[ceph.git] / ceph / src / rgw / rgw_rest_iam.cc

// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
// vim: ts=8 sw=2 smarttab ft=cpp

#include <boost/tokenizer.hpp>

#include "rgw_rest.h"
#include "rgw_rest_iam.h"

#include "rgw_request.h"
#include "rgw_process.h"

#include "rgw_rest_role.h"
#include "rgw_rest_user_policy.h"
#include "rgw_rest_oidc_provider.h"

#define dout_context g_ceph_context
#define dout_subsys ceph_subsys_rgw

void RGWHandler_REST_IAM::rgw_iam_parse_input()
{
  if (post_body.size() > 0) {
    ldpp_dout(s, 10) << "Content of POST: " << post_body << dendl;

    if (post_body.find("Action") != string::npos) {
      boost::char_separator<char> sep("&");
      boost::tokenizer<boost::char_separator<char>> tokens(post_body, sep);
      for (const auto& t : tokens) {
        auto pos = t.find("=");
        if (pos != string::npos) {
          s->info.args.append(t.substr(0,pos),
                              url_decode(t.substr(pos+1, t.size() -1)));
        }
      }
    }
  }
  auto payload_hash = rgw::auth::s3::calc_v4_payload_hash(post_body);
  s->info.args.append("PayloadHash", payload_hash);
}

RGWOp *RGWHandler_REST_IAM::op_post()
{
  rgw_iam_parse_input();

  if (s->info.args.exists("Action")) {
    string action = s->info.args.get("Action");
    if (action.compare("CreateRole") == 0)
      return new RGWCreateRole;
    if (action.compare("DeleteRole") == 0)
      return new RGWDeleteRole;
    if (action.compare("GetRole") == 0)
      return new RGWGetRole;
    if (action.compare("UpdateAssumeRolePolicy") == 0)
      return new RGWModifyRole;
    if (action.compare("ListRoles") == 0)
      return new RGWListRoles;
    if (action.compare("PutRolePolicy") == 0)
      return new RGWPutRolePolicy;
    if (action.compare("GetRolePolicy") == 0)
      return new RGWGetRolePolicy;
    if (action.compare("ListRolePolicies") == 0)
      return new RGWListRolePolicies;
    if (action.compare("DeleteRolePolicy") == 0)
      return new RGWDeleteRolePolicy;
    if (action.compare("PutUserPolicy") == 0)
      return new RGWPutUserPolicy;
    if (action.compare("GetUserPolicy") == 0)
      return new RGWGetUserPolicy;
    if (action.compare("ListUserPolicies") == 0)
      return new RGWListUserPolicies;
    if (action.compare("DeleteUserPolicy") == 0)
      return new RGWDeleteUserPolicy;
    if (action.compare("CreateOpenIDConnectProvider") == 0)
      return new RGWCreateOIDCProvider;
    if (action.compare("ListOpenIDConnectProviders") == 0)
      return new RGWListOIDCProviders;
    if (action.compare("GetOpenIDConnectProvider") == 0)
      return new RGWGetOIDCProvider;
    if (action.compare("DeleteOpenIDConnectProvider") == 0)
      return new RGWDeleteOIDCProvider;
  }

  return nullptr;
}

int RGWHandler_REST_IAM::init(rgw::sal::RGWRadosStore *store,
                              struct req_state *s,
                              rgw::io::BasicClient *cio)
{
  s->dialect = "iam";

  if (int ret = RGWHandler_REST_IAM::init_from_header(s, RGW_FORMAT_XML, true); ret < 0) {
    ldpp_dout(s, 10) << "init_from_header returned err=" << ret <<  dendl;
    return ret;
  }

  return RGWHandler_REST::init(store, s, cio);
}

int RGWHandler_REST_IAM::authorize(const DoutPrefixProvider* dpp, optional_yield y)
{
  return RGW_Auth_S3::authorize(dpp, store, auth_registry, s, y);
}

int RGWHandler_REST_IAM::init_from_header(struct req_state* s,
                                          int default_formatter,
                                          bool configurable_format)
{
  string req;
  string first;

  s->prot_flags = RGW_REST_IAM;

  const char *p, *req_name;
  if (req_name = s->relative_uri.c_str(); *req_name == '?') {
    p = req_name;
  } else {
    p = s->info.request_params.c_str();
  }

  s->info.args.set(p);
  s->info.args.parse(s);

  /* must be called after the args parsing */
  if (int ret = allocate_formatter(s, default_formatter, configurable_format); ret < 0)
    return ret;

  if (*req_name != '/')
    return 0;

  req_name++;

  if (!*req_name)
    return 0;

  req = req_name;
  int pos = req.find('/');
  if (pos >= 0) {
    first = req.substr(0, pos);
  } else {
    first = req;
  }

  return 0;
}

RGWHandler_REST*
RGWRESTMgr_IAM::get_handler(rgw::sal::RGWRadosStore *store,
			    struct req_state* const s,
			    const rgw::auth::StrategyRegistry& auth_registry,
			    const std::string& frontend_prefix)
{
  return new RGWHandler_REST_IAM(auth_registry);
}
Commit	Line	Data
92f5a8d4	1	// -- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t --
9f95a23c	2	// vim: ts=8 sw=2 smarttab ft=cpp
92f5a8d4 TL	3
	4	#include <boost/tokenizer.hpp>
	5
	6	#include "rgw_rest.h"
	7	#include "rgw_rest_iam.h"
	8
	9	#include "rgw_request.h"
	10	#include "rgw_process.h"
	11
	12	#include "rgw_rest_role.h"
	13	#include "rgw_rest_user_policy.h"
f91f0fd5	14	#include "rgw_rest_oidc_provider.h"
92f5a8d4 TL	15
	16	#define dout_context g_ceph_context
	17	#define dout_subsys ceph_subsys_rgw
	18
	19	void RGWHandler_REST_IAM::rgw_iam_parse_input()
	20	{
	21	if (post_body.size() > 0) {
b3b6e05e	22	ldpp_dout(s, 10) << "Content of POST: " << post_body << dendl;
92f5a8d4 TL	23
	24	if (post_body.find("Action") != string::npos) {
	25	boost::char_separator<char> sep("&");
	26	boost::tokenizer<boost::char_separator<char>> tokens(post_body, sep);
	27	for (const auto& t : tokens) {
	28	auto pos = t.find("=");
	29	if (pos != string::npos) {
9f95a23c TL	30	s->info.args.append(t.substr(0,pos),
9f95a23c TL	31	url_decode(t.substr(pos+1, t.size() -1)));
92f5a8d4 TL	32	}
	33	}
	34	}
	35	}
	36	auto payload_hash = rgw::auth::s3::calc_v4_payload_hash(post_body);
	37	s->info.args.append("PayloadHash", payload_hash);
	38	}
	39
	40	RGWOp *RGWHandler_REST_IAM::op_post()
	41	{
	42	rgw_iam_parse_input();
	43
	44	if (s->info.args.exists("Action")) {
	45	string action = s->info.args.get("Action");
	46	if (action.compare("CreateRole") == 0)
	47	return new RGWCreateRole;
	48	if (action.compare("DeleteRole") == 0)
	49	return new RGWDeleteRole;
	50	if (action.compare("GetRole") == 0)
	51	return new RGWGetRole;
	52	if (action.compare("UpdateAssumeRolePolicy") == 0)
	53	return new RGWModifyRole;
	54	if (action.compare("ListRoles") == 0)
	55	return new RGWListRoles;
	56	if (action.compare("PutRolePolicy") == 0)
	57	return new RGWPutRolePolicy;
	58	if (action.compare("GetRolePolicy") == 0)
	59	return new RGWGetRolePolicy;
	60	if (action.compare("ListRolePolicies") == 0)
	61	return new RGWListRolePolicies;
	62	if (action.compare("DeleteRolePolicy") == 0)
	63	return new RGWDeleteRolePolicy;
	64	if (action.compare("PutUserPolicy") == 0)
	65	return new RGWPutUserPolicy;
	66	if (action.compare("GetUserPolicy") == 0)
	67	return new RGWGetUserPolicy;
	68	if (action.compare("ListUserPolicies") == 0)
	69	return new RGWListUserPolicies;
	70	if (action.compare("DeleteUserPolicy") == 0)
	71	return new RGWDeleteUserPolicy;
f91f0fd5 TL	72	if (action.compare("CreateOpenIDConnectProvider") == 0)
	73	return new RGWCreateOIDCProvider;
	74	if (action.compare("ListOpenIDConnectProviders") == 0)
	75	return new RGWListOIDCProviders;
	76	if (action.compare("GetOpenIDConnectProvider") == 0)
	77	return new RGWGetOIDCProvider;
	78	if (action.compare("DeleteOpenIDConnectProvider") == 0)
	79	return new RGWDeleteOIDCProvider;
92f5a8d4 TL	80	}
	81
	82	return nullptr;
	83	}
	84
9f95a23c	85	int RGWHandler_REST_IAM::init(rgw::sal::RGWRadosStore *store,
92f5a8d4 TL	86	struct req_state *s,
	87	rgw::io::BasicClient *cio)
	88	{
	89	s->dialect = "iam";
	90
	91	if (int ret = RGWHandler_REST_IAM::init_from_header(s, RGW_FORMAT_XML, true); ret < 0) {
b3b6e05e	92	ldpp_dout(s, 10) << "init_from_header returned err=" << ret << dendl;
92f5a8d4 TL	93	return ret;
	94	}
	95
	96	return RGWHandler_REST::init(store, s, cio);
	97	}
	98
f67539c2	99	int RGWHandler_REST_IAM::authorize(const DoutPrefixProvider* dpp, optional_yield y)
92f5a8d4	100	{
f67539c2	101	return RGW_Auth_S3::authorize(dpp, store, auth_registry, s, y);
92f5a8d4 TL	102	}
	103
	104	int RGWHandler_REST_IAM::init_from_header(struct req_state* s,
	105	int default_formatter,
	106	bool configurable_format)
	107	{
	108	string req;
	109	string first;
	110
	111	s->prot_flags = RGW_REST_IAM;
	112
	113	const char p, req_name;
	114	if (req_name = s->relative_uri.c_str(); *req_name == '?') {
	115	p = req_name;
	116	} else {
	117	p = s->info.request_params.c_str();
	118	}
	119
	120	s->info.args.set(p);
b3b6e05e	121	s->info.args.parse(s);
92f5a8d4 TL	122
	123	/* must be called after the args parsing */
	124	if (int ret = allocate_formatter(s, default_formatter, configurable_format); ret < 0)
	125	return ret;
	126
	127	if (*req_name != '/')
	128	return 0;
	129
	130	req_name++;
	131
	132	if (!*req_name)
	133	return 0;
	134
	135	req = req_name;
	136	int pos = req.find('/');
	137	if (pos >= 0) {
	138	first = req.substr(0, pos);
	139	} else {
	140	first = req;
	141	}
	142
	143	return 0;
	144	}
	145
	146	RGWHandler_REST*
f67539c2 TL	147	RGWRESTMgr_IAM::get_handler(rgw::sal::RGWRadosStore *store,
	148	struct req_state* const s,
	149	const rgw::auth::StrategyRegistry& auth_registry,
	150	const std::string& frontend_prefix)
92f5a8d4 TL	151	{
	152	return new RGWHandler_REST_IAM(auth_registry);
	153	}