X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=ceph%2Fsrc%2Frgw%2Frgw_common.h;h=25e5b24ad8170dde5731188b187993f92a26c72b;hb=39ae355f72b1d71f2212a99f2bd9f6c1e0d35528;hp=9d6e4049600a2880ece679add07070077742af9d;hpb=b32b81446b3b05102be0267e79203f59329c1d97;p=ceph.git diff --git a/ceph/src/rgw/rgw_common.h b/ceph/src/rgw/rgw_common.h index 9d6e40496..25e5b24ad 100644 --- a/ceph/src/rgw/rgw_common.h +++ b/ceph/src/rgw/rgw_common.h @@ -1,5 +1,6 @@ // -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*- -// vim: ts=8 sw=2 smarttab +// vim: ts=8 sw=2 smarttab ft=cpp + /* * Ceph - scalable distributed file system * @@ -13,33 +14,46 @@ * */ -#ifndef CEPH_RGW_COMMON_H -#define CEPH_RGW_COMMON_H +#pragma once #include - -#include +#include +#include +#include #include "common/ceph_crypto.h" -#include "common/perf_counters.h" -#include "acconfig.h" +#include "common/random_string.h" #include "rgw_acl.h" +#include "rgw_bucket_layout.h" #include "rgw_cors.h" #include "rgw_iam_policy.h" #include "rgw_quota.h" #include "rgw_string.h" +#include "common/async/yield_context.h" #include "rgw_website.h" +#include "rgw_object_lock.h" +#include "rgw_tag.h" +#include "rgw_op_type.h" +#include "rgw_sync_policy.h" #include "cls/version/cls_version_types.h" #include "cls/user/cls_user_types.h" #include "cls/rgw/cls_rgw_types.h" #include "include/rados/librados.hpp" +#include "rgw_public_access.h" +#include "common/tracer.h" namespace ceph { class Formatter; } -using ceph::crypto::MD5; +namespace rgw::sal { + class User; + class Bucket; + class Object; + using Attrs = std::map; +} +using ceph::crypto::MD5; #define RGW_ATTR_PREFIX "user.rgw." @@ -54,6 +68,7 @@ using ceph::crypto::MD5; #define RGW_SYS_PARAM_PREFIX "rgwx-" #define RGW_ATTR_ACL RGW_ATTR_PREFIX "acl" +#define RGW_ATTR_RATELIMIT RGW_ATTR_PREFIX "ratelimit" #define RGW_ATTR_LC RGW_ATTR_PREFIX "lc" #define RGW_ATTR_CORS RGW_ATTR_PREFIX "cors" #define RGW_ATTR_ETAG RGW_ATTR_PREFIX "etag" @@ -77,6 +92,13 @@ using ceph::crypto::MD5; * user through custom HTTP header named X-Static-Large-Object. */ #define RGW_ATTR_SLO_UINDICATOR RGW_ATTR_META_PREFIX "static-large-object" #define RGW_ATTR_X_ROBOTS_TAG RGW_ATTR_PREFIX "x-robots-tag" +#define RGW_ATTR_STORAGE_CLASS RGW_ATTR_PREFIX "storage_class" + +/* S3 Object Lock*/ +#define RGW_ATTR_OBJECT_LOCK RGW_ATTR_PREFIX "object-lock" +#define RGW_ATTR_OBJECT_RETENTION RGW_ATTR_PREFIX "object-retention" +#define RGW_ATTR_OBJECT_LEGAL_HOLD RGW_ATTR_PREFIX "object-legal-hold" + #define RGW_ATTR_PG_VER RGW_ATTR_PREFIX "pg_ver" #define RGW_ATTR_SOURCE_ZONE RGW_ATTR_PREFIX "source_zone" @@ -105,9 +127,12 @@ using ceph::crypto::MD5; #define RGW_ATTR_COMPRESSION RGW_ATTR_PREFIX "compression" +#define RGW_ATTR_APPEND_PART_NUM RGW_ATTR_PREFIX "append_part_num" + /* IAM Policy */ #define RGW_ATTR_IAM_POLICY RGW_ATTR_PREFIX "iam-policy" - +#define RGW_ATTR_USER_POLICY RGW_ATTR_PREFIX "user-policy" +#define RGW_ATTR_PUBLIC_ACCESS RGW_ATTR_PREFIX "public-access" /* RGW File Attributes */ #define RGW_ATTR_UNIX_KEY1 RGW_ATTR_PREFIX "unix-key1" @@ -118,8 +143,15 @@ using ceph::crypto::MD5; #define RGW_ATTR_CRYPT_KEYMD5 RGW_ATTR_CRYPT_PREFIX "keymd5" #define RGW_ATTR_CRYPT_KEYID RGW_ATTR_CRYPT_PREFIX "keyid" #define RGW_ATTR_CRYPT_KEYSEL RGW_ATTR_CRYPT_PREFIX "keysel" +#define RGW_ATTR_CRYPT_CONTEXT RGW_ATTR_CRYPT_PREFIX "context" +#define RGW_ATTR_CRYPT_DATAKEY RGW_ATTR_CRYPT_PREFIX "datakey" + +/* SSE-S3 Encryption Attributes */ +#define RGW_ATTR_BUCKET_ENCRYPTION_PREFIX RGW_ATTR_PREFIX "sse-s3." +#define RGW_ATTR_BUCKET_ENCRYPTION_POLICY RGW_ATTR_BUCKET_ENCRYPTION_PREFIX "policy" +#define RGW_ATTR_BUCKET_ENCRYPTION_KEY_ID RGW_ATTR_BUCKET_ENCRYPTION_PREFIX "key-id" -#define RGW_BUCKETS_OBJ_SUFFIX ".buckets" +#define RGW_ATTR_TRACE RGW_ATTR_PREFIX "trace" #define RGW_FORMAT_PLAIN 0 #define RGW_FORMAT_XML 1 @@ -134,6 +166,8 @@ using ceph::crypto::MD5; #define RGW_REST_SWIFT_AUTH 0x2 #define RGW_REST_S3 0x4 #define RGW_REST_WEBSITE 0x8 +#define RGW_REST_STS 0x10 +#define RGW_REST_IAM 0x20 #define RGW_SUSPENDED_USER_AUID (uint64_t)-2 @@ -201,6 +235,11 @@ using ceph::crypto::MD5; #define ERR_NO_SUCH_LC 2041 #define ERR_NO_SUCH_USER 2042 #define ERR_NO_SUCH_SUBUSER 2043 +#define ERR_MFA_REQUIRED 2044 +#define ERR_NO_SUCH_CORS_CONFIGURATION 2045 +#define ERR_NO_SUCH_OBJECT_LOCK_CONFIGURATION 2046 +#define ERR_INVALID_RETENTION_PERIOD 2047 +#define ERR_NO_SUCH_BUCKET_ENCRYPTION_CONFIGURATION 2048 #define ERR_USER_SUSPENDED 2100 #define ERR_INTERNAL_ERROR 2200 #define ERR_NOT_IMPLEMENTED 2201 @@ -217,8 +256,24 @@ using ceph::crypto::MD5; #define ERR_MALFORMED_ACL_ERROR 2212 #define ERR_ZONEGROUP_DEFAULT_PLACEMENT_MISCONFIGURATION 2213 #define ERR_INVALID_ENCRYPTION_ALGORITHM 2214 +#define ERR_INVALID_CORS_RULES_ERROR 2215 +#define ERR_NO_CORS_FOUND 2216 +#define ERR_INVALID_WEBSITE_ROUTING_RULES_ERROR 2217 +#define ERR_RATE_LIMITED 2218 +#define ERR_POSITION_NOT_EQUAL_TO_LENGTH 2219 +#define ERR_OBJECT_NOT_APPENDABLE 2220 +#define ERR_INVALID_BUCKET_STATE 2221 +#define ERR_INVALID_OBJECT_STATE 2222 #define ERR_BUSY_RESHARDING 2300 +#define ERR_NO_SUCH_ENTITY 2301 +#define ERR_LIMIT_EXCEEDED 2302 + +// STS Errors +#define ERR_PACKED_POLICY_TOO_LARGE 2400 +#define ERR_INVALID_IDENTITY_TOKEN 2401 + +#define ERR_NO_SUCH_TAG_SET 2402 #ifndef UINT32_MAX #define UINT32_MAX (0xffffffffu) @@ -228,60 +283,14 @@ struct req_state; typedef void *RGWAccessHandle; - -/* perf counter */ - -extern PerfCounters *perfcounter; - -extern int rgw_perf_start(CephContext *cct); -extern void rgw_perf_stop(CephContext *cct); - -enum { - l_rgw_first = 15000, - l_rgw_req, - l_rgw_failed_req, - - l_rgw_get, - l_rgw_get_b, - l_rgw_get_lat, - - l_rgw_put, - l_rgw_put_b, - l_rgw_put_lat, - - l_rgw_qlen, - l_rgw_qactive, - - l_rgw_cache_hit, - l_rgw_cache_miss, - - l_rgw_keystone_token_cache_hit, - l_rgw_keystone_token_cache_miss, - - l_rgw_last, -}; - - - /* size should be the required string size + 1 */ -extern int gen_rand_base64(CephContext *cct, char *dest, int size); -extern int gen_rand_alphanumeric(CephContext *cct, char *dest, int size); -extern int gen_rand_alphanumeric_lower(CephContext *cct, char *dest, int size); -extern int gen_rand_alphanumeric_upper(CephContext *cct, char *dest, int size); -extern int gen_rand_alphanumeric_no_underscore(CephContext *cct, char *dest, int size); -extern int gen_rand_alphanumeric_plain(CephContext *cct, char *dest, int size); - -extern int gen_rand_alphanumeric_lower(CephContext *cct, string *str, int length); - enum RGWIntentEvent { DEL_OBJ = 0, DEL_DIR = 1, }; -enum RGWObjCategory { - RGW_OBJ_CATEGORY_NONE = 0, - RGW_OBJ_CATEGORY_MAIN = 1, - RGW_OBJ_CATEGORY_SHADOW = 2, - RGW_OBJ_CATEGORY_MULTIMETA = 3, +enum HostStyle { + PathStyle = 0, + VirtualStyle = 1, }; /** Store error returns for output at a different point in the program */ @@ -299,54 +308,58 @@ struct rgw_err { }; - /* Helper class used for RGWHTTPArgs parsing */ class NameVal { - string str; - string name; - string val; + const std::string str; + std::string name; + std::string val; public: - explicit NameVal(string nv) : str(nv) {} + explicit NameVal(const std::string& nv) : str(nv) {} int parse(); - string& get_name() { return name; } - string& get_val() { return val; } + std::string& get_name() { return name; } + std::string& get_val() { return val; } }; /** Stores the XML arguments associated with the HTTP request in req_state*/ -class RGWHTTPArgs -{ - string str, empty_str; - map val_map; - map sys_val_map; - map sub_resources; - bool has_resp_modifier; - bool admin_subresource_added; +class RGWHTTPArgs { + std::string str, empty_str; + std::map val_map; + std::map sys_val_map; + std::map sub_resources; + bool has_resp_modifier = false; + bool admin_subresource_added = false; public: - RGWHTTPArgs() : has_resp_modifier(false), admin_subresource_added(false) {} + RGWHTTPArgs() = default; + explicit RGWHTTPArgs(const std::string& s, const DoutPrefixProvider *dpp) { + set(s); + parse(dpp); + } /** Set the arguments; as received */ - void set(string s) { + void set(const std::string& s) { has_resp_modifier = false; val_map.clear(); sub_resources.clear(); str = s; } /** parse the received arguments */ - int parse(); - void append(const string& name, const string& val); + int parse(const DoutPrefixProvider *dpp); + void append(const std::string& name, const std::string& val); + void remove(const std::string& name); /** Get the value for a specific argument parameter */ - const string& get(const string& name, bool *exists = NULL) const; + const std::string& get(const std::string& name, bool *exists = NULL) const; boost::optional get_optional(const std::string& name) const; - int get_bool(const string& name, bool *val, bool *exists); - int get_bool(const char *name, bool *val, bool *exists); - void get_bool(const char *name, bool *val, bool def_val); + int get_bool(const std::string& name, bool *val, bool *exists) const; + int get_bool(const char *name, bool *val, bool *exists) const; + void get_bool(const char *name, bool *val, bool def_val) const; + int get_int(const char *name, int *val, int def_val) const; /** Get the value for specific system argument parameter */ - std::string sys_get(const string& name, bool *exists = nullptr) const; + std::string sys_get(const std::string& name, bool *exists = nullptr) const; /** see if a parameter is contained in this RGWHTTPArgs */ bool exists(const char *name) const { @@ -355,9 +368,27 @@ class RGWHTTPArgs bool sub_resource_exists(const char *name) const { return (sub_resources.find(name) != std::end(sub_resources)); } - map& get_params() { + bool exist_obj_excl_sub_resource() const { + const char* const obj_sub_resource[] = {"append", "torrent", "uploadId", + "partNumber", "versionId"}; + for (unsigned i = 0; i != std::size(obj_sub_resource); i++) { + if (sub_resource_exists(obj_sub_resource[i])) return true; + } + return false; + } + + std::map& get_params() { + return val_map; + } + const std::map& get_params() const { return val_map; } + std::map& get_sys_params() { + return sys_val_map; + } + const std::map& get_sys_params() const { + return sys_val_map; + } const std::map& get_sub_resources() const { return sub_resources; } @@ -368,43 +399,40 @@ class RGWHTTPArgs return has_resp_modifier; } void set_system() { /* make all system params visible */ - map::iterator iter; + std::map::iterator iter; for (iter = sys_val_map.begin(); iter != sys_val_map.end(); ++iter) { val_map[iter->first] = iter->second; } } - const string& get_str() { + const std::string& get_str() { return str; } -}; +}; // RGWHTTPArgs -const char *rgw_conf_get(const map& conf_map, const char *name, const char *def_val); -int rgw_conf_get_int(const map& conf_map, const char *name, int def_val); -bool rgw_conf_get_bool(const map& conf_map, const char *name, bool def_val); +const char *rgw_conf_get(const std::map& conf_map, const char *name, const char *def_val); +int rgw_conf_get_int(const std::map& conf_map, const char *name, int def_val); +bool rgw_conf_get_bool(const std::map& conf_map, const char *name, bool def_val); class RGWEnv; class RGWConf { friend class RGWEnv; -protected: - void init(CephContext *cct, RGWEnv* env); + int enable_ops_log; + int enable_usage_log; + uint8_t defer_to_bucket_acls; + void init(CephContext *cct); public: RGWConf() : enable_ops_log(1), enable_usage_log(1), defer_to_bucket_acls(0) { } - - int enable_ops_log; - int enable_usage_log; - uint8_t defer_to_bucket_acls; }; class RGWEnv { - std::map env_map; -public: + std::map env_map; RGWConf conf; - +public: void init(CephContext *cct); void init(CephContext *cct, char **envp); void set(std::string name, std::string val); @@ -414,12 +442,25 @@ public: size_t get_size(const char *name, size_t def_val = 0) const; bool exists(const char *name) const; bool exists_prefix(const char *prefix) const; - void remove(const char *name); + const std::map& get_map() const { return env_map; } + int get_enable_ops_log() const { + return conf.enable_ops_log; + } + + int get_enable_usage_log() const { + return conf.enable_usage_log; + } - const std::map& get_map() const { return env_map; } + int get_defer_to_bucket_acls() const { + return conf.defer_to_bucket_acls; + } }; +// return true if the connection is secure. this either means that the +// connection arrived via ssl, or was forwarded as https by a trusted proxy +bool rgw_transport_is_secure(CephContext *cct, const RGWEnv& env); + enum http_op { OP_GET, OP_PUT, @@ -431,84 +472,13 @@ enum http_op { OP_UNKNOWN, }; -enum RGWOpType { - RGW_OP_UNKNOWN = 0, - RGW_OP_GET_OBJ, - RGW_OP_LIST_BUCKETS, - RGW_OP_STAT_ACCOUNT, - RGW_OP_LIST_BUCKET, - RGW_OP_GET_BUCKET_LOGGING, - RGW_OP_GET_BUCKET_LOCATION, - RGW_OP_GET_BUCKET_VERSIONING, - RGW_OP_SET_BUCKET_VERSIONING, - RGW_OP_GET_BUCKET_WEBSITE, - RGW_OP_SET_BUCKET_WEBSITE, - RGW_OP_STAT_BUCKET, - RGW_OP_CREATE_BUCKET, - RGW_OP_DELETE_BUCKET, - RGW_OP_PUT_OBJ, - RGW_OP_STAT_OBJ, - RGW_OP_POST_OBJ, - RGW_OP_PUT_METADATA_ACCOUNT, - RGW_OP_PUT_METADATA_BUCKET, - RGW_OP_PUT_METADATA_OBJECT, - RGW_OP_SET_TEMPURL, - RGW_OP_DELETE_OBJ, - RGW_OP_COPY_OBJ, - RGW_OP_GET_ACLS, - RGW_OP_PUT_ACLS, - RGW_OP_GET_CORS, - RGW_OP_PUT_CORS, - RGW_OP_DELETE_CORS, - RGW_OP_OPTIONS_CORS, - RGW_OP_GET_REQUEST_PAYMENT, - RGW_OP_SET_REQUEST_PAYMENT, - RGW_OP_INIT_MULTIPART, - RGW_OP_COMPLETE_MULTIPART, - RGW_OP_ABORT_MULTIPART, - RGW_OP_LIST_MULTIPART, - RGW_OP_LIST_BUCKET_MULTIPARTS, - RGW_OP_DELETE_MULTI_OBJ, - RGW_OP_BULK_DELETE, - RGW_OP_SET_ATTRS, - RGW_OP_GET_CROSS_DOMAIN_POLICY, - RGW_OP_GET_HEALTH_CHECK, - RGW_OP_GET_INFO, - RGW_OP_CREATE_ROLE, - RGW_OP_DELETE_ROLE, - RGW_OP_GET_ROLE, - RGW_OP_MODIFY_ROLE, - RGW_OP_LIST_ROLES, - RGW_OP_PUT_ROLE_POLICY, - RGW_OP_GET_ROLE_POLICY, - RGW_OP_LIST_ROLE_POLICIES, - RGW_OP_DELETE_ROLE_POLICY, - RGW_OP_PUT_BUCKET_POLICY, - RGW_OP_GET_BUCKET_POLICY, - RGW_OP_DELETE_BUCKET_POLICY, - RGW_OP_PUT_OBJ_TAGGING, - RGW_OP_GET_OBJ_TAGGING, - RGW_OP_DELETE_OBJ_TAGGING, - RGW_OP_PUT_LC, - RGW_OP_GET_LC, - RGW_OP_DELETE_LC, - /* rgw specific */ - RGW_OP_ADMIN_SET_METADATA, - RGW_OP_GET_OBJ_LAYOUT, - RGW_OP_BULK_UPLOAD, - RGW_OP_METADATA_SEARCH, - RGW_OP_CONFIG_BUCKET_META_SEARCH, - RGW_OP_GET_BUCKET_META_SEARCH, - RGW_OP_DEL_BUCKET_META_SEARCH, -}; - class RGWAccessControlPolicy; class JSONObj; struct RGWAccessKey { - string id; // AccessKey - string key; // SecretKey - string subuser; + std::string id; // AccessKey + std::string key; // SecretKey + std::string subuser; RGWAccessKey() {} RGWAccessKey(std::string _id, std::string _key) @@ -516,23 +486,23 @@ struct RGWAccessKey { void encode(bufferlist& bl) const { ENCODE_START(2, 2, bl); - ::encode(id, bl); - ::encode(key, bl); - ::encode(subuser, bl); + encode(id, bl); + encode(key, bl); + encode(subuser, bl); ENCODE_FINISH(bl); } - void decode(bufferlist::iterator& bl) { + void decode(bufferlist::const_iterator& bl) { DECODE_START_LEGACY_COMPAT_LEN_32(2, 2, 2, bl); - ::decode(id, bl); - ::decode(key, bl); - ::decode(subuser, bl); + decode(id, bl); + decode(key, bl); + decode(subuser, bl); DECODE_FINISH(bl); } void dump(Formatter *f) const; void dump_plain(Formatter *f) const; - void dump(Formatter *f, const string& user, bool swift) const; - static void generate_test_instances(list& o); + void dump(Formatter *f, const std::string& user, bool swift) const; + static void generate_test_instances(std::list& o); void decode_json(JSONObj *obj); void decode_json(JSONObj *obj, bool swift); @@ -540,26 +510,26 @@ struct RGWAccessKey { WRITE_CLASS_ENCODER(RGWAccessKey) struct RGWSubUser { - string name; + std::string name; uint32_t perm_mask; RGWSubUser() : perm_mask(0) {} void encode(bufferlist& bl) const { ENCODE_START(2, 2, bl); - ::encode(name, bl); - ::encode(perm_mask, bl); + encode(name, bl); + encode(perm_mask, bl); ENCODE_FINISH(bl); } - void decode(bufferlist::iterator& bl) { + void decode(bufferlist::const_iterator& bl) { DECODE_START_LEGACY_COMPAT_LEN_32(2, 2, 2, bl); - ::decode(name, bl); - ::decode(perm_mask, bl); + decode(name, bl); + decode(perm_mask, bl); DECODE_FINISH(bl); } void dump(Formatter *f) const; - void dump(Formatter *f, const string& user) const; - static void generate_test_instances(list& o); + void dump(Formatter *f, const std::string& user) const; + static void generate_test_instances(std::list& o); void decode_json(JSONObj *obj); }; @@ -567,28 +537,28 @@ WRITE_CLASS_ENCODER(RGWSubUser) class RGWUserCaps { - map caps; + std::map caps; - int get_cap(const string& cap, string& type, uint32_t *perm); - int add_cap(const string& cap); - int remove_cap(const string& cap); + int get_cap(const std::string& cap, std::string& type, uint32_t *perm); + int add_cap(const std::string& cap); + int remove_cap(const std::string& cap); public: - static int parse_cap_perm(const string& str, uint32_t *perm); - int add_from_string(const string& str); - int remove_from_string(const string& str); + static int parse_cap_perm(const std::string& str, uint32_t *perm); + int add_from_string(const std::string& str); + int remove_from_string(const std::string& str); void encode(bufferlist& bl) const { ENCODE_START(1, 1, bl); - ::encode(caps, bl); + encode(caps, bl); ENCODE_FINISH(bl); } - void decode(bufferlist::iterator& bl) { + void decode(bufferlist::const_iterator& bl) { DECODE_START(1, bl); - ::decode(caps, bl); + decode(caps, bl); DECODE_FINISH(bl); } - int check_cap(const string& cap, uint32_t perm); - bool is_valid_cap_type(const string& tp); + int check_cap(const std::string& cap, uint32_t perm) const; + bool is_valid_cap_type(const std::string& tp); void dump(Formatter *f) const; void dump(Formatter *f, const char *name) const; @@ -601,39 +571,193 @@ void encode_json(const char *name, const RGWUserCaps& val, Formatter *f); void decode_json_obj(obj_version& v, JSONObj *obj); -enum RGWUserSourceType + + +enum RGWIdentityType { TYPE_NONE=0, TYPE_RGW=1, TYPE_KEYSTONE=2, - TYPE_LDAP=3 + TYPE_LDAP=3, + TYPE_ROLE=4, + TYPE_WEB=5, }; +static std::string RGW_STORAGE_CLASS_STANDARD = "STANDARD"; + +struct rgw_placement_rule { + std::string name; + std::string storage_class; + + rgw_placement_rule() {} + rgw_placement_rule(const std::string& _n, const std::string& _sc) : name(_n), storage_class(_sc) {} + rgw_placement_rule(const rgw_placement_rule& _r, const std::string& _sc) : name(_r.name) { + if (!_sc.empty()) { + storage_class = _sc; + } else { + storage_class = _r.storage_class; + } + } + + bool empty() const { + return name.empty() && storage_class.empty(); + } + + void inherit_from(const rgw_placement_rule& r) { + if (name.empty()) { + name = r.name; + } + if (storage_class.empty()) { + storage_class = r.storage_class; + } + } + + void clear() { + name.clear(); + storage_class.clear(); + } + + void init(const std::string& n, const std::string& c) { + name = n; + storage_class = c; + } + + static const std::string& get_canonical_storage_class(const std::string& storage_class) { + if (storage_class.empty()) { + return RGW_STORAGE_CLASS_STANDARD; + } + return storage_class; + } + + const std::string& get_storage_class() const { + return get_canonical_storage_class(storage_class); + } + + int compare(const rgw_placement_rule& r) const { + int c = name.compare(r.name); + if (c != 0) { + return c; + } + return get_storage_class().compare(r.get_storage_class()); + } + + bool operator==(const rgw_placement_rule& r) const { + return (name == r.name && + get_storage_class() == r.get_storage_class()); + } + + bool operator!=(const rgw_placement_rule& r) const { + return !(*this == r); + } + + void encode(bufferlist& bl) const { + /* no ENCODE_START/END due to backward compatibility */ + std::string s = to_str(); + ceph::encode(s, bl); + } + + void decode(bufferlist::const_iterator& bl) { + std::string s; + ceph::decode(s, bl); + from_str(s); + } + + std::string to_str() const { + if (standard_storage_class()) { + return name; + } + return to_str_explicit(); + } + + std::string to_str_explicit() const { + return name + "/" + storage_class; + } + + void from_str(const std::string& s) { + size_t pos = s.find("/"); + if (pos == std::string::npos) { + name = s; + storage_class.clear(); + return; + } + name = s.substr(0, pos); + storage_class = s.substr(pos + 1); + } + + bool standard_storage_class() const { + return storage_class.empty() || storage_class == RGW_STORAGE_CLASS_STANDARD; + } +}; +WRITE_CLASS_ENCODER(rgw_placement_rule) + +void encode_json(const char *name, const rgw_placement_rule& val, ceph::Formatter *f); +void decode_json_obj(rgw_placement_rule& v, JSONObj *obj); + +inline std::ostream& operator<<(std::ostream& out, const rgw_placement_rule& rule) { + return out << rule.to_str(); +} + +class RateLimiter; +struct RGWRateLimitInfo { + int64_t max_write_ops; + int64_t max_read_ops; + int64_t max_write_bytes; + int64_t max_read_bytes; + bool enabled = false; + RGWRateLimitInfo() + : max_write_ops(0), max_read_ops(0), max_write_bytes(0), max_read_bytes(0) {} + + void encode(bufferlist& bl) const { + ENCODE_START(1, 1, bl); + encode(max_write_ops, bl); + encode(max_read_ops, bl); + encode(max_write_bytes, bl); + encode(max_read_bytes, bl); + encode(enabled, bl); + ENCODE_FINISH(bl); + } + void decode(bufferlist::const_iterator& bl) { + DECODE_START(1, bl); + decode(max_write_ops,bl); + decode(max_read_ops, bl); + decode(max_write_bytes,bl); + decode(max_read_bytes, bl); + decode(enabled, bl); + DECODE_FINISH(bl); + } + + void dump(Formatter *f) const; + + void decode_json(JSONObj *obj); + +}; +WRITE_CLASS_ENCODER(RGWRateLimitInfo) + struct RGWUserInfo { - uint64_t auid; rgw_user user_id; - string display_name; - string user_email; - map access_keys; - map swift_keys; - map subusers; + std::string display_name; + std::string user_email; + std::map access_keys; + std::map swift_keys; + std::map subusers; __u8 suspended; int32_t max_buckets; uint32_t op_mask; RGWUserCaps caps; __u8 admin; __u8 system; - string default_placement; - list placement_tags; + rgw_placement_rule default_placement; + std::list placement_tags; RGWQuotaInfo bucket_quota; - map temp_url_keys; + std::map temp_url_keys; RGWQuotaInfo user_quota; uint32_t type; + std::set mfa_ids; + std::string assumed_role_arn; RGWUserInfo() - : auid(0), - suspended(0), + : suspended(0), max_buckets(RGW_DEFAULT_MAX_BUCKETS), op_mask(RGW_OP_TYPE_ALL), admin(0), @@ -641,267 +765,159 @@ struct RGWUserInfo type(TYPE_NONE) { } - RGWAccessKey* get_key0() { + RGWAccessKey* get_key(const std::string& access_key) { if (access_keys.empty()) return nullptr; + + auto k = access_keys.find(access_key); + if (k == access_keys.end()) + return nullptr; else - return &(access_keys.begin()->second); + return &(k->second); } void encode(bufferlist& bl) const { - ENCODE_START(19, 9, bl); - ::encode(auid, bl); - string access_key; - string secret_key; + ENCODE_START(22, 9, bl); + encode((uint64_t)0, bl); // old auid + std::string access_key; + std::string secret_key; if (!access_keys.empty()) { - map::const_iterator iter = access_keys.begin(); + std::map::const_iterator iter = access_keys.begin(); const RGWAccessKey& k = iter->second; access_key = k.id; secret_key = k.key; } - ::encode(access_key, bl); - ::encode(secret_key, bl); - ::encode(display_name, bl); - ::encode(user_email, bl); - string swift_name; - string swift_key; + encode(access_key, bl); + encode(secret_key, bl); + encode(display_name, bl); + encode(user_email, bl); + std::string swift_name; + std::string swift_key; if (!swift_keys.empty()) { - map::const_iterator iter = swift_keys.begin(); + std::map::const_iterator iter = swift_keys.begin(); const RGWAccessKey& k = iter->second; swift_name = k.id; swift_key = k.key; } - ::encode(swift_name, bl); - ::encode(swift_key, bl); - ::encode(user_id.id, bl); - ::encode(access_keys, bl); - ::encode(subusers, bl); - ::encode(suspended, bl); - ::encode(swift_keys, bl); - ::encode(max_buckets, bl); - ::encode(caps, bl); - ::encode(op_mask, bl); - ::encode(system, bl); - ::encode(default_placement, bl); - ::encode(placement_tags, bl); - ::encode(bucket_quota, bl); - ::encode(temp_url_keys, bl); - ::encode(user_quota, bl); - ::encode(user_id.tenant, bl); - ::encode(admin, bl); - ::encode(type, bl); + encode(swift_name, bl); + encode(swift_key, bl); + encode(user_id.id, bl); + encode(access_keys, bl); + encode(subusers, bl); + encode(suspended, bl); + encode(swift_keys, bl); + encode(max_buckets, bl); + encode(caps, bl); + encode(op_mask, bl); + encode(system, bl); + encode(default_placement, bl); + encode(placement_tags, bl); + encode(bucket_quota, bl); + encode(temp_url_keys, bl); + encode(user_quota, bl); + encode(user_id.tenant, bl); + encode(admin, bl); + encode(type, bl); + encode(mfa_ids, bl); + encode(assumed_role_arn, bl); + encode(user_id.ns, bl); ENCODE_FINISH(bl); } - void decode(bufferlist::iterator& bl) { - DECODE_START_LEGACY_COMPAT_LEN_32(19, 9, 9, bl); - if (struct_v >= 2) ::decode(auid, bl); - else auid = CEPH_AUTH_UID_DEFAULT; - string access_key; - string secret_key; - ::decode(access_key, bl); - ::decode(secret_key, bl); + void decode(bufferlist::const_iterator& bl) { + DECODE_START_LEGACY_COMPAT_LEN_32(22, 9, 9, bl); + if (struct_v >= 2) { + uint64_t old_auid; + decode(old_auid, bl); + } + std::string access_key; + std::string secret_key; + decode(access_key, bl); + decode(secret_key, bl); if (struct_v < 6) { RGWAccessKey k; k.id = access_key; k.key = secret_key; access_keys[access_key] = k; } - ::decode(display_name, bl); - ::decode(user_email, bl); + decode(display_name, bl); + decode(user_email, bl); /* We populate swift_keys map later nowadays, but we have to decode. */ - string swift_name; - string swift_key; - if (struct_v >= 3) ::decode(swift_name, bl); - if (struct_v >= 4) ::decode(swift_key, bl); + std::string swift_name; + std::string swift_key; + if (struct_v >= 3) decode(swift_name, bl); + if (struct_v >= 4) decode(swift_key, bl); if (struct_v >= 5) - ::decode(user_id.id, bl); + decode(user_id.id, bl); else user_id.id = access_key; if (struct_v >= 6) { - ::decode(access_keys, bl); - ::decode(subusers, bl); + decode(access_keys, bl); + decode(subusers, bl); } suspended = 0; if (struct_v >= 7) { - ::decode(suspended, bl); + decode(suspended, bl); } if (struct_v >= 8) { - ::decode(swift_keys, bl); + decode(swift_keys, bl); } if (struct_v >= 10) { - ::decode(max_buckets, bl); + decode(max_buckets, bl); } else { max_buckets = RGW_DEFAULT_MAX_BUCKETS; } if (struct_v >= 11) { - ::decode(caps, bl); + decode(caps, bl); } if (struct_v >= 12) { - ::decode(op_mask, bl); + decode(op_mask, bl); } else { op_mask = RGW_OP_TYPE_ALL; } if (struct_v >= 13) { - ::decode(system, bl); - ::decode(default_placement, bl); - ::decode(placement_tags, bl); /* tags of allowed placement rules */ + decode(system, bl); + decode(default_placement, bl); + decode(placement_tags, bl); /* tags of allowed placement rules */ } if (struct_v >= 14) { - ::decode(bucket_quota, bl); + decode(bucket_quota, bl); } if (struct_v >= 15) { - ::decode(temp_url_keys, bl); + decode(temp_url_keys, bl); } if (struct_v >= 16) { - ::decode(user_quota, bl); + decode(user_quota, bl); } if (struct_v >= 17) { - ::decode(user_id.tenant, bl); + decode(user_id.tenant, bl); } else { user_id.tenant.clear(); } if (struct_v >= 18) { - ::decode(admin, bl); + decode(admin, bl); } if (struct_v >= 19) { - ::decode(type, bl); + decode(type, bl); } - DECODE_FINISH(bl); - } - void dump(Formatter *f) const; - static void generate_test_instances(list& o); - - void decode_json(JSONObj *obj); -}; -WRITE_CLASS_ENCODER(RGWUserInfo) - -struct rgw_pool { - std::string name; - std::string ns; - - rgw_pool() = default; - rgw_pool(const rgw_pool& _p) : name(_p.name), ns(_p.ns) {} - rgw_pool(rgw_pool&&) = default; - rgw_pool(const string& _s) { - from_str(_s); - } - rgw_pool(const string& _name, const string& _ns) : name(_name), ns(_ns) {} - - string to_str() const; - void from_str(const string& s); - - void init(const string& _s) { - from_str(_s); - } - - bool empty() const { - return name.empty(); - } - - int compare(const rgw_pool& p) const { - int r = name.compare(p.name); - if (r != 0) { - return r; + if (struct_v >= 20) { + decode(mfa_ids, bl); } - return ns.compare(p.ns); - } - - void encode(bufferlist& bl) const { - ENCODE_START(10, 10, bl); - ::encode(name, bl); - ::encode(ns, bl); - ENCODE_FINISH(bl); - } - - void decode_from_bucket(bufferlist::iterator& bl); - - void decode(bufferlist::iterator& bl) { - DECODE_START_LEGACY_COMPAT_LEN(10, 3, 3, bl); - - ::decode(name, bl); - - if (struct_v < 10) { - - /* - * note that rgw_pool can be used where rgw_bucket was used before - * therefore we inherit rgw_bucket's old versions. However, we only - * need the first field from rgw_bucket. unless we add more fields - * in which case we'll need to look at struct_v, and check the actual - * version. Anything older than 10 needs to be treated as old rgw_bucket - */ - + if (struct_v >= 21) { + decode(assumed_role_arn, bl); + } + if (struct_v >= 22) { + decode(user_id.ns, bl); } else { - ::decode(ns, bl); + user_id.ns.clear(); } - DECODE_FINISH(bl); } - - rgw_pool& operator=(const rgw_pool&) = default; - - bool operator==(const rgw_pool& p) const { - return (compare(p) == 0); - } - bool operator!=(const rgw_pool& p) const { - return !(*this == p); - } - bool operator<(const rgw_pool& p) const { - int r = name.compare(p.name); - if (r == 0) { - return (ns.compare(p.ns) < 0); - } - return (r < 0); - } -}; -WRITE_CLASS_ENCODER(rgw_pool) - -struct rgw_data_placement_target { - rgw_pool data_pool; - rgw_pool data_extra_pool; - rgw_pool index_pool; - - rgw_data_placement_target() = default; - rgw_data_placement_target(const rgw_data_placement_target&) = default; - rgw_data_placement_target(rgw_data_placement_target&&) = default; - - rgw_data_placement_target(const rgw_pool& data_pool, - const rgw_pool& data_extra_pool, - const rgw_pool& index_pool) - : data_pool(data_pool), - data_extra_pool(data_extra_pool), - index_pool(index_pool) { - } - - rgw_data_placement_target& - operator=(const rgw_data_placement_target&) = default; - - const rgw_pool& get_data_extra_pool() const { - if (data_extra_pool.empty()) { - return data_pool; - } - return data_extra_pool; - } - - int compare(const rgw_data_placement_target& t) { - int c = data_pool.compare(t.data_pool); - if (c != 0) { - return c; - } - c = data_extra_pool.compare(t.data_extra_pool); - if (c != 0) { - return c; - } - return index_pool.compare(t.index_pool); - }; - void dump(Formatter *f) const; + static void generate_test_instances(std::list& o); + void decode_json(JSONObj *obj); }; - -inline ostream& operator<<(ostream& out, const rgw_pool& p) { - out << p.to_str(); - return out; -} +WRITE_CLASS_ENCODER(RGWUserInfo) struct rgw_raw_obj { rgw_pool pool; @@ -912,7 +928,7 @@ struct rgw_raw_obj { rgw_raw_obj(const rgw_pool& _pool, const std::string& _oid) { init(_pool, _oid); } - rgw_raw_obj(const rgw_pool& _pool, const std::string& _oid, const string& _loc) : loc(_loc) { + rgw_raw_obj(const rgw_pool& _pool, const std::string& _oid, const std::string& _loc) : loc(_loc) { init(_pool, _oid); } @@ -927,15 +943,15 @@ struct rgw_raw_obj { void encode(bufferlist& bl) const { ENCODE_START(6, 6, bl); - ::encode(pool, bl); - ::encode(oid, bl); - ::encode(loc, bl); + encode(pool, bl); + encode(oid, bl); + encode(loc, bl); ENCODE_FINISH(bl); } - void decode_from_rgw_obj(bufferlist::iterator& bl); + void decode_from_rgw_obj(bufferlist::const_iterator& bl); - void decode(bufferlist::iterator& bl) { + void decode(bufferlist::const_iterator& bl) { unsigned ofs = bl.get_off(); DECODE_START(6, bl); if (struct_v < 6) { @@ -947,9 +963,9 @@ struct rgw_raw_obj { decode_from_rgw_obj(bl); return; } - ::decode(pool, bl); - ::decode(oid, bl); - ::decode(loc, bl); + decode(pool, bl); + decode(oid, bl); + decode(loc, bl); DECODE_FINISH(bl); } @@ -973,157 +989,18 @@ struct rgw_raw_obj { }; WRITE_CLASS_ENCODER(rgw_raw_obj) -inline ostream& operator<<(ostream& out, const rgw_raw_obj& o) { +inline std::ostream& operator<<(std::ostream& out, const rgw_raw_obj& o) { out << o.pool << ":" << o.oid; return out; } -struct rgw_bucket { - std::string tenant; - std::string name; - std::string marker; - std::string bucket_id; - rgw_data_placement_target explicit_placement; - - std::string oid; /* - * runtime in-memory only info. If not empty, points to the bucket instance object - */ - - rgw_bucket() { } - // cppcheck-suppress noExplicitConstructor - explicit rgw_bucket(const rgw_user& u, const cls_user_bucket& b) : - tenant(u.tenant), - name(b.name), - marker(b.marker), - bucket_id(b.bucket_id), - explicit_placement(b.explicit_placement.data_pool, - b.explicit_placement.data_extra_pool, - b.explicit_placement.index_pool) {} - rgw_bucket(const rgw_bucket&) = default; - rgw_bucket(rgw_bucket&&) = default; - - void convert(cls_user_bucket *b) const { - b->name = name; - b->marker = marker; - b->bucket_id = bucket_id; - b->explicit_placement.data_pool = explicit_placement.data_pool.to_str(); - b->explicit_placement.data_extra_pool = explicit_placement.data_extra_pool.to_str(); - b->explicit_placement.index_pool = explicit_placement.index_pool.to_str(); - } - - void encode(bufferlist& bl) const { - ENCODE_START(10, 10, bl); - ::encode(name, bl); - ::encode(marker, bl); - ::encode(bucket_id, bl); - ::encode(tenant, bl); - bool encode_explicit = !explicit_placement.data_pool.empty(); - ::encode(encode_explicit, bl); - if (encode_explicit) { - ::encode(explicit_placement.data_pool, bl); - ::encode(explicit_placement.data_extra_pool, bl); - ::encode(explicit_placement.index_pool, bl); - } - ENCODE_FINISH(bl); - } - void decode(bufferlist::iterator& bl) { - DECODE_START_LEGACY_COMPAT_LEN(10, 3, 3, bl); - ::decode(name, bl); - if (struct_v < 10) { - ::decode(explicit_placement.data_pool.name, bl); - } - if (struct_v >= 2) { - ::decode(marker, bl); - if (struct_v <= 3) { - uint64_t id; - ::decode(id, bl); - char buf[16]; - snprintf(buf, sizeof(buf), "%llu", (long long)id); - bucket_id = buf; - } else { - ::decode(bucket_id, bl); - } - } - if (struct_v < 10) { - if (struct_v >= 5) { - ::decode(explicit_placement.index_pool.name, bl); - } else { - explicit_placement.index_pool = explicit_placement.data_pool; - } - if (struct_v >= 7) { - ::decode(explicit_placement.data_extra_pool.name, bl); - } - } - if (struct_v >= 8) { - ::decode(tenant, bl); - } - if (struct_v >= 10) { - bool decode_explicit = !explicit_placement.data_pool.empty(); - ::decode(decode_explicit, bl); - if (decode_explicit) { - ::decode(explicit_placement.data_pool, bl); - ::decode(explicit_placement.data_extra_pool, bl); - ::decode(explicit_placement.index_pool, bl); - } - } - DECODE_FINISH(bl); - } - - void update_bucket_id(const string& new_bucket_id) { - bucket_id = new_bucket_id; - oid.clear(); - } - - // format a key for the bucket/instance. pass delim=0 to skip a field - std::string get_key(char tenant_delim = '/', - char id_delim = ':') const; - - const rgw_pool& get_data_extra_pool() const { - return explicit_placement.get_data_extra_pool(); - } - - void dump(Formatter *f) const; - void decode_json(JSONObj *obj); - static void generate_test_instances(list& o); - - rgw_bucket& operator=(const rgw_bucket&) = default; - - bool operator<(const rgw_bucket& b) const { - return name.compare(b.name) < 0; - } - bool operator==(const rgw_bucket& b) const { - return (name == b.name) && (bucket_id == b.bucket_id); - } -}; -WRITE_CLASS_ENCODER(rgw_bucket) - -inline ostream& operator<<(ostream& out, const rgw_bucket &b) { - out << b.name << "[" << b.marker << "])"; - return out; -} - -struct rgw_bucket_shard { +struct rgw_bucket_placement { + rgw_placement_rule placement_rule; rgw_bucket bucket; - int shard_id; - - rgw_bucket_shard() : shard_id(-1) {} - rgw_bucket_shard(const rgw_bucket& _b, int _sid) : bucket(_b), shard_id(_sid) {} - - std::string get_key(char tenant_delim = '/', char id_delim = ':', - char shard_delim = ':') const; - bool operator<(const rgw_bucket_shard& b) const { - if (bucket < b.bucket) { - return true; - } - if (b.bucket < bucket) { - return false; - } - return shard_id < b.shard_id; - } + void dump(Formatter *f) const; }; - struct RGWObjVersionTracker { obj_version read_version; obj_version write_version; @@ -1149,10 +1026,7 @@ struct RGWObjVersionTracker { void prepare_op_for_read(librados::ObjectReadOperation *op); void prepare_op_for_write(librados::ObjectWriteOperation *op); - void apply_write() { - read_version = write_version; - write_version = obj_version(); - } + void apply_write(); void clear() { read_version = obj_version(); @@ -1162,189 +1036,95 @@ struct RGWObjVersionTracker { void generate_new_write_ver(CephContext *cct); }; +inline std::ostream& operator<<(std::ostream& out, const obj_version &v) +{ + out << v.tag << ":" << v.ver; + return out; +} + +inline std::ostream& operator<<(std::ostream& out, const RGWObjVersionTracker &ot) +{ + out << "{r=" << ot.read_version << ",w=" << ot.write_version << "}"; + return out; +} + enum RGWBucketFlags { BUCKET_SUSPENDED = 0x1, BUCKET_VERSIONED = 0x2, BUCKET_VERSIONS_SUSPENDED = 0x4, BUCKET_DATASYNC_DISABLED = 0X8, + BUCKET_MFA_ENABLED = 0X10, + BUCKET_OBJ_LOCK_ENABLED = 0X20, }; -enum RGWBucketIndexType { - RGWBIType_Normal = 0, - RGWBIType_Indexless = 1, -}; - -inline ostream& operator<<(ostream& out, const RGWBucketIndexType &index_type) -{ - switch (index_type) { - case RGWBIType_Normal: - return out << "Normal"; - case RGWBIType_Indexless: - return out << "Indexless"; - default: - return out << "Unknown"; - } -} - -struct RGWBucketInfo -{ - enum BIShardsHashType { - MOD = 0 - }; +class RGWSI_Zone; +struct RGWBucketInfo { rgw_bucket bucket; rgw_user owner; - uint32_t flags; - string zonegroup; + uint32_t flags{0}; + std::string zonegroup; ceph::real_time creation_time; - string placement_rule; - bool has_instance_obj; + rgw_placement_rule placement_rule; + bool has_instance_obj{false}; RGWObjVersionTracker objv_tracker; /* we don't need to serialize this, for runtime tracking */ - obj_version ep_objv; /* entry point object version, for runtime tracking only */ RGWQuotaInfo quota; + // layout of bucket index objects + rgw::BucketLayout layout; + // Represents the number of bucket index object shards: - // - value of 0 indicates there is no sharding (this is by default before this - // feature is implemented). + // - value of 0 indicates there is no sharding (this is by default + // before this feature is implemented). // - value of UINT32_T::MAX indicates this is a blind bucket. - uint32_t num_shards; - - // Represents the bucket index shard hash type. - uint8_t bucket_index_shard_hash_type; // Represents the shard number for blind bucket. const static uint32_t NUM_SHARDS_BLIND_BUCKET; - bool requester_pays; + bool requester_pays{false}; - bool has_website; + bool has_website{false}; RGWBucketWebsiteConf website_conf; - RGWBucketIndexType index_type; + bool swift_versioning{false}; + std::string swift_ver_location; - bool swift_versioning; - string swift_ver_location; + std::map mdsearch_config; - map mdsearch_config; + // resharding + cls_rgw_reshard_status reshard_status{cls_rgw_reshard_status::NOT_RESHARDING}; + std::string new_bucket_instance_id; - /* resharding */ - uint8_t reshard_status; - string new_bucket_instance_id; + RGWObjectLock obj_lock; + + std::optional sync_policy; + + void encode(bufferlist& bl) const; + void decode(bufferlist::const_iterator& bl); - void encode(bufferlist& bl) const { - ENCODE_START(19, 4, bl); - ::encode(bucket, bl); - ::encode(owner.id, bl); - ::encode(flags, bl); - ::encode(zonegroup, bl); - uint64_t ct = real_clock::to_time_t(creation_time); - ::encode(ct, bl); - ::encode(placement_rule, bl); - ::encode(has_instance_obj, bl); - ::encode(quota, bl); - ::encode(num_shards, bl); - ::encode(bucket_index_shard_hash_type, bl); - ::encode(requester_pays, bl); - ::encode(owner.tenant, bl); - ::encode(has_website, bl); - if (has_website) { - ::encode(website_conf, bl); - } - ::encode((uint32_t)index_type, bl); - ::encode(swift_versioning, bl); - if (swift_versioning) { - ::encode(swift_ver_location, bl); - } - ::encode(creation_time, bl); - ::encode(mdsearch_config, bl); - ::encode(reshard_status, bl); - ::encode(new_bucket_instance_id, bl); - ENCODE_FINISH(bl); - } - void decode(bufferlist::iterator& bl) { - DECODE_START_LEGACY_COMPAT_LEN_32(19, 4, 4, bl); - ::decode(bucket, bl); - if (struct_v >= 2) { - string s; - ::decode(s, bl); - owner.from_str(s); - } - if (struct_v >= 3) - ::decode(flags, bl); - if (struct_v >= 5) - ::decode(zonegroup, bl); - if (struct_v >= 6) { - uint64_t ct; - ::decode(ct, bl); - if (struct_v < 17) - creation_time = ceph::real_clock::from_time_t((time_t)ct); - } - if (struct_v >= 7) - ::decode(placement_rule, bl); - if (struct_v >= 8) - ::decode(has_instance_obj, bl); - if (struct_v >= 9) - ::decode(quota, bl); - if (struct_v >= 10) - ::decode(num_shards, bl); - if (struct_v >= 11) - ::decode(bucket_index_shard_hash_type, bl); - if (struct_v >= 12) - ::decode(requester_pays, bl); - if (struct_v >= 13) - ::decode(owner.tenant, bl); - if (struct_v >= 14) { - ::decode(has_website, bl); - if (has_website) { - ::decode(website_conf, bl); - } else { - website_conf = RGWBucketWebsiteConf(); - } - } - if (struct_v >= 15) { - uint32_t it; - ::decode(it, bl); - index_type = (RGWBucketIndexType)it; - } else { - index_type = RGWBIType_Normal; - } - swift_versioning = false; - swift_ver_location.clear(); - if (struct_v >= 16) { - ::decode(swift_versioning, bl); - if (swift_versioning) { - ::decode(swift_ver_location, bl); - } - } - if (struct_v >= 17) { - ::decode(creation_time, bl); - } - if (struct_v >= 18) { - ::decode(mdsearch_config, bl); - } - if (struct_v >= 19) { - ::decode(reshard_status, bl); - ::decode(new_bucket_instance_id, bl); - } - DECODE_FINISH(bl); - } void dump(Formatter *f) const; - static void generate_test_instances(list& o); + static void generate_test_instances(std::list& o); void decode_json(JSONObj *obj); bool versioned() const { return (flags & BUCKET_VERSIONED) != 0; } - int versioning_status() { return flags & (BUCKET_VERSIONED | BUCKET_VERSIONS_SUSPENDED); } - bool versioning_enabled() { return versioning_status() == BUCKET_VERSIONED; } + int versioning_status() const { return flags & (BUCKET_VERSIONED | BUCKET_VERSIONS_SUSPENDED | BUCKET_MFA_ENABLED); } + bool versioning_enabled() const { return (versioning_status() & (BUCKET_VERSIONED | BUCKET_VERSIONS_SUSPENDED)) == BUCKET_VERSIONED; } + bool mfa_enabled() const { return (versioning_status() & BUCKET_MFA_ENABLED) != 0; } bool datasync_flag_enabled() const { return (flags & BUCKET_DATASYNC_DISABLED) == 0; } + bool obj_lock_enabled() const { return (flags & BUCKET_OBJ_LOCK_ENABLED) != 0; } bool has_swift_versioning() const { /* A bucket may be versioned through one mechanism only. */ return swift_versioning && !versioned(); } - RGWBucketInfo() : flags(0), has_instance_obj(false), num_shards(0), bucket_index_shard_hash_type(MOD), requester_pays(false), - has_website(false), swift_versioning(false), reshard_status(0) {} + void set_sync_policy(rgw_sync_policy_info&& policy); + + bool empty_sync_policy() const; + + RGWBucketInfo(); + ~RGWBucketInfo(); }; WRITE_CLASS_ENCODER(RGWBucketInfo) @@ -1362,17 +1142,17 @@ struct RGWBucketEntryPoint void encode(bufferlist& bl) const { ENCODE_START(10, 8, bl); - ::encode(bucket, bl); - ::encode(owner.id, bl); - ::encode(linked, bl); + encode(bucket, bl); + encode(owner.id, bl); + encode(linked, bl); uint64_t ctime = (uint64_t)real_clock::to_time_t(creation_time); - ::encode(ctime, bl); - ::encode(owner, bl); - ::encode(creation_time, bl); + encode(ctime, bl); + encode(owner, bl); + encode(creation_time, bl); ENCODE_FINISH(bl); } - void decode(bufferlist::iterator& bl) { - bufferlist::iterator orig_iter = bl; + void decode(bufferlist::const_iterator& bl) { + auto orig_iter = bl; DECODE_START_LEGACY_COMPAT_LEN_32(10, 4, 4, bl); if (struct_v < 8) { /* ouch, old entry, contains the bucket info itself */ @@ -1381,25 +1161,26 @@ struct RGWBucketEntryPoint return; } has_bucket_info = false; - ::decode(bucket, bl); - ::decode(owner.id, bl); - ::decode(linked, bl); + decode(bucket, bl); + decode(owner.id, bl); + decode(linked, bl); uint64_t ctime; - ::decode(ctime, bl); + decode(ctime, bl); if (struct_v < 10) { creation_time = real_clock::from_time_t((time_t)ctime); } if (struct_v >= 9) { - ::decode(owner, bl); + decode(owner, bl); } if (struct_v >= 10) { - ::decode(creation_time, bl); + decode(creation_time, bl); } DECODE_FINISH(bl); } void dump(Formatter *f) const; void decode_json(JSONObj *obj); + static void generate_test_instances(std::list& o); }; WRITE_CLASS_ENCODER(RGWBucketEntryPoint) @@ -1408,17 +1189,20 @@ struct RGWStorageStats RGWObjCategory category; uint64_t size; uint64_t size_rounded; - uint64_t size_utilized{0}; //< size after compression, encryption uint64_t num_objects; + uint64_t size_utilized{0}; //< size after compression, encryption + bool dump_utilized; // whether dump should include utilized values - RGWStorageStats() - : category(RGW_OBJ_CATEGORY_NONE), + RGWStorageStats(bool _dump_utilized=true) + : category(RGWObjCategory::None), size(0), size_rounded(0), - num_objects(0) {} + num_objects(0), + dump_utilized(_dump_utilized) + {} void dump(Formatter *f) const; -}; +}; // RGWStorageStats class RGWEnv; @@ -1427,6 +1211,7 @@ namespace rgw { namespace auth { namespace s3 { class AWSBrowserUploadAbstractor; + class STSEngine; } class Completer; } @@ -1435,45 +1220,48 @@ namespace rgw { } } +using meta_map_t = boost::container::flat_map ; struct req_info { const RGWEnv *env; RGWHTTPArgs args; - map x_meta_map; + meta_map_t x_meta_map; + meta_map_t crypt_attribute_map; - string host; + std::string host; const char *method; - string script_uri; - string request_uri; - string request_uri_aws4; - string effective_uri; - string request_params; - string domain; + std::string script_uri; + std::string request_uri; + std::string request_uri_aws4; + std::string effective_uri; + std::string request_params; + std::string domain; + std::string storage_class; req_info(CephContext *cct, const RGWEnv *env); void rebuild_from(req_info& src); - void init_meta_info(bool *found_bad_meta); + void init_meta_info(const DoutPrefixProvider *dpp, bool *found_bad_meta); }; typedef cls_rgw_obj_key rgw_obj_index_key; struct rgw_obj_key { - string name; - string instance; - string ns; + std::string name; + std::string instance; + std::string ns; rgw_obj_key() {} // cppcheck-suppress noExplicitConstructor - rgw_obj_key(const string& n) : name(n) {} - rgw_obj_key(const string& n, const string& i) : name(n), instance(i) {} - rgw_obj_key(const string& n, const string& i, const string& _ns) : name(n), instance(i), ns(_ns) {} + rgw_obj_key(const std::string& n) : name(n) {} + rgw_obj_key(const std::string& n, const std::string& i) : name(n), instance(i) {} + rgw_obj_key(const std::string& n, const std::string& i, const std::string& _ns) : name(n), instance(i), ns(_ns) {} rgw_obj_key(const rgw_obj_index_key& k) { parse_index_key(k.name, &name, &ns); instance = k.instance; } - static void parse_index_key(const string& key, string *name, string *ns) { + static void parse_index_key(const std::string& key, std::string *name, std::string *ns) { if (key[0] != '_') { *name = key; ns->clear(); @@ -1496,19 +1284,19 @@ struct rgw_obj_key { *ns = key.substr(1, pos -1); } - void set(const string& n) { + void set(const std::string& n) { name = n; instance.clear(); ns.clear(); } - void set(const string& n, const string& i) { + void set(const std::string& n, const std::string& i) { name = n; instance = i; ns.clear(); } - void set(const string& n, const string& i, const string& _ns) { + void set(const std::string& n, const std::string& i, const std::string& _ns) { name = n; instance = i; ns = _ns; @@ -1522,21 +1310,33 @@ struct rgw_obj_key { return true; } - void set_instance(const string& i) { + void set_instance(const std::string& i) { instance = i; } - string get_index_key_name() const { + const std::string& get_instance() const { + return instance; + } + + void set_ns(const std::string& _ns) { + ns = _ns; + } + + const std::string& get_ns() const { + return ns; + } + + std::string get_index_key_name() const { if (ns.empty()) { if (name.size() < 1 || name[0] != '_') { return name; } - return string("_") + name; + return std::string("_") + name; }; char buf[ns.size() + 16]; snprintf(buf, sizeof(buf), "_%s_", ns.c_str()); - return string(buf) + name; + return std::string(buf) + name; }; void get_index_key(rgw_obj_index_key *key) const { @@ -1544,7 +1344,7 @@ struct rgw_obj_key { key->instance = instance; } - string get_loc() const { + std::string get_loc() const { /* * For backward compatibility. Older versions used to have object locator on all objects, * however, the name was the effective object locator. This had the same effect as not @@ -1555,7 +1355,7 @@ struct rgw_obj_key { return name; } - return string(); + return {}; } bool empty() const { @@ -1574,18 +1374,18 @@ struct rgw_obj_key { return have_instance() && !have_null_instance(); } - string get_oid() const { + std::string get_oid() const { if (ns.empty() && !need_to_encode_instance()) { if (name.size() < 1 || name[0] != '_') { return name; } - return string("_") + name; + return std::string("_") + name; } - string oid = "_"; + std::string oid = "_"; oid.append(ns); if (need_to_encode_instance()) { - oid.append(string(":") + instance); + oid.append(std::string(":") + instance); } oid.append("_"); oid.append(name); @@ -1609,7 +1409,7 @@ struct rgw_obj_key { return !(k < *this); } - static void parse_ns_field(string& ns, string& instance) { + static void parse_ns_field(std::string& ns, std::string& instance) { int pos = ns.find(':'); if (pos >= 0) { instance = ns.substr(pos + 1); @@ -1619,7 +1419,9 @@ struct rgw_obj_key { } } - static bool parse_raw_oid(const string& oid, rgw_obj_key *key) { + // takes an oid and parses out the namespace (ns), name, and + // instance + static bool parse_raw_oid(const std::string& oid, rgw_obj_key *key) { key->instance.clear(); key->ns.clear(); if (oid[0] != '_') { @@ -1632,11 +1434,11 @@ struct rgw_obj_key { return true; } - if (oid[0] != '_' || oid.size() < 3) // for namespace, min size would be 3: _x_ + if (oid.size() < 3) // for namespace, min size would be 3: _x_ return false; - int pos = oid.find('_', 1); - if (pos <= 1) // if it starts with __, it's not in our namespace + size_t pos = oid.find('_', 2); // oid must match ^_[^_].+$ + if (pos == std::string::npos) return false; key->ns = oid.substr(1, pos - 1); @@ -1654,7 +1456,7 @@ struct rgw_obj_key { * and cuts down the name to the unmangled version. If it is not * part of the given namespace, it returns false. */ - static bool oid_to_key_in_ns(const string& oid, rgw_obj_key *key, const string& ns) { + static bool oid_to_key_in_ns(const std::string& oid, rgw_obj_key *key, const std::string& ns) { bool ret = parse_raw_oid(oid, key); if (!ret) { return ret; @@ -1664,14 +1466,14 @@ struct rgw_obj_key { } /** - * Given a mangled object name and an empty namespace string, this - * function extracts the namespace into the string and sets the object + * Given a mangled object name and an empty namespace std::string, this + * function extracts the namespace into the std::string and sets the object * name to be the unmangled version. * * It returns true after successfully doing so, or * false if it fails. */ - static bool strip_namespace_from_name(string& name, string& ns, string& instance) { + static bool strip_namespace_from_name(std::string& name, std::string& ns, std::string& instance) { ns.clear(); instance.clear(); if (name[0] != '_') { @@ -1679,7 +1481,7 @@ struct rgw_obj_key { } size_t pos = name.find('_', 1); - if (pos == string::npos) { + if (pos == std::string::npos) { return false; } @@ -1694,7 +1496,7 @@ struct rgw_obj_key { } ns = name.substr(1, pos-1); - name = name.substr(pos+1, string::npos); + name = name.substr(pos+1, std::string::npos); parse_ns_field(ns, instance); return true; @@ -1702,103 +1504,108 @@ struct rgw_obj_key { void encode(bufferlist& bl) const { ENCODE_START(2, 1, bl); - ::encode(name, bl); - ::encode(instance, bl); - ::encode(ns, bl); + encode(name, bl); + encode(instance, bl); + encode(ns, bl); ENCODE_FINISH(bl); } - void decode(bufferlist::iterator& bl) { + void decode(bufferlist::const_iterator& bl) { DECODE_START(2, bl); - ::decode(name, bl); - ::decode(instance, bl); + decode(name, bl); + decode(instance, bl); if (struct_v >= 2) { - ::decode(ns, bl); + decode(ns, bl); } DECODE_FINISH(bl); } void dump(Formatter *f) const; void decode_json(JSONObj *obj); -}; -WRITE_CLASS_ENCODER(rgw_obj_key) -inline ostream& operator<<(ostream& out, const rgw_obj_key &o) { - if (o.instance.empty()) { - return out << o.name; - } else { - return out << o.name << "[" << o.instance << "]"; + std::string to_str() const { + if (instance.empty()) { + return name; + } + char buf[name.size() + instance.size() + 16]; + snprintf(buf, sizeof(buf), "%s[%s]", name.c_str(), instance.c_str()); + return buf; } -} +}; +WRITE_CLASS_ENCODER(rgw_obj_key) -inline ostream& operator<<(ostream& out, const rgw_obj_index_key &o) { - if (o.instance.empty()) { - return out << o.name; - } else { - return out << o.name << "[" << o.instance << "]"; - } +inline std::ostream& operator<<(std::ostream& out, const rgw_obj_key &o) { + return out << o.to_str(); } struct req_init_state { /* Keeps [[tenant]:]bucket until we parse the token. */ - string url_bucket; - string src_bucket; + std::string url_bucket; + std::string src_bucket; }; -/* XXX why don't RGWRequest (or descendants) hold this state? */ -class RGWRequest; - #include "rgw_auth.h" +class RGWObjectCtx; +class RGWSysObjectCtx; + /** Store all the state necessary to complete and respond to an HTTP request*/ -struct req_state { +struct req_state : DoutPrefixProvider { CephContext *cct; - rgw::io::BasicClient *cio; - RGWRequest *req{nullptr}; /// XXX: re-remove?? - http_op op; + rgw::io::BasicClient *cio{nullptr}; + http_op op{OP_UNKNOWN}; RGWOpType op_type{}; - bool content_started; - int format; - ceph::Formatter *formatter; - string decoded_uri; - string relative_uri; - const char *length; - int64_t content_length; - map generic_attrs; + std::shared_ptr ratelimit_data; + RGWRateLimitInfo user_ratelimit; + RGWRateLimitInfo bucket_ratelimit; + std::string ratelimit_bucket_marker; + std::string ratelimit_user_name; + bool content_started{false}; + int format{0}; + ceph::Formatter *formatter{nullptr}; + std::string decoded_uri; + std::string relative_uri; + const char *length{nullptr}; + int64_t content_length{0}; + std::map generic_attrs; rgw_err err; - bool expect_cont; - uint64_t obj_size; + bool expect_cont{false}; + uint64_t obj_size{0}; bool enable_ops_log; bool enable_usage_log; uint8_t defer_to_bucket_acls; - uint32_t perm_mask; + uint32_t perm_mask{0}; /* Set once when url_bucket is parsed and not violated thereafter. */ - string account_name; - - string bucket_tenant; - string bucket_name; - - rgw_bucket bucket; - rgw_obj_key object; - string src_tenant_name; - string src_bucket_name; - rgw_obj_key src_object; + std::string account_name; + + std::string bucket_tenant; + std::string bucket_name; + + /* bucket is only created in rgw_build_bucket_policies() and should never be + * overwritten */ + std::unique_ptr bucket; + std::unique_ptr object; + std::string src_tenant_name; + std::string src_bucket_name; + std::unique_ptr src_object; ACLOwner bucket_owner; ACLOwner owner; - string zonegroup_name; - string zonegroup_endpoint; - string bucket_instance_id; - int bucket_instance_shard_id; + std::string zonegroup_name; + std::string zonegroup_endpoint; + std::string bucket_instance_id; + int bucket_instance_shard_id{-1}; + std::string redirect_zone_endpoint; - string redirect; + std::string redirect; - RGWBucketInfo bucket_info; - map bucket_attrs; - bool bucket_exists; + real_time bucket_mtime; + std::map bucket_attrs; + bool bucket_exists{false}; + rgw_placement_rule dest_placement; - bool has_bad_meta; + bool has_bad_meta{false}; - RGWUserInfo *user; + std::unique_ptr user; struct { /* TODO(rzarzynski): switch out to the static_ptr for both members. */ @@ -1820,12 +1627,14 @@ struct req_state { friend class RGWPostObj_ObjStore_S3; /* Reader. */ friend class rgw::auth::s3::AWSBrowserUploadAbstractor; + friend class rgw::auth::s3::STSEngine; std::string access_key; std::string signature; std::string x_amz_algorithm; std::string x_amz_credential; std::string x_amz_date; + std::string x_amz_security_token; ceph::bufferlist encoded_policy; } s3_postobj_creds; } auth; @@ -1836,42 +1645,73 @@ struct req_state { rgw::IAM::Environment env; boost::optional iam_policy; + boost::optional bucket_access_conf; + std::vector iam_user_policies; /* Is the request made by an user marked as a system one? * Being system user means we also have the admin status. */ - bool system_request; + bool system_request{false}; - string canned_acl; - bool has_acl_header; - bool local_source; /* source is local */ + std::string canned_acl; + bool has_acl_header{false}; + bool local_source{false}; /* source is local */ - int prot_flags; + int prot_flags{0}; /* Content-Disposition override for TempURL of Swift API. */ struct { - string override; - string fallback; + std::string override; + std::string fallback; } content_disp; - string host_id; + std::string host_id; req_info info; req_init_state init_state; - utime_t time; - void *obj_ctx; - string dialect; - string req_id; - string trans_id; + using Clock = ceph::coarse_real_clock; + Clock::time_point time; + + Clock::duration time_elapsed() const { return Clock::now() - time; } - req_state(CephContext* _cct, RGWEnv* e, RGWUserInfo* u); + RGWObjectCtx *obj_ctx{nullptr}; + std::string dialect; + std::string req_id; + std::string trans_id; + uint64_t id; + + RGWObjTags tagset; + + bool mfa_verified{false}; + + /// optional coroutine context + optional_yield yield{null_yield}; + + //token claims from STS token for ops log (can be used for Keystone token also) + std::vector token_claims; + + std::vector session_policies; + + jspan trace; + + //Principal tags that come in as part of AssumeRoleWithWebIdentity + std::vector> principal_tags; + + req_state(CephContext* _cct, RGWEnv* e, uint64_t id); ~req_state(); + + void set_user(std::unique_ptr& u) { user.swap(u); } bool is_err() const { return err.is_err(); } + + // implements DoutPrefixProvider + std::ostream& gen_prefix(std::ostream& out) const override; + CephContext* get_cct() const override { return cct; } + unsigned get_subsys() const override { return ceph_subsys_rgw; } }; void set_req_state_err(struct req_state*, int); -void set_req_state_err(struct req_state*, int, const string&); +void set_req_state_err(struct req_state*, int, const std::string&); void set_req_state_err(struct rgw_err&, int, const int); void dump(struct req_state*); @@ -1886,7 +1726,7 @@ struct RGWBucketEnt { /* The placement_rule is necessary to calculate per-storage-policy statics * of the Swift API. Although the info available in RGWBucketInfo, we need * to duplicate it here to not affect the performance of buckets listing. */ - std::string placement_rule; + rgw_placement_rule placement_rule; RGWBucketEnt() : size(0), @@ -1917,45 +1757,45 @@ struct RGWBucketEnt { ENCODE_START(7, 5, bl); uint64_t s = size; __u32 mt = ceph::real_clock::to_time_t(creation_time); - string empty_str; // originally had the bucket name here, but we encode bucket later - ::encode(empty_str, bl); - ::encode(s, bl); - ::encode(mt, bl); - ::encode(count, bl); - ::encode(bucket, bl); + std::string empty_str; // originally had the bucket name here, but we encode bucket later + encode(empty_str, bl); + encode(s, bl); + encode(mt, bl); + encode(count, bl); + encode(bucket, bl); s = size_rounded; - ::encode(s, bl); - ::encode(creation_time, bl); - ::encode(placement_rule, bl); + encode(s, bl); + encode(creation_time, bl); + encode(placement_rule, bl); ENCODE_FINISH(bl); } - void decode(bufferlist::iterator& bl) { - DECODE_START_LEGACY_COMPAT_LEN(6, 5, 5, bl); + void decode(bufferlist::const_iterator& bl) { + DECODE_START_LEGACY_COMPAT_LEN(7, 5, 5, bl); __u32 mt; uint64_t s; - string empty_str; // backward compatibility - ::decode(empty_str, bl); - ::decode(s, bl); - ::decode(mt, bl); + std::string empty_str; // backward compatibility + decode(empty_str, bl); + decode(s, bl); + decode(mt, bl); size = s; if (struct_v < 6) { creation_time = ceph::real_clock::from_time_t(mt); } if (struct_v >= 2) - ::decode(count, bl); + decode(count, bl); if (struct_v >= 3) - ::decode(bucket, bl); + decode(bucket, bl); if (struct_v >= 4) - ::decode(s, bl); + decode(s, bl); size_rounded = s; if (struct_v >= 6) - ::decode(creation_time, bl); + decode(creation_time, bl); if (struct_v >= 7) - ::decode(placement_rule, bl); + decode(placement_rule, bl); DECODE_FINISH(bl); } void dump(Formatter *f) const; - static void generate_test_instances(list& o); + static void generate_test_instances(std::list& o); }; WRITE_CLASS_ENCODER(RGWBucketEnt) @@ -1977,11 +1817,11 @@ struct rgw_obj { bucket = b; key.set(name); } - void init(const rgw_bucket& b, const std::string& name, const string& i, const string& n) { + void init(const rgw_bucket& b, const std::string& name, const std::string& i, const std::string& n) { bucket = b; key.set(name, i, n); } - void init_ns(const rgw_bucket& b, const std::string& name, const string& n) { + void init_ns(const rgw_bucket& b, const std::string& name, const std::string& n) { bucket = b; key.name = name; key.instance.clear(); @@ -1996,11 +1836,11 @@ struct rgw_obj { key = k; } - string get_oid() const { + std::string get_oid() const { return key.get_oid(); } - const string& get_hash_object() const { + const std::string& get_hash_object() const { return index_hash_source.empty() ? key.name : index_hash_source; } @@ -2014,51 +1854,51 @@ struct rgw_obj { void encode(bufferlist& bl) const { ENCODE_START(6, 6, bl); - ::encode(bucket, bl); - ::encode(key.ns, bl); - ::encode(key.name, bl); - ::encode(key.instance, bl); -// ::encode(placement_id, bl); + encode(bucket, bl); + encode(key.ns, bl); + encode(key.name, bl); + encode(key.instance, bl); +// encode(placement_id, bl); ENCODE_FINISH(bl); } - void decode(bufferlist::iterator& bl) { + void decode(bufferlist::const_iterator& bl) { DECODE_START_LEGACY_COMPAT_LEN(6, 3, 3, bl); if (struct_v < 6) { - string s; - ::decode(bucket.name, bl); /* bucket.name */ - ::decode(s, bl); /* loc */ - ::decode(key.ns, bl); - ::decode(key.name, bl); + std::string s; + decode(bucket.name, bl); /* bucket.name */ + decode(s, bl); /* loc */ + decode(key.ns, bl); + decode(key.name, bl); if (struct_v >= 2) - ::decode(bucket, bl); + decode(bucket, bl); if (struct_v >= 4) - ::decode(key.instance, bl); + decode(key.instance, bl); if (key.ns.empty() && key.instance.empty()) { if (key.name[0] == '_') { key.name = key.name.substr(1); } } else { if (struct_v >= 5) { - ::decode(key.name, bl); + decode(key.name, bl); } else { ssize_t pos = key.name.find('_', 1); if (pos < 0) { - throw buffer::error(); + throw buffer::malformed_input(); } - key.name = key.name.substr(pos); + key.name = key.name.substr(pos + 1); } } } else { - ::decode(bucket, bl); - ::decode(key.ns, bl); - ::decode(key.name, bl); - ::decode(key.instance, bl); -// ::decode(placement_id, bl); + decode(bucket, bl); + decode(key.ns, bl); + decode(key.name, bl); + decode(key.instance, bl); +// decode(placement_id, bl); } DECODE_FINISH(bl); } void dump(Formatter *f) const; - static void generate_test_instances(list& o); + static void generate_test_instances(std::list& o); bool operator==(const rgw_obj& o) const { return (key == o.key) && @@ -2089,16 +1929,34 @@ struct rgw_obj { WRITE_CLASS_ENCODER(rgw_obj) struct rgw_cache_entry_info { - string cache_locator; + std::string cache_locator; uint64_t gen; rgw_cache_entry_info() : gen(0) {} }; -inline ostream& operator<<(ostream& out, const rgw_obj &o) { +inline std::ostream& operator<<(std::ostream& out, const rgw_obj &o) { return out << o.bucket.name << ":" << o.get_oid(); } +struct multipart_upload_info +{ + rgw_placement_rule dest_placement; + + void encode(bufferlist& bl) const { + ENCODE_START(1, 1, bl); + encode(dest_placement, bl); + ENCODE_FINISH(bl); + } + + void decode(bufferlist::const_iterator& bl) { + DECODE_START(1, bl); + decode(dest_placement, bl); + DECODE_FINISH(bl); + } +}; +WRITE_CLASS_ENCODER(multipart_upload_info) + static inline void buf_to_hex(const unsigned char* const buf, const size_t len, char* const str) @@ -2159,12 +2017,13 @@ static inline int rgw_str_to_bool(const char *s, int def_val) if (!s) return def_val; - return (strcasecmp(s, "on") == 0 || + return (strcasecmp(s, "true") == 0 || + strcasecmp(s, "on") == 0 || strcasecmp(s, "yes") == 0 || strcasecmp(s, "1") == 0); } -static inline void append_rand_alpha(CephContext *cct, const string& src, string& dest, int len) +static inline void append_rand_alpha(CephContext *cct, const std::string& src, std::string& dest, int len) { dest = src; char buf[len + 1]; @@ -2173,22 +2032,6 @@ static inline void append_rand_alpha(CephContext *cct, const string& src, string dest.append(buf); } -static inline const char *rgw_obj_category_name(RGWObjCategory category) -{ - switch (category) { - case RGW_OBJ_CATEGORY_NONE: - return "rgw.none"; - case RGW_OBJ_CATEGORY_MAIN: - return "rgw.main"; - case RGW_OBJ_CATEGORY_SHADOW: - return "rgw.shadow"; - case RGW_OBJ_CATEGORY_MULTIMETA: - return "rgw.multimeta"; - } - - return "unknown"; -} - static inline uint64_t rgw_rounded_kb(uint64_t bytes) { return (bytes + 1023) / 1024; @@ -2204,90 +2047,221 @@ static inline uint64_t rgw_rounded_objsize_kb(uint64_t bytes) return ((bytes + 4095) & ~4095) / 1024; } -extern string rgw_string_unquote(const string& s); -extern void parse_csv_string(const string& ival, vector& ovals); -extern int parse_key_value(string& in_str, string& key, string& val); -extern int parse_key_value(string& in_str, const char *delim, string& key, string& val); +/* implement combining step, S3 header canonicalization; k is a + * valid header and in lc form */ +void rgw_add_amz_meta_header( + meta_map_t& x_meta_map, + const std::string& k, + const std::string& v); -extern boost::optional> -parse_key_value(const boost::string_view& in_str, - const boost::string_view& delim); -extern boost::optional> -parse_key_value(const boost::string_view& in_str); +enum rgw_set_action_if_set { + DISCARD=0, OVERWRITE, APPEND +}; + +bool rgw_set_amz_meta_header( + meta_map_t& x_meta_map, + const std::string& k, + const std::string& v, rgw_set_action_if_set f); + +extern std::string rgw_string_unquote(const std::string& s); +extern void parse_csv_string(const std::string& ival, std::vector& ovals); +extern int parse_key_value(std::string& in_str, std::string& key, std::string& val); +extern int parse_key_value(std::string& in_str, const char *delim, std::string& key, std::string& val); + +extern boost::optional> +parse_key_value(const std::string_view& in_str, + const std::string_view& delim); +extern boost::optional> +parse_key_value(const std::string_view& in_str); /** time parsing */ extern int parse_time(const char *time_str, real_time *time); extern bool parse_rfc2616(const char *s, struct tm *t); extern bool parse_iso8601(const char *s, struct tm *t, uint32_t *pns = NULL, bool extended_format = true); -extern string rgw_trim_whitespace(const string& src); -extern boost::string_view rgw_trim_whitespace(const boost::string_view& src); -extern string rgw_trim_quotes(const string& val); +extern std::string rgw_trim_whitespace(const std::string& src); +extern std::string_view rgw_trim_whitespace(const std::string_view& src); +extern std::string rgw_trim_quotes(const std::string& val); extern void rgw_to_iso8601(const real_time& t, char *dest, int buf_size); -extern void rgw_to_iso8601(const real_time& t, string *dest); +extern void rgw_to_iso8601(const real_time& t, std::string *dest); extern std::string rgw_to_asctime(const utime_t& t); +struct perm_state_base { + CephContext *cct; + const rgw::IAM::Environment& env; + rgw::auth::Identity *identity; + const RGWBucketInfo bucket_info; + int perm_mask; + bool defer_to_bucket_acls; + boost::optional bucket_access_conf; + + perm_state_base(CephContext *_cct, + const rgw::IAM::Environment& _env, + rgw::auth::Identity *_identity, + const RGWBucketInfo& _bucket_info, + int _perm_mask, + bool _defer_to_bucket_acls, + boost::optional _bucket_acess_conf = boost::none) : + cct(_cct), + env(_env), + identity(_identity), + bucket_info(_bucket_info), + perm_mask(_perm_mask), + defer_to_bucket_acls(_defer_to_bucket_acls), + bucket_access_conf(_bucket_acess_conf) + {} + + virtual ~perm_state_base() {} + + virtual const char *get_referer() const = 0; + virtual std::optional get_request_payer() const = 0; /* + * empty state means that request_payer param was not passed in + */ + +}; + +struct perm_state : public perm_state_base { + const char *referer; + bool request_payer; + + perm_state(CephContext *_cct, + const rgw::IAM::Environment& _env, + rgw::auth::Identity *_identity, + const RGWBucketInfo& _bucket_info, + int _perm_mask, + bool _defer_to_bucket_acls, + const char *_referer, + bool _request_payer) : perm_state_base(_cct, + _env, + _identity, + _bucket_info, + _perm_mask, + _defer_to_bucket_acls), + referer(_referer), + request_payer(_request_payer) {} + + const char *get_referer() const override { + return referer; + } + + std::optional get_request_payer() const override { + return request_payer; + } +}; + +/** Check if the req_state's user has the necessary permissions + * to do the requested action */ +bool verify_bucket_permission_no_policy( + const DoutPrefixProvider* dpp, + struct perm_state_base * const s, + RGWAccessControlPolicy * const user_acl, + RGWAccessControlPolicy * const bucket_acl, + const int perm); + +bool verify_user_permission_no_policy(const DoutPrefixProvider* dpp, + struct perm_state_base * const s, + RGWAccessControlPolicy * const user_acl, + const int perm); + +bool verify_object_permission_no_policy(const DoutPrefixProvider* dpp, + struct perm_state_base * const s, + RGWAccessControlPolicy * const user_acl, + RGWAccessControlPolicy * const bucket_acl, + RGWAccessControlPolicy * const object_acl, + const int perm); + /** Check if the req_state's user has the necessary permissions * to do the requested action */ -bool verify_user_permission(struct req_state * const s, +rgw::IAM::Effect eval_identity_or_session_policies(const std::vector& user_policies, + const rgw::IAM::Environment& env, + const uint64_t op, + const rgw::ARN& arn); +bool verify_user_permission(const DoutPrefixProvider* dpp, + struct req_state * const s, RGWAccessControlPolicy * const user_acl, - const int perm); -bool verify_user_permission(struct req_state * const s, - const int perm); + const std::vector& user_policies, + const std::vector& session_policies, + const rgw::ARN& res, + const uint64_t op); +bool verify_user_permission_no_policy(const DoutPrefixProvider* dpp, + struct req_state * const s, + RGWAccessControlPolicy * const user_acl, + const int perm); +bool verify_user_permission(const DoutPrefixProvider* dpp, + struct req_state * const s, + const rgw::ARN& res, + const uint64_t op); +bool verify_user_permission_no_policy(const DoutPrefixProvider* dpp, + struct req_state * const s, + int perm); bool verify_bucket_permission( + const DoutPrefixProvider* dpp, struct req_state * const s, const rgw_bucket& bucket, RGWAccessControlPolicy * const user_acl, RGWAccessControlPolicy * const bucket_acl, const boost::optional& bucket_policy, + const std::vector& identity_policies, + const std::vector& session_policies, const uint64_t op); -bool verify_bucket_permission(struct req_state * const s, const uint64_t op); +bool verify_bucket_permission(const DoutPrefixProvider* dpp, struct req_state * const s, const uint64_t op); bool verify_bucket_permission_no_policy( + const DoutPrefixProvider* dpp, struct req_state * const s, RGWAccessControlPolicy * const user_acl, RGWAccessControlPolicy * const bucket_acl, const int perm); -bool verify_bucket_permission_no_policy(struct req_state * const s, +bool verify_bucket_permission_no_policy(const DoutPrefixProvider* dpp, + struct req_state * const s, const int perm); int verify_bucket_owner_or_policy(struct req_state* const s, const uint64_t op); extern bool verify_object_permission( + const DoutPrefixProvider* dpp, struct req_state * const s, const rgw_obj& obj, RGWAccessControlPolicy * const user_acl, RGWAccessControlPolicy * const bucket_acl, RGWAccessControlPolicy * const object_acl, const boost::optional& bucket_policy, + const std::vector& identity_policies, + const std::vector& session_policies, const uint64_t op); -extern bool verify_object_permission(struct req_state *s, uint64_t op); +extern bool verify_object_permission(const DoutPrefixProvider* dpp, struct req_state *s, uint64_t op); extern bool verify_object_permission_no_policy( + const DoutPrefixProvider* dpp, struct req_state * const s, RGWAccessControlPolicy * const user_acl, RGWAccessControlPolicy * const bucket_acl, RGWAccessControlPolicy * const object_acl, int perm); -extern bool verify_object_permission_no_policy(struct req_state *s, +extern bool verify_object_permission_no_policy(const DoutPrefixProvider* dpp, struct req_state *s, int perm); +extern int verify_object_lock( + const DoutPrefixProvider* dpp, + const rgw::sal::Attrs& attrs, + const bool bypass_perm, + const bool bypass_governance_mode); + /** Convert an input URL into a sane object name - * by converting %-escaped strings into characters, etc*/ -extern void rgw_uri_escape_char(char c, string& dst); -extern std::string url_decode(const boost::string_view& src_str, + * by converting %-escaped std::strings into characters, etc*/ +extern void rgw_uri_escape_char(char c, std::string& dst); +extern std::string url_decode(const std::string_view& src_str, bool in_query = false); -extern void url_encode(const std::string& src, - string& dst); -extern std::string url_encode(const std::string& src); +extern void url_encode(const std::string& src, std::string& dst, + bool encode_slash = true); +extern std::string url_encode(const std::string& src, bool encode_slash = true); +extern std::string url_remove_prefix(const std::string& url); // Removes hhtp, https and www from url /* destination should be CEPH_CRYPTO_HMACSHA1_DIGESTSIZE bytes long */ extern void calc_hmac_sha1(const char *key, int key_len, const char *msg, int msg_len, char *dest); -using sha1_digest_t = \ - std::array; - static inline sha1_digest_t -calc_hmac_sha1(const boost::string_view& key, const boost::string_view& msg) { +calc_hmac_sha1(const std::string_view& key, const std::string_view& msg) { sha1_digest_t dest; - calc_hmac_sha1(key.data(), key.size(), msg.data(), msg.size(), dest.data()); + calc_hmac_sha1(key.data(), key.size(), msg.data(), msg.size(), + reinterpret_cast(dest.v)); return dest; } @@ -2296,49 +2270,56 @@ extern void calc_hmac_sha256(const char *key, int key_len, const char *msg, int msg_len, char *dest); -using sha256_digest_t = \ - std::array; - static inline sha256_digest_t calc_hmac_sha256(const char *key, const int key_len, const char *msg, const int msg_len) { - std::array dest; + sha256_digest_t dest; calc_hmac_sha256(key, key_len, msg, msg_len, - reinterpret_cast(dest.data())); + reinterpret_cast(dest.v)); return dest; } static inline sha256_digest_t -calc_hmac_sha256(const boost::string_view& key, const boost::string_view& msg) { - std::array dest; +calc_hmac_sha256(const std::string_view& key, const std::string_view& msg) { + sha256_digest_t dest; calc_hmac_sha256(key.data(), key.size(), msg.data(), msg.size(), - reinterpret_cast(dest.data())); + reinterpret_cast(dest.v)); + return dest; +} + +static inline sha256_digest_t +calc_hmac_sha256(const sha256_digest_t &key, + const std::string_view& msg) { + sha256_digest_t dest; + calc_hmac_sha256(reinterpret_cast(key.v), sha256_digest_t::SIZE, + msg.data(), msg.size(), + reinterpret_cast(dest.v)); return dest; } static inline sha256_digest_t calc_hmac_sha256(const std::vector& key, - const boost::string_view& msg) { - std::array dest; + const std::string_view& msg) { + sha256_digest_t dest; calc_hmac_sha256(reinterpret_cast(key.data()), key.size(), msg.data(), msg.size(), - reinterpret_cast(dest.data())); + reinterpret_cast(dest.v)); return dest; } template static inline sha256_digest_t calc_hmac_sha256(const std::array& key, - const boost::string_view& msg) { - std::array dest; + const std::string_view& msg) { + sha256_digest_t dest; calc_hmac_sha256(reinterpret_cast(key.data()), key.size(), msg.data(), msg.size(), - reinterpret_cast(dest.data())); + reinterpret_cast(dest.v)); return dest; } -extern sha256_digest_t calc_hash_sha256(const boost::string_view& msg); +extern sha256_digest_t calc_hash_sha256(const std::string_view& msg); extern ceph::crypto::SHA256* calc_hash_sha256_open_stream(); extern void calc_hash_sha256_update_stream(ceph::crypto::SHA256* hash, @@ -2347,14 +2328,89 @@ extern void calc_hash_sha256_update_stream(ceph::crypto::SHA256* hash, extern std::string calc_hash_sha256_close_stream(ceph::crypto::SHA256** phash); extern std::string calc_hash_sha256_restart_stream(ceph::crypto::SHA256** phash); -extern int rgw_parse_op_type_list(const string& str, uint32_t *perm); +extern int rgw_parse_op_type_list(const std::string& str, uint32_t *perm); static constexpr uint32_t MATCH_POLICY_ACTION = 0x01; static constexpr uint32_t MATCH_POLICY_RESOURCE = 0x02; static constexpr uint32_t MATCH_POLICY_ARN = 0x04; static constexpr uint32_t MATCH_POLICY_STRING = 0x08; -extern bool match_policy(boost::string_view pattern, boost::string_view input, +extern bool match_policy(std::string_view pattern, std::string_view input, uint32_t flag); -#endif +extern std::string camelcase_dash_http_attr(const std::string& orig); +extern std::string lowercase_dash_http_attr(const std::string& orig); + +void rgw_setup_saved_curl_handles(); +void rgw_release_all_curl_handles(); + +static inline void rgw_escape_str(const std::string& s, char esc_char, + char special_char, std::string *dest) +{ + const char *src = s.c_str(); + char dest_buf[s.size() * 2 + 1]; + char *destp = dest_buf; + + for (size_t i = 0; i < s.size(); i++) { + char c = src[i]; + if (c == esc_char || c == special_char) { + *destp++ = esc_char; + } + *destp++ = c; + } + *destp++ = '\0'; + *dest = dest_buf; +} + +static inline ssize_t rgw_unescape_str(const std::string& s, ssize_t ofs, + char esc_char, char special_char, + std::string *dest) +{ + const char *src = s.c_str(); + char dest_buf[s.size() + 1]; + char *destp = dest_buf; + bool esc = false; + + dest_buf[0] = '\0'; + + for (size_t i = ofs; i < s.size(); i++) { + char c = src[i]; + if (!esc && c == esc_char) { + esc = true; + continue; + } + if (!esc && c == special_char) { + *destp = '\0'; + *dest = dest_buf; + return (ssize_t)i + 1; + } + *destp++ = c; + esc = false; + } + *destp = '\0'; + *dest = dest_buf; + return std::string::npos; +} + +static inline std::string rgw_bl_str(ceph::buffer::list& raw) +{ + size_t len = raw.length(); + std::string s(raw.c_str(), len); + while (len && !s[len - 1]) { + --len; + s.resize(len); + } + return s; +} + +template +int decode_bl(bufferlist& bl, T& t) +{ + auto iter = bl.cbegin(); + try { + decode(t, iter); + } catch (buffer::error& err) { + return -EIO; + } + return 0; +}