#define dout_subsys ceph_subsys_rgw
-const string RGWOIDCProvider::oidc_url_oid_prefix = "oidc_url.";
-const string RGWOIDCProvider::oidc_arn_prefix = "arn:aws:iam::";
-
-int RGWOIDCProvider::store_url(const DoutPrefixProvider *dpp, const string& url, bool exclusive,
- optional_yield y)
-{
- using ceph::encode;
- string oid = tenant + get_url_oid_prefix() + url;
+using namespace std;
- auto svc = ctl->svc;
+namespace rgw { namespace sal {
- bufferlist bl;
- encode(*this, bl);
- auto obj_ctx = svc->sysobj->init_obj_ctx();
- return rgw_put_system_obj(dpp, obj_ctx, svc->zone->get_zone_params().oidc_pool, oid,
- bl, exclusive, NULL, real_time(), y);
-}
+const string RGWOIDCProvider::oidc_url_oid_prefix = "oidc_url.";
+const string RGWOIDCProvider::oidc_arn_prefix = "arn:aws:iam::";
int RGWOIDCProvider::get_tenant_url_from_arn(string& tenant, string& url)
{
{
int ret;
- if (! validate_input()) {
+ if (! validate_input(dpp)) {
return -EINVAL;
}
sprintf(buf + strlen(buf),".%dZ",(int)tv.tv_usec/1000);
creation_date.assign(buf, strlen(buf));
- auto svc = ctl->svc;
-
- auto& pool = svc->zone->get_zone_params().oidc_pool;
ret = store_url(dpp, idp_url, exclusive, y);
if (ret < 0) {
- ldpp_dout(dpp, 0) << "ERROR: storing role info in pool: " << pool.name << ": "
+ ldpp_dout(dpp, 0) << "ERROR: storing role info in OIDC pool: "
<< provider_url << ": " << cpp_strerror(-ret) << dendl;
return ret;
}
return 0;
}
-int RGWOIDCProvider::delete_obj(const DoutPrefixProvider *dpp, optional_yield y)
-{
- auto svc = ctl->svc;
- auto& pool = svc->zone->get_zone_params().oidc_pool;
-
- string url, tenant;
- auto ret = get_tenant_url_from_arn(tenant, url);
- if (ret < 0) {
- ldpp_dout(dpp, 0) << "ERROR: failed to parse arn" << dendl;
- return -EINVAL;
- }
-
- if (this->tenant != tenant) {
- ldpp_dout(dpp, 0) << "ERROR: tenant in arn doesn't match that of user " << this->tenant << ", "
- << tenant << ": " << dendl;
- return -EINVAL;
- }
-
- // Delete url
- string oid = tenant + get_url_oid_prefix() + url;
- ret = rgw_delete_system_obj(dpp, svc->sysobj, pool, oid, NULL, y);
- if (ret < 0) {
- ldpp_dout(dpp, 0) << "ERROR: deleting oidc url from pool: " << pool.name << ": "
- << provider_url << ": " << cpp_strerror(-ret) << dendl;
- }
-
- return ret;
-}
-
int RGWOIDCProvider::get(const DoutPrefixProvider *dpp)
{
string url, tenant;
JSONDecoder::decode_json("OpenIDConnectProviderArn", arn, obj);
}
-int RGWOIDCProvider::read_url(const DoutPrefixProvider *dpp, const string& url, const string& tenant)
-{
- auto svc = ctl->svc;
- auto& pool = svc->zone->get_zone_params().oidc_pool;
- string oid = tenant + get_url_oid_prefix() + url;
- bufferlist bl;
- auto obj_ctx = svc->sysobj->init_obj_ctx();
-
- int ret = rgw_get_system_obj(obj_ctx, pool, oid, bl, NULL, NULL, null_yield, dpp);
- if (ret < 0) {
- return ret;
- }
-
- try {
- using ceph::decode;
- auto iter = bl.cbegin();
- decode(*this, iter);
- } catch (buffer::error& err) {
- ldpp_dout(dpp, 0) << "ERROR: failed to decode oidc provider info from pool: " << pool.name <<
- ": " << url << dendl;
- return -EIO;
- }
-
- return 0;
-}
-
-bool RGWOIDCProvider::validate_input()
+bool RGWOIDCProvider::validate_input(const DoutPrefixProvider *dpp)
{
if (provider_url.length() > MAX_OIDC_URL_LEN) {
- ldout(cct, 0) << "ERROR: Invalid length of url " << dendl;
+ ldpp_dout(dpp, 0) << "ERROR: Invalid length of url " << dendl;
return false;
}
if (client_ids.size() > MAX_OIDC_NUM_CLIENT_IDS) {
- ldout(cct, 0) << "ERROR: Invalid number of client ids " << dendl;
+ ldpp_dout(dpp, 0) << "ERROR: Invalid number of client ids " << dendl;
return false;
}
}
if (thumbprints.size() > MAX_OIDC_NUM_THUMBPRINTS) {
- ldout(cct, 0) << "ERROR: Invalid number of thumbprints " << thumbprints.size() << dendl;
+ ldpp_dout(dpp, 0) << "ERROR: Invalid number of thumbprints " << thumbprints.size() << dendl;
return false;
}
return true;
}
-int RGWOIDCProvider::get_providers(const DoutPrefixProvider *dpp, RGWRados *store,
- const string& tenant,
- vector<RGWOIDCProvider>& providers)
-{
- auto ctl = store->pctl;
- auto svc = ctl->svc;
- auto pool = store->svc.zone->get_zone_params().oidc_pool;
- string prefix = tenant + oidc_url_oid_prefix;
-
- //Get the filtered objects
- list<string> result;
- bool is_truncated;
- RGWListRawObjsCtx ctx;
- do {
- list<string> oids;
- int r = store->list_raw_objects(dpp, pool, prefix, 1000, ctx, oids, &is_truncated);
- if (r < 0) {
- ldpp_dout(dpp, 0) << "ERROR: listing filtered objects failed: " << pool.name << ": "
- << prefix << ": " << cpp_strerror(-r) << dendl;
- return r;
- }
- for (const auto& iter : oids) {
- RGWOIDCProvider provider(ctl->cct, store->pctl);
- bufferlist bl;
- auto obj_ctx = svc->sysobj->init_obj_ctx();
-
- int ret = rgw_get_system_obj(obj_ctx, pool, iter, bl, NULL, NULL, null_yield, dpp);
- if (ret < 0) {
- return ret;
- }
-
- try {
- using ceph::decode;
- auto iter = bl.cbegin();
- decode(provider, iter);
- } catch (buffer::error& err) {
- ldpp_dout(dpp, 0) << "ERROR: failed to decode oidc provider info from pool: " << pool.name <<
- ": " << iter << dendl;
- return -EIO;
- }
-
- providers.push_back(std::move(provider));
- }
- } while (is_truncated);
-
- return 0;
-}
-
const string& RGWOIDCProvider::get_url_oid_prefix()
{
return oidc_url_oid_prefix;
}
+
+} } // namespace rgw::sal