#include <boost/tokenizer.hpp>
-#include "rgw_rest.h"
+#include "rgw_auth_s3.h"
#include "rgw_rest_iam.h"
-#include "rgw_request.h"
-#include "rgw_process.h"
-
#include "rgw_rest_role.h"
#include "rgw_rest_user_policy.h"
#include "rgw_rest_oidc_provider.h"
using namespace std;
-void RGWHandler_REST_IAM::rgw_iam_parse_input()
+using op_generator = RGWOp*(*)(const bufferlist&);
+static const std::unordered_map<std::string_view, op_generator> op_generators = {
+ {"CreateRole", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWCreateRole(bl_post_body);}},
+ {"DeleteRole", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWDeleteRole(bl_post_body);}},
+ {"GetRole", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWGetRole;}},
+ {"UpdateAssumeRolePolicy", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWModifyRoleTrustPolicy(bl_post_body);}},
+ {"ListRoles", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWListRoles;}},
+ {"PutRolePolicy", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWPutRolePolicy(bl_post_body);}},
+ {"GetRolePolicy", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWGetRolePolicy;}},
+ {"ListRolePolicies", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWListRolePolicies;}},
+ {"DeleteRolePolicy", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWDeleteRolePolicy(bl_post_body);}},
+ {"PutUserPolicy", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWPutUserPolicy;}},
+ {"GetUserPolicy", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWGetUserPolicy;}},
+ {"ListUserPolicies", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWListUserPolicies;}},
+ {"DeleteUserPolicy", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWDeleteUserPolicy;}},
+ {"CreateOpenIDConnectProvider", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWCreateOIDCProvider;}},
+ {"ListOpenIDConnectProviders", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWListOIDCProviders;}},
+ {"GetOpenIDConnectProvider", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWGetOIDCProvider;}},
+ {"DeleteOpenIDConnectProvider", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWDeleteOIDCProvider;}},
+ {"TagRole", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWTagRole(bl_post_body);}},
+ {"ListRoleTags", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWListRoleTags;}},
+ {"UntagRole", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWUntagRole(bl_post_body);}},
+ {"UpdateRole", [](const bufferlist& bl_post_body) -> RGWOp* {return new RGWUpdateRole(bl_post_body);}}
+};
+
+bool RGWHandler_REST_IAM::action_exists(const req_state* s)
{
- std::string post_body = bl_post_body.to_str();
- if (post_body.size() > 0) {
- ldpp_dout(s, 10) << "Content of POST: " << post_body << dendl;
-
- if (post_body.find("Action") != string::npos) {
- boost::char_separator<char> sep("&");
- boost::tokenizer<boost::char_separator<char>> tokens(post_body, sep);
- for (const auto& t : tokens) {
- auto pos = t.find("=");
- if (pos != string::npos) {
- s->info.args.append(t.substr(0,pos),
- url_decode(t.substr(pos+1, t.size() -1)));
- }
- }
- }
+ if (s->info.args.exists("Action")) {
+ const std::string action_name = s->info.args.get("Action");
+ return op_generators.contains(action_name);
}
- auto payload_hash = rgw::auth::s3::calc_v4_payload_hash(post_body);
- s->info.args.append("PayloadHash", payload_hash);
+ return false;
}
RGWOp *RGWHandler_REST_IAM::op_post()
{
- rgw_iam_parse_input();
-
if (s->info.args.exists("Action")) {
- string action = s->info.args.get("Action");
- if (action.compare("CreateRole") == 0)
- return new RGWCreateRole(this->bl_post_body);
- if (action.compare("DeleteRole") == 0)
- return new RGWDeleteRole(this->bl_post_body);
- if (action.compare("GetRole") == 0)
- return new RGWGetRole;
- if (action.compare("UpdateAssumeRolePolicy") == 0)
- return new RGWModifyRole(this->bl_post_body);
- if (action.compare("ListRoles") == 0)
- return new RGWListRoles;
- if (action.compare("PutRolePolicy") == 0)
- return new RGWPutRolePolicy(this->bl_post_body);
- if (action.compare("GetRolePolicy") == 0)
- return new RGWGetRolePolicy;
- if (action.compare("ListRolePolicies") == 0)
- return new RGWListRolePolicies;
- if (action.compare("DeleteRolePolicy") == 0)
- return new RGWDeleteRolePolicy(this->bl_post_body);
- if (action.compare("PutUserPolicy") == 0)
- return new RGWPutUserPolicy;
- if (action.compare("GetUserPolicy") == 0)
- return new RGWGetUserPolicy;
- if (action.compare("ListUserPolicies") == 0)
- return new RGWListUserPolicies;
- if (action.compare("DeleteUserPolicy") == 0)
- return new RGWDeleteUserPolicy;
- if (action.compare("CreateOpenIDConnectProvider") == 0)
- return new RGWCreateOIDCProvider;
- if (action.compare("ListOpenIDConnectProviders") == 0)
- return new RGWListOIDCProviders;
- if (action.compare("GetOpenIDConnectProvider") == 0)
- return new RGWGetOIDCProvider;
- if (action.compare("DeleteOpenIDConnectProvider") == 0)
- return new RGWDeleteOIDCProvider;
- if (action.compare("TagRole") == 0)
- return new RGWTagRole(this->bl_post_body);
- if (action.compare("ListRoleTags") == 0)
- return new RGWListRoleTags;
- if (action.compare("UntagRole") == 0)
- return new RGWUntagRole(this->bl_post_body);
+ const std::string action_name = s->info.args.get("Action");
+ const auto action_it = op_generators.find(action_name);
+ if (action_it != op_generators.end()) {
+ return action_it->second(bl_post_body);
+ }
+ ldpp_dout(s, 10) << "unknown action '" << action_name << "' for IAM handler" << dendl;
+ } else {
+ ldpp_dout(s, 10) << "missing action argument in IAM handler" << dendl;
}
-
return nullptr;
}
-int RGWHandler_REST_IAM::init(rgw::sal::Store* store,
- struct req_state *s,
+int RGWHandler_REST_IAM::init(rgw::sal::Driver* driver,
+ req_state *s,
rgw::io::BasicClient *cio)
{
s->dialect = "iam";
+ s->prot_flags = RGW_REST_IAM;
- if (int ret = RGWHandler_REST_IAM::init_from_header(s, RGW_FORMAT_XML, true); ret < 0) {
- ldpp_dout(s, 10) << "init_from_header returned err=" << ret << dendl;
- return ret;
- }
-
- return RGWHandler_REST::init(store, s, cio);
+ return RGWHandler_REST::init(driver, s, cio);
}
int RGWHandler_REST_IAM::authorize(const DoutPrefixProvider* dpp, optional_yield y)
{
- return RGW_Auth_S3::authorize(dpp, store, auth_registry, s, y);
-}
-
-int RGWHandler_REST_IAM::init_from_header(struct req_state* s,
- int default_formatter,
- bool configurable_format)
-{
- string req;
- string first;
-
- s->prot_flags = RGW_REST_IAM;
-
- const char *p, *req_name;
- if (req_name = s->relative_uri.c_str(); *req_name == '?') {
- p = req_name;
- } else {
- p = s->info.request_params.c_str();
- }
-
- s->info.args.set(p);
- s->info.args.parse(s);
-
- /* must be called after the args parsing */
- if (int ret = allocate_formatter(s, default_formatter, configurable_format); ret < 0)
- return ret;
-
- if (*req_name != '/')
- return 0;
-
- req_name++;
-
- if (!*req_name)
- return 0;
-
- req = req_name;
- int pos = req.find('/');
- if (pos >= 0) {
- first = req.substr(0, pos);
- } else {
- first = req;
- }
-
- return 0;
+ return RGW_Auth_S3::authorize(dpp, driver, auth_registry, s, y);
}
RGWHandler_REST*
-RGWRESTMgr_IAM::get_handler(rgw::sal::Store* store,
- struct req_state* const s,
+RGWRESTMgr_IAM::get_handler(rgw::sal::Driver* driver,
+ req_state* const s,
const rgw::auth::StrategyRegistry& auth_registry,
const std::string& frontend_prefix)
{
projects / ceph.git / blobdiff