]>
Commit | Line | Data |
---|---|---|
92f5a8d4 | 1 | // -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*- |
9f95a23c | 2 | // vim: ts=8 sw=2 smarttab ft=cpp |
92f5a8d4 TL |
3 | |
4 | #include <boost/tokenizer.hpp> | |
5 | ||
6 | #include "rgw_rest.h" | |
7 | #include "rgw_rest_iam.h" | |
8 | ||
9 | #include "rgw_request.h" | |
10 | #include "rgw_process.h" | |
11 | ||
12 | #include "rgw_rest_role.h" | |
13 | #include "rgw_rest_user_policy.h" | |
f91f0fd5 | 14 | #include "rgw_rest_oidc_provider.h" |
92f5a8d4 TL |
15 | |
16 | #define dout_context g_ceph_context | |
17 | #define dout_subsys ceph_subsys_rgw | |
18 | ||
19 | void RGWHandler_REST_IAM::rgw_iam_parse_input() | |
20 | { | |
21 | if (post_body.size() > 0) { | |
b3b6e05e | 22 | ldpp_dout(s, 10) << "Content of POST: " << post_body << dendl; |
92f5a8d4 TL |
23 | |
24 | if (post_body.find("Action") != string::npos) { | |
25 | boost::char_separator<char> sep("&"); | |
26 | boost::tokenizer<boost::char_separator<char>> tokens(post_body, sep); | |
27 | for (const auto& t : tokens) { | |
28 | auto pos = t.find("="); | |
29 | if (pos != string::npos) { | |
9f95a23c TL |
30 | s->info.args.append(t.substr(0,pos), |
31 | url_decode(t.substr(pos+1, t.size() -1))); | |
92f5a8d4 TL |
32 | } |
33 | } | |
34 | } | |
35 | } | |
36 | auto payload_hash = rgw::auth::s3::calc_v4_payload_hash(post_body); | |
37 | s->info.args.append("PayloadHash", payload_hash); | |
38 | } | |
39 | ||
40 | RGWOp *RGWHandler_REST_IAM::op_post() | |
41 | { | |
42 | rgw_iam_parse_input(); | |
43 | ||
44 | if (s->info.args.exists("Action")) { | |
45 | string action = s->info.args.get("Action"); | |
46 | if (action.compare("CreateRole") == 0) | |
47 | return new RGWCreateRole; | |
48 | if (action.compare("DeleteRole") == 0) | |
49 | return new RGWDeleteRole; | |
50 | if (action.compare("GetRole") == 0) | |
51 | return new RGWGetRole; | |
52 | if (action.compare("UpdateAssumeRolePolicy") == 0) | |
53 | return new RGWModifyRole; | |
54 | if (action.compare("ListRoles") == 0) | |
55 | return new RGWListRoles; | |
56 | if (action.compare("PutRolePolicy") == 0) | |
57 | return new RGWPutRolePolicy; | |
58 | if (action.compare("GetRolePolicy") == 0) | |
59 | return new RGWGetRolePolicy; | |
60 | if (action.compare("ListRolePolicies") == 0) | |
61 | return new RGWListRolePolicies; | |
62 | if (action.compare("DeleteRolePolicy") == 0) | |
63 | return new RGWDeleteRolePolicy; | |
64 | if (action.compare("PutUserPolicy") == 0) | |
65 | return new RGWPutUserPolicy; | |
66 | if (action.compare("GetUserPolicy") == 0) | |
67 | return new RGWGetUserPolicy; | |
68 | if (action.compare("ListUserPolicies") == 0) | |
69 | return new RGWListUserPolicies; | |
70 | if (action.compare("DeleteUserPolicy") == 0) | |
71 | return new RGWDeleteUserPolicy; | |
f91f0fd5 TL |
72 | if (action.compare("CreateOpenIDConnectProvider") == 0) |
73 | return new RGWCreateOIDCProvider; | |
74 | if (action.compare("ListOpenIDConnectProviders") == 0) | |
75 | return new RGWListOIDCProviders; | |
76 | if (action.compare("GetOpenIDConnectProvider") == 0) | |
77 | return new RGWGetOIDCProvider; | |
78 | if (action.compare("DeleteOpenIDConnectProvider") == 0) | |
79 | return new RGWDeleteOIDCProvider; | |
92f5a8d4 TL |
80 | } |
81 | ||
82 | return nullptr; | |
83 | } | |
84 | ||
9f95a23c | 85 | int RGWHandler_REST_IAM::init(rgw::sal::RGWRadosStore *store, |
92f5a8d4 TL |
86 | struct req_state *s, |
87 | rgw::io::BasicClient *cio) | |
88 | { | |
89 | s->dialect = "iam"; | |
90 | ||
91 | if (int ret = RGWHandler_REST_IAM::init_from_header(s, RGW_FORMAT_XML, true); ret < 0) { | |
b3b6e05e | 92 | ldpp_dout(s, 10) << "init_from_header returned err=" << ret << dendl; |
92f5a8d4 TL |
93 | return ret; |
94 | } | |
95 | ||
96 | return RGWHandler_REST::init(store, s, cio); | |
97 | } | |
98 | ||
f67539c2 | 99 | int RGWHandler_REST_IAM::authorize(const DoutPrefixProvider* dpp, optional_yield y) |
92f5a8d4 | 100 | { |
f67539c2 | 101 | return RGW_Auth_S3::authorize(dpp, store, auth_registry, s, y); |
92f5a8d4 TL |
102 | } |
103 | ||
104 | int RGWHandler_REST_IAM::init_from_header(struct req_state* s, | |
105 | int default_formatter, | |
106 | bool configurable_format) | |
107 | { | |
108 | string req; | |
109 | string first; | |
110 | ||
111 | s->prot_flags = RGW_REST_IAM; | |
112 | ||
113 | const char *p, *req_name; | |
114 | if (req_name = s->relative_uri.c_str(); *req_name == '?') { | |
115 | p = req_name; | |
116 | } else { | |
117 | p = s->info.request_params.c_str(); | |
118 | } | |
119 | ||
120 | s->info.args.set(p); | |
b3b6e05e | 121 | s->info.args.parse(s); |
92f5a8d4 TL |
122 | |
123 | /* must be called after the args parsing */ | |
124 | if (int ret = allocate_formatter(s, default_formatter, configurable_format); ret < 0) | |
125 | return ret; | |
126 | ||
127 | if (*req_name != '/') | |
128 | return 0; | |
129 | ||
130 | req_name++; | |
131 | ||
132 | if (!*req_name) | |
133 | return 0; | |
134 | ||
135 | req = req_name; | |
136 | int pos = req.find('/'); | |
137 | if (pos >= 0) { | |
138 | first = req.substr(0, pos); | |
139 | } else { | |
140 | first = req; | |
141 | } | |
142 | ||
143 | return 0; | |
144 | } | |
145 | ||
146 | RGWHandler_REST* | |
f67539c2 TL |
147 | RGWRESTMgr_IAM::get_handler(rgw::sal::RGWRadosStore *store, |
148 | struct req_state* const s, | |
149 | const rgw::auth::StrategyRegistry& auth_registry, | |
150 | const std::string& frontend_prefix) | |
92f5a8d4 TL |
151 | { |
152 | return new RGWHandler_REST_IAM(auth_registry); | |
153 | } |