import quincy beta 17.1.0

[ceph.git] / ceph / src / rgw / rgw_rest_s3.h

diff --git a/ceph/src/rgw/rgw_rest_s3.h b/ceph/src/rgw/rgw_rest_s3.h
index 14b4e6b61ea78ba763795a1f90d6151c2f253550..d9d60376d0728290ad6e64cba1ad7db89998829f 100644 (file)
--- a/ceph/src/rgw/rgw_rest_s3.h
+++ b/ceph/src/rgw/rgw_rest_s3.h
@@ -135,7 +135,7 @@ public:
     return 0;
   }
   void send_response_begin(bool has_buckets) override;
-  void send_response_data(rgw::sal::RGWBucketList& buckets) override;
+  void send_response_data(rgw::sal::BucketList& buckets) override;
   void send_response_end() override;
 };
 
@@ -170,8 +170,8 @@ class RGWListBucket_ObjStore_S3v2 : public RGWListBucket_ObjStore_S3 {
   bool fetchOwner;
   bool start_after_exist;
   bool continuation_token_exist;
-  string startAfter;
-  string continuation_token;
+  std::string startAfter;
+  std::string continuation_token;
 public:
   RGWListBucket_ObjStore_S3v2() :  fetchOwner(false) {
   }
@@ -277,11 +277,11 @@ public:
   int get_data(bufferlist& bl) override;
   void send_response() override;
 
-  int get_encrypt_filter(std::unique_ptr<rgw::putobj::DataProcessor> *filter,
-                         rgw::putobj::DataProcessor *cb) override;
+  int get_encrypt_filter(std::unique_ptr<rgw::sal::DataProcessor> *filter,
+                         rgw::sal::DataProcessor *cb) override;
   int get_decrypt_filter(std::unique_ptr<RGWGetObj_Filter>* filter,
                          RGWGetObj_Filter* cb,
-                         map<string, bufferlist>& attrs,
+                         std::map<std::string, bufferlist>& attrs,
                          bufferlist* manifest_bl) override;
 };
 
@@ -291,13 +291,13 @@ class RGWPostObj_ObjStore_S3 : public RGWPostObj_ObjStore {
   std::string content_type;
   RGWPolicyEnv env;
   RGWPolicy post_policy;
-  map<string, string> crypt_http_responses;
+  std::map<std::string, std::string> crypt_http_responses;
 
   const rgw::auth::StrategyRegistry* auth_registry_ptr = nullptr;
 
   int get_policy(optional_yield y);
   int get_tags();
-  void rebuild_key(rgw::sal::RGWObject* obj);
+  void rebuild_key(rgw::sal::Object* obj);
 
   std::string get_current_filename() const override;
   std::string get_current_content_type() const override;
@@ -316,8 +316,8 @@ public:
 
   void send_response() override;
   int get_data(ceph::bufferlist& bl, bool& again) override;
-  int get_encrypt_filter(std::unique_ptr<rgw::putobj::DataProcessor> *filter,
-                         rgw::putobj::DataProcessor *cb) override;
+  int get_encrypt_filter(std::unique_ptr<rgw::sal::DataProcessor> *filter,
+                         rgw::sal::DataProcessor *cb) override;
 };
 
 class RGWDeleteObj_ObjStore_S3 : public RGWDeleteObj_ObjStore {
@@ -355,7 +355,7 @@ public:
   RGWPutACLs_ObjStore_S3() {}
   ~RGWPutACLs_ObjStore_S3() override {}
 
-  int get_policy_from_state(rgw::sal::RGWRadosStore *store, struct req_state *s, stringstream& ss) override;
+  int get_policy_from_state(rgw::sal::Store* store, struct req_state *s, std::stringstream& ss) override;
   void send_response() override;
   int get_params(optional_yield y) override;
 };
@@ -420,6 +420,30 @@ public:
   void send_response() override;
 };
 
+class RGWGetBucketEncryption_ObjStore_S3 : public RGWGetBucketEncryption_ObjStore {
+public:
+  RGWGetBucketEncryption_ObjStore_S3() {}
+  ~RGWGetBucketEncryption_ObjStore_S3() override {}
+
+  void send_response() override;
+};
+
+class RGWPutBucketEncryption_ObjStore_S3 : public RGWPutBucketEncryption_ObjStore {
+public:
+  RGWPutBucketEncryption_ObjStore_S3() {}
+  ~RGWPutBucketEncryption_ObjStore_S3() override {}
+
+  void send_response() override;
+};
+
+class RGWDeleteBucketEncryption_ObjStore_S3 : public RGWDeleteBucketEncryption_ObjStore {
+public:
+  RGWDeleteBucketEncryption_ObjStore_S3() {}
+  ~RGWDeleteBucketEncryption_ObjStore_S3() override {}
+
+  void send_response() override;
+};
+
 class RGWGetRequestPayment_ObjStore_S3 : public RGWGetRequestPayment {
 public:
   RGWGetRequestPayment_ObjStore_S3() {}
@@ -446,7 +470,7 @@ public:
 
   int get_params(optional_yield y) override;
   void send_response() override;
-  int prepare_encryption(map<string, bufferlist>& attrs) override;
+  int prepare_encryption(std::map<std::string, bufferlist>& attrs) override;
 };
 
 class RGWCompleteMultipart_ObjStore_S3 : public RGWCompleteMultipart_ObjStore {
@@ -493,7 +517,7 @@ public:
   void send_status() override;
   void begin_response() override;
   void send_partial_response(rgw_obj_key& key, bool delete_marker,
-                             const string& marker_version_id, int ret) override;
+                             const std::string& marker_version_id, int ret) override;
   void end_response() override;
 };
 
@@ -591,7 +615,7 @@ public:
 class RGW_Auth_S3 {
 public:
   static int authorize(const DoutPrefixProvider *dpp,
-                       rgw::sal::RGWRadosStore *store,
+                       rgw::sal::Store* store,
                        const rgw::auth::StrategyRegistry& auth_registry,
                        struct req_state *s, optional_yield y);
 };
@@ -608,10 +632,10 @@ public:
   }
   ~RGWHandler_Auth_S3() override = default;
 
-  static int validate_bucket_name(const string& bucket);
-  static int validate_object_name(const string& bucket);
+  static int validate_bucket_name(const std::string& bucket);
+  static int validate_object_name(const std::string& bucket);
 
-  int init(rgw::sal::RGWRadosStore *store,
+  int init(rgw::sal::Store* store,
            struct req_state *s,
            rgw::io::BasicClient *cio) override;
   int authorize(const DoutPrefixProvider *dpp, optional_yield y) override {
@@ -625,7 +649,7 @@ class RGWHandler_REST_S3 : public RGWHandler_REST {
 protected:
   const rgw::auth::StrategyRegistry& auth_registry;
 public:
-  static int init_from_header(rgw::sal::RGWRadosStore *store, struct req_state *s, int default_formatter, bool configurable_format);
+  static int init_from_header(rgw::sal::Store* store, struct req_state *s, int default_formatter, bool configurable_format);
 
   explicit RGWHandler_REST_S3(const rgw::auth::StrategyRegistry& auth_registry)
     : RGWHandler_REST(),
@@ -633,7 +657,7 @@ public:
     }
   ~RGWHandler_REST_S3() override = default;
 
-  int init(rgw::sal::RGWRadosStore *store,
+  int init(rgw::sal::Store* store,
            struct req_state *s,
            rgw::io::BasicClient *cio) override;
   int authorize(const DoutPrefixProvider *dpp, optional_yield y) override;
@@ -700,6 +724,9 @@ protected:
   bool is_block_public_access_op() {
     return s->info.args.exists("publicAccessBlock");
   }
+  bool is_bucket_encryption_op() {
+    return s->info.args.exists("encryption");
+  }
 
   RGWOp *get_obj_op(bool get_data) const;
   RGWOp *op_get() override;
@@ -765,7 +792,7 @@ public:
 
   ~RGWRESTMgr_S3() override = default;
 
-  RGWHandler_REST *get_handler(rgw::sal::RGWRadosStore *store,
+  RGWHandler_REST *get_handler(rgw::sal::Store* store,
                               struct req_state* s,
                                const rgw::auth::StrategyRegistry& auth_registry,
                                const std::string& frontend_prefix) override;
@@ -800,7 +827,7 @@ static inline bool looks_like_ip_address(const char *bucket)
   return (num_periods == 3);
 }
 
-inline int valid_s3_object_name(const string& name) {
+inline int valid_s3_object_name(const std::string& name) {
   if (name.size() > 1024) {
     return -ERR_INVALID_OBJECT_NAME;
   }
@@ -810,7 +837,7 @@ inline int valid_s3_object_name(const string& name) {
   return 0;
 }
 
-inline int valid_s3_bucket_name(const string& name, bool relaxed=false)
+inline int valid_s3_bucket_name(const std::string& name, bool relaxed=false)
 {
   // This function enforces Amazon's spec for bucket names.
   // (The requirements, not the recommendations.)
@@ -881,76 +908,6 @@ inline int valid_s3_bucket_name(const string& name, bool relaxed=false)
   return 0;
 }
 
-namespace s3selectEngine
-{
-class s3select;
-class csv_object;
-}
-
-class RGWSelectObj_ObjStore_S3 : public RGWGetObj_ObjStore_S3
-{
-
-private:
-  std::unique_ptr<s3selectEngine::s3select> s3select_syntax;
-  std::string m_s3select_query;
-  std::string m_result;
-  std::unique_ptr<s3selectEngine::csv_object> m_s3_csv_object;
-  std::string m_column_delimiter;
-  std::string m_quot;
-  std::string m_row_delimiter;
-  std::string m_compression_type;
-  std::string m_escape_char;
-  std::unique_ptr<char[]>  m_buff_header;
-  std::string m_header_info;
-  std::string m_sql_query;
-
-public:
-  unsigned int chunk_number;
-
-  enum header_name_En
-  {
-    EVENT_TYPE,
-    CONTENT_TYPE,
-    MESSAGE_TYPE
-  };
-  static const char* header_name_str[3];
-
-  enum header_value_En
-  {
-    RECORDS,
-    OCTET_STREAM,
-    EVENT
-  };
-  static const char* header_value_str[3];
-
-  RGWSelectObj_ObjStore_S3();
-  virtual ~RGWSelectObj_ObjStore_S3();
-
-  virtual int send_response_data(bufferlist& bl, off_t ofs, off_t len) override;
-
-  virtual int get_params(optional_yield y) override;
-
-private:
-  void encode_short(char* buff, uint16_t s, int& i);
-
-  void encode_int(char* buff, u_int32_t s, int& i);
-
-  int create_header_records(char* buff);
-
-  std::unique_ptr<boost::crc_32_type> crc32;
-
-  int create_message(std::string&, u_int32_t result_len, u_int32_t header_len);
-
-  int run_s3select(const char* query, const char* input, size_t input_length);
-
-  int extract_by_tag(std::string tag_name, std::string& result);
-
-  void convert_escape_seq(std::string& esc);
-
-  int handle_aws_cli_parameters(std::string& sql_query);
-};
-
-
 namespace rgw::auth::s3 {
 
 class AWSEngine : public rgw::auth::Engine {
@@ -1079,6 +1036,49 @@ public:
   auth_data_t get_auth_data(const req_state* s) const override;
 };
 
+class AWSSignerV4 {
+  const DoutPrefixProvider *dpp;
+  CephContext *cct;
+
+public:
+  AWSSignerV4(const DoutPrefixProvider *_dpp) : dpp(_dpp),
+                                                cct(_dpp->get_cct()) {}
+
+  using access_key_id_t = std::string_view;
+  using string_to_sign_t = AWSEngine::VersionAbstractor::string_to_sign_t;
+  using signature_headers_t = std::map<std::string, std::string>;
+
+  struct prepare_result_t;
+
+  using signature_factory_t = \
+      std::function<signature_headers_t(const DoutPrefixProvider* dpp,
+                                        const std::string& secret_key,
+                                        const prepare_result_t&)>;
+
+  struct prepare_result_t {
+    access_key_id_t access_key_id;
+    std::string date;
+    std::string scope;
+    std::string signed_headers;
+    string_to_sign_t string_to_sign;
+    std::map<std::string, std::string> extra_headers;
+    signature_factory_t signature_factory;
+  };
+
+  static prepare_result_t prepare(const DoutPrefixProvider *dpp,
+                                  const std::string& access_key_id,
+                                  const string& region,
+                                  const string& service,
+                                  const req_info& info,
+                                  const bufferlist *opt_content,
+                                  bool s3_op);
+};
+
+
+extern AWSSignerV4::signature_headers_t
+gen_v4_signature(const DoutPrefixProvider *dpp,
+                 const std::string_view& secret_key,
+                 const AWSSignerV4::prepare_result_t& sig_info);
 
 class LDAPEngine : public AWSEngine {
   static rgw::LDAPHelper* ldh;
@@ -1091,7 +1091,7 @@ class LDAPEngine : public AWSEngine {
   using result_t = rgw::auth::Engine::result_t;
 
 protected:
-  RGWCtl* const ctl;
+  rgw::sal::Store* store;
   const rgw::auth::RemoteApplier::Factory* const apl_factory;
 
   acl_strategy_t get_acl_strategy() const;
@@ -1108,11 +1108,11 @@ protected:
                        optional_yield y) const override;
 public:
   LDAPEngine(CephContext* const cct,
-             RGWCtl* const ctl,
+             rgw::sal::Store* store,
              const VersionAbstractor& ver_abstractor,
              const rgw::auth::RemoteApplier::Factory* const apl_factory)
     : AWSEngine(cct, ver_abstractor),
-      ctl(ctl),
+      store(store),
       apl_factory(apl_factory) {
     init(cct);
   }
@@ -1128,7 +1128,7 @@ public:
 };
 
 class LocalEngine : public AWSEngine {
-  RGWCtl* const ctl;
+  rgw::sal::Store* store;
   const rgw::auth::LocalApplier::Factory* const apl_factory;
 
   result_t authenticate(const DoutPrefixProvider* dpp,
@@ -1142,11 +1142,11 @@ class LocalEngine : public AWSEngine {
                        optional_yield y) const override;
 public:
   LocalEngine(CephContext* const cct,
-              RGWCtl* const ctl,
+              rgw::sal::Store* store,
               const VersionAbstractor& ver_abstractor,
               const rgw::auth::LocalApplier::Factory* const apl_factory)
     : AWSEngine(cct, ver_abstractor),
-      ctl(ctl),
+      store(store),
       apl_factory(apl_factory) {
   }
 
@@ -1158,7 +1158,7 @@ public:
 };
 
 class STSEngine : public AWSEngine {
-  RGWCtl* const ctl;
+  rgw::sal::Store* store;
   const rgw::auth::LocalApplier::Factory* const local_apl_factory;
   const rgw::auth::RemoteApplier::Factory* const remote_apl_factory;
   const rgw::auth::RoleApplier::Factory* const role_apl_factory;
@@ -1183,13 +1183,13 @@ class STSEngine : public AWSEngine {
                        optional_yield y) const override;
 public:
   STSEngine(CephContext* const cct,
-              RGWCtl* const ctl,
+              rgw::sal::Store* store,
               const VersionAbstractor& ver_abstractor,
               const rgw::auth::LocalApplier::Factory* const local_apl_factory,
               const rgw::auth::RemoteApplier::Factory* const remote_apl_factory,
               const rgw::auth::RoleApplier::Factory* const role_apl_factory)
     : AWSEngine(cct, ver_abstractor),
-      ctl(ctl),
+      store(store),
       local_apl_factory(local_apl_factory),
       remote_apl_factory(remote_apl_factory),
       role_apl_factory(role_apl_factory) {