEPH_CRYPTO_HMACSHA256_DIGESTSIZE> dest;
+ const std::string_view& msg) {
+ sha256_digest_t dest;
calc_hmac_sha256(reinterpret_cast<const char*>(key.data()), key.size(),
msg.data(), msg.size(),
- reinterpret_cast<char*>(dest.data()));
+ reinterpret_cast<char*>(dest.v));
return dest;
}
template<size_t KeyLenN>
static inline sha256_digest_t
calc_hmac_sha256(const std::array<unsigned char, KeyLenN>& key,
- const boost::string_view& msg) {
- std::array<unsigned char, CEPH_CRYPTO_HMACSHA256_DIGESTSIZE> dest;
+ const std::string_view& msg) {
+ sha256_digest_t dest;
calc_hmac_sha256(reinterpret_cast<const char*>(key.data()), key.size(),
msg.data(), msg.size(),
- reinterpret_cast<char*>(dest.data()));
+ reinterpret_cast<char*>(dest.v));
return dest;
}
-extern sha256_digest_t calc_hash_sha256(const boost::string_view& msg);
+extern sha256_digest_t calc_hash_sha256(const std::string_view& msg);
extern ceph::crypto::SHA256* calc_hash_sha256_open_stream();
extern void calc_hash_sha256_update_stream(ceph::crypto::SHA256* hash,
extern std::string calc_hash_sha256_close_stream(ceph::crypto::SHA256** phash);
extern std::string calc_hash_sha256_restart_stream(ceph::crypto::SHA256** phash);
-extern int rgw_parse_op_type_list(const string& str, uint32_t *perm);
+extern int rgw_parse_op_type_list(const std::string& str, uint32_t *perm);
static constexpr uint32_t MATCH_POLICY_ACTION = 0x01;
static constexpr uint32_t MATCH_POLICY_RESOURCE = 0x02;
static constexpr uint32_t MATCH_POLICY_ARN = 0x04;
static constexpr uint32_t MATCH_POLICY_STRING = 0x08;
-extern bool match_policy(boost::string_view pattern, boost::string_view input,
+extern bool match_policy(std::string_view pattern, std::string_view input,
uint32_t flag);
+extern std::string camelcase_dash_http_attr(const std::string& orig);
+extern std::string lowercase_dash_http_attr(const std::string& orig);
+
void rgw_setup_saved_curl_handles();
void rgw_release_all_curl_handles();
-#endif
+static inline void rgw_escape_str(const std::string& s, char esc_char,
+ char special_char, std::string *dest)
+{
+ const char *src = s.c_str();
+ char dest_buf[s.size() * 2 + 1];
+ char *destp = dest_buf;
+
+ for (size_t i = 0; i < s.size(); i++) {
+ char c = src[i];
+ if (c == esc_char || c == special_char) {
+ *destp++ = esc_char;
+ }
+ *destp++ = c;
+ }
+ *destp++ = '\0';
+ *dest = dest_buf;
+}
+
+static inline ssize_t rgw_unescape_str(const std::string& s, ssize_t ofs,
+ char esc_char, char special_char,
+ std::string *dest)
+{
+ const char *src = s.c_str();
+ char dest_buf[s.size() + 1];
+ char *destp = dest_buf;
+ bool esc = false;
+
+ dest_buf[0] = '\0';
+
+ for (size_t i = ofs; i < s.size(); i++) {
+ char c = src[i];
+ if (!esc && c == esc_char) {
+ esc = true;
+ continue;
+ }
+ if (!esc && c == special_char) {
+ *destp = '\0';
+ *dest = dest_buf;
+ return (ssize_t)i + 1;
+ }
+ *destp++ = c;
+ esc = false;
+ }
+ *destp = '\0';
+ *dest = dest_buf;
+ return std::string::npos;
+}
+
+static inline std::string rgw_bl_str(ceph::buffer::list& raw)
+{
+ size_t len = raw.length();
+ std::string s(raw.c_str(), len);
+ while (len && !s[len - 1]) {
+ --len;
+ s.resize(len);
+ }
+ return s;
+}
+
+template <typename T>
+int decode_bl(bufferlist& bl, T& t)
+{
+ auto iter = bl.cbegin();
+ try {
+ decode(t, iter);
+ } catch (buffer::error& err) {
+ return -EIO;
+ }
+ return 0;
+}