]>
Commit | Line | Data |
---|---|---|
7c673cae FG |
1 | // -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*- |
2 | // vim: ts=8 sw=2 smarttab | |
3 | ||
4 | #ifndef CEPH_RGW_USER_H | |
5 | #define CEPH_RGW_USER_H | |
6 | ||
7 | #include <string> | |
8 | #include <boost/algorithm/string.hpp> | |
9 | #include "include/assert.h" | |
10 | ||
11 | #include "include/types.h" | |
12 | #include "rgw_common.h" | |
13 | #include "rgw_tools.h" | |
14 | ||
15 | #include "rgw_rados.h" | |
16 | ||
17 | #include "rgw_string.h" | |
18 | ||
19 | #include "common/Formatter.h" | |
20 | #include "rgw_formats.h" | |
21 | ||
7c673cae FG |
22 | #define RGW_USER_ANON_ID "anonymous" |
23 | ||
24 | #define SECRET_KEY_LEN 40 | |
25 | #define PUBLIC_ID_LEN 20 | |
26 | #define RAND_SUBUSER_LEN 5 | |
27 | ||
28 | #define XMLNS_AWS_S3 "http://s3.amazonaws.com/doc/2006-03-01/" | |
29 | ||
30 | /** | |
31 | * A string wrapper that includes encode/decode functions | |
32 | * for easily accessing a UID in all forms | |
33 | */ | |
34 | struct RGWUID | |
35 | { | |
36 | rgw_user user_id; | |
37 | void encode(bufferlist& bl) const { | |
38 | string s; | |
39 | user_id.to_str(s); | |
40 | ::encode(s, bl); | |
41 | } | |
42 | void decode(bufferlist::iterator& bl) { | |
43 | string s; | |
44 | ::decode(s, bl); | |
45 | user_id.from_str(s); | |
46 | } | |
47 | }; | |
48 | WRITE_CLASS_ENCODER(RGWUID) | |
49 | ||
50 | extern int rgw_user_sync_all_stats(RGWRados *store, const rgw_user& user_id); | |
c07f9fc5 FG |
51 | extern int rgw_user_get_all_buckets_stats(RGWRados *store, const rgw_user& user_id, map<string, cls_user_bucket_entry>&buckets_usage_map); |
52 | ||
7c673cae FG |
53 | /** |
54 | * Get the anonymous (ie, unauthenticated) user info. | |
55 | */ | |
56 | extern void rgw_get_anon_user(RGWUserInfo& info); | |
57 | ||
58 | /** | |
59 | * Save the given user information to storage. | |
60 | * Returns: 0 on success, -ERR# on failure. | |
61 | */ | |
62 | extern int rgw_store_user_info(RGWRados *store, | |
63 | RGWUserInfo& info, | |
64 | RGWUserInfo *old_info, | |
65 | RGWObjVersionTracker *objv_tracker, | |
66 | real_time mtime, | |
67 | bool exclusive, | |
68 | map<string, bufferlist> *pattrs = NULL); | |
69 | ||
70 | /** | |
71 | * Given an user_id, finds the user info associated with it. | |
72 | * returns: 0 on success, -ERR# on failure (including nonexistence) | |
73 | */ | |
74 | extern int rgw_get_user_info_by_uid(RGWRados *store, | |
75 | const rgw_user& user_id, | |
76 | RGWUserInfo& info, | |
77 | RGWObjVersionTracker *objv_tracker = NULL, | |
78 | real_time *pmtime = NULL, | |
79 | rgw_cache_entry_info *cache_info = NULL, | |
80 | map<string, bufferlist> *pattrs = NULL); | |
81 | /** | |
82 | * Given an email, finds the user info associated with it. | |
83 | * returns: 0 on success, -ERR# on failure (including nonexistence) | |
84 | */ | |
85 | extern int rgw_get_user_info_by_email(RGWRados *store, string& email, RGWUserInfo& info, | |
86 | RGWObjVersionTracker *objv_tracker = NULL, real_time *pmtime = NULL); | |
87 | /** | |
88 | * Given an swift username, finds the user info associated with it. | |
89 | * returns: 0 on success, -ERR# on failure (including nonexistence) | |
90 | */ | |
91 | extern int rgw_get_user_info_by_swift(RGWRados *store, | |
92 | const string& swift_name, | |
93 | RGWUserInfo& info, /* out */ | |
94 | RGWObjVersionTracker *objv_tracker = nullptr, | |
95 | real_time *pmtime = nullptr); | |
96 | /** | |
97 | * Given an access key, finds the user info associated with it. | |
98 | * returns: 0 on success, -ERR# on failure (including nonexistence) | |
99 | */ | |
100 | extern int rgw_get_user_info_by_access_key(RGWRados* store, | |
101 | const std::string& access_key, | |
102 | RGWUserInfo& info, | |
103 | RGWObjVersionTracker* objv_tracker = nullptr, | |
104 | real_time* pmtime = nullptr); | |
105 | /** | |
106 | * Get all the custom metadata stored for user specified in @user_id | |
107 | * and put it into @attrs. | |
108 | * Returns: 0 on success, -ERR# on failure. | |
109 | */ | |
110 | extern int rgw_get_user_attrs_by_uid(RGWRados *store, | |
111 | const rgw_user& user_id, | |
112 | map<string, bufferlist>& attrs, | |
113 | RGWObjVersionTracker *objv_tracker = NULL); | |
114 | /** | |
115 | * Given an RGWUserInfo, deletes the user and its bucket ACLs. | |
116 | */ | |
117 | extern int rgw_delete_user(RGWRados *store, RGWUserInfo& user, RGWObjVersionTracker& objv_tracker); | |
7c673cae FG |
118 | |
119 | /* | |
120 | * remove the different indexes | |
121 | */ | |
122 | extern int rgw_remove_key_index(RGWRados *store, RGWAccessKey& access_key); | |
123 | extern int rgw_remove_uid_index(RGWRados *store, rgw_user& uid); | |
124 | extern int rgw_remove_email_index(RGWRados *store, string& email); | |
125 | extern int rgw_remove_swift_name_index(RGWRados *store, string& swift_name); | |
126 | ||
7c673cae FG |
127 | extern void rgw_perm_to_str(uint32_t mask, char *buf, int len); |
128 | extern uint32_t rgw_str_to_perm(const char *str); | |
129 | ||
d2e6a577 FG |
130 | extern int rgw_validate_tenant_name(const string& t); |
131 | ||
7c673cae FG |
132 | enum ObjectKeyType { |
133 | KEY_TYPE_SWIFT, | |
134 | KEY_TYPE_S3, | |
135 | KEY_TYPE_UNDEFINED | |
136 | }; | |
137 | ||
138 | enum RGWKeyPoolOp { | |
139 | GENERATE_KEY, | |
140 | MODIFY_KEY | |
141 | }; | |
142 | ||
143 | enum RGWUserId { | |
144 | RGW_USER_ID, | |
145 | RGW_SWIFT_USERNAME, | |
146 | RGW_USER_EMAIL, | |
147 | RGW_ACCESS_KEY, | |
148 | }; | |
149 | ||
d2e6a577 FG |
150 | /* |
151 | * An RGWUser class along with supporting classes created | |
152 | * to support the creation of an RESTful administrative API | |
153 | */ | |
7c673cae FG |
154 | struct RGWUserAdminOpState { |
155 | // user attributes | |
156 | RGWUserInfo info; | |
157 | rgw_user user_id; | |
158 | std::string user_email; | |
159 | std::string display_name; | |
160 | int32_t max_buckets; | |
161 | __u8 suspended; | |
162 | __u8 admin; | |
163 | __u8 system; | |
164 | __u8 exclusive; | |
165 | __u8 fetch_stats; | |
166 | std::string caps; | |
167 | RGWObjVersionTracker objv; | |
168 | uint32_t op_mask; | |
169 | map<int, string> temp_url_keys; | |
170 | ||
171 | // subuser attributes | |
172 | std::string subuser; | |
173 | uint32_t perm_mask; | |
174 | ||
175 | // key_attributes | |
176 | std::string id; // access key | |
177 | std::string key; // secret key | |
178 | int32_t key_type; | |
179 | ||
180 | // operation attributes | |
181 | bool existing_user; | |
182 | bool existing_key; | |
183 | bool existing_subuser; | |
184 | bool existing_email; | |
185 | bool subuser_specified; | |
186 | bool gen_secret; | |
187 | bool gen_access; | |
188 | bool gen_subuser; | |
189 | bool id_specified; | |
190 | bool key_specified; | |
191 | bool type_specified; | |
192 | bool key_type_setbycontext; // key type set by user or subuser context | |
193 | bool purge_data; | |
194 | bool purge_keys; | |
195 | bool display_name_specified; | |
196 | bool user_email_specified; | |
197 | bool max_buckets_specified; | |
198 | bool perm_specified; | |
199 | bool op_mask_specified; | |
200 | bool caps_specified; | |
201 | bool suspension_op; | |
d2e6a577 | 202 | bool admin_specified = false; |
7c673cae FG |
203 | bool system_specified; |
204 | bool key_op; | |
205 | bool temp_url_key_specified; | |
206 | bool found_by_uid; | |
207 | bool found_by_email; | |
208 | bool found_by_key; | |
209 | ||
210 | // req parameters | |
211 | bool populated; | |
212 | bool initialized; | |
213 | bool key_params_checked; | |
214 | bool subuser_params_checked; | |
215 | bool user_params_checked; | |
216 | ||
217 | bool bucket_quota_specified; | |
218 | bool user_quota_specified; | |
219 | ||
220 | RGWQuotaInfo bucket_quota; | |
221 | RGWQuotaInfo user_quota; | |
222 | ||
223 | void set_access_key(std::string& access_key) { | |
224 | if (access_key.empty()) | |
225 | return; | |
226 | ||
227 | id = access_key; | |
228 | id_specified = true; | |
229 | gen_access = false; | |
230 | key_op = true; | |
231 | } | |
232 | ||
233 | void set_secret_key(std::string& secret_key) { | |
234 | if (secret_key.empty()) | |
235 | return; | |
236 | ||
237 | key = secret_key; | |
238 | key_specified = true; | |
239 | gen_secret = false; | |
240 | key_op = true; | |
241 | } | |
242 | ||
243 | void set_user_id(rgw_user& id) { | |
244 | if (id.empty()) | |
245 | return; | |
246 | ||
247 | user_id = id; | |
248 | } | |
249 | ||
250 | void set_user_email(std::string& email) { | |
c07f9fc5 | 251 | /* always lowercase email address */ |
7c673cae FG |
252 | boost::algorithm::to_lower(email); |
253 | user_email = email; | |
254 | user_email_specified = true; | |
255 | } | |
256 | ||
257 | void set_display_name(std::string& name) { | |
258 | if (name.empty()) | |
259 | return; | |
260 | ||
261 | display_name = name; | |
262 | display_name_specified = true; | |
263 | } | |
264 | ||
265 | void set_subuser(std::string& _subuser) { | |
266 | if (_subuser.empty()) | |
267 | return; | |
268 | ||
269 | size_t pos = _subuser.find(":"); | |
270 | if (pos != string::npos) { | |
271 | rgw_user tmp_id; | |
272 | tmp_id.from_str(_subuser.substr(0, pos)); | |
273 | if (tmp_id.tenant.empty()) { | |
274 | user_id.id = tmp_id.id; | |
275 | } else { | |
276 | user_id = tmp_id; | |
277 | } | |
278 | subuser = _subuser.substr(pos+1); | |
279 | } else { | |
280 | subuser = _subuser; | |
281 | } | |
282 | ||
283 | subuser_specified = true; | |
284 | } | |
285 | ||
286 | void set_caps(std::string& _caps) { | |
287 | if (_caps.empty()) | |
288 | return; | |
289 | ||
290 | caps = _caps; | |
291 | caps_specified = true; | |
292 | } | |
293 | ||
294 | void set_perm(uint32_t perm) { | |
295 | perm_mask = perm; | |
296 | perm_specified = true; | |
297 | } | |
298 | ||
299 | void set_op_mask(uint32_t mask) { | |
300 | op_mask = mask; | |
301 | op_mask_specified = true; | |
302 | } | |
303 | ||
304 | void set_temp_url_key(const string& key, int index) { | |
305 | temp_url_keys[index] = key; | |
306 | temp_url_key_specified = true; | |
307 | } | |
308 | ||
309 | void set_key_type(int32_t type) { | |
310 | key_type = type; | |
311 | type_specified = true; | |
312 | } | |
313 | ||
314 | void set_suspension(__u8 is_suspended) { | |
315 | suspended = is_suspended; | |
316 | suspension_op = true; | |
317 | } | |
318 | ||
319 | void set_admin(__u8 is_admin) { | |
320 | admin = is_admin; | |
321 | admin_specified = true; | |
322 | } | |
323 | ||
324 | void set_system(__u8 is_system) { | |
325 | system = is_system; | |
326 | system_specified = true; | |
327 | } | |
328 | ||
329 | void set_exclusive(__u8 is_exclusive) { | |
330 | exclusive = is_exclusive; | |
331 | } | |
332 | ||
333 | void set_fetch_stats(__u8 is_fetch_stats) { | |
334 | fetch_stats = is_fetch_stats; | |
335 | } | |
336 | ||
337 | void set_user_info(RGWUserInfo& user_info) { | |
338 | user_id = user_info.user_id; | |
339 | info = user_info; | |
340 | } | |
341 | ||
342 | void set_max_buckets(int32_t mb) { | |
343 | max_buckets = mb; | |
344 | max_buckets_specified = true; | |
345 | } | |
346 | ||
347 | void set_gen_access() { | |
348 | gen_access = true; | |
349 | key_op = true; | |
350 | } | |
351 | ||
352 | void set_gen_secret() { | |
353 | gen_secret = true; | |
354 | key_op = true; | |
355 | } | |
356 | ||
357 | void set_generate_key() { | |
358 | if (id.empty()) | |
359 | gen_access = true; | |
360 | if (key.empty()) | |
361 | gen_secret = true; | |
362 | key_op = true; | |
363 | } | |
364 | ||
365 | void clear_generate_key() { | |
366 | gen_access = false; | |
367 | gen_secret = false; | |
368 | } | |
369 | ||
370 | void set_purge_keys() { | |
371 | purge_keys = true; | |
372 | key_op = true; | |
373 | } | |
374 | ||
375 | void set_bucket_quota(RGWQuotaInfo& quota) { | |
376 | bucket_quota = quota; | |
377 | bucket_quota_specified = true; | |
378 | } | |
379 | ||
380 | void set_user_quota(RGWQuotaInfo& quota) { | |
381 | user_quota = quota; | |
382 | user_quota_specified = true; | |
383 | } | |
384 | ||
385 | bool is_populated() { return populated; } | |
386 | bool is_initialized() { return initialized; } | |
387 | bool has_existing_user() { return existing_user; } | |
388 | bool has_existing_key() { return existing_key; } | |
389 | bool has_existing_subuser() { return existing_subuser; } | |
390 | bool has_existing_email() { return existing_email; } | |
391 | bool has_subuser() { return subuser_specified; } | |
392 | bool has_key_op() { return key_op; } | |
393 | bool has_caps_op() { return caps_specified; } | |
394 | bool has_suspension_op() { return suspension_op; } | |
395 | bool has_subuser_perm() { return perm_specified; } | |
396 | bool has_op_mask() { return op_mask_specified; } | |
397 | bool will_gen_access() { return gen_access; } | |
398 | bool will_gen_secret() { return gen_secret; } | |
399 | bool will_gen_subuser() { return gen_subuser; } | |
400 | bool will_purge_keys() { return purge_keys; } | |
401 | bool will_purge_data() { return purge_data; } | |
402 | bool will_generate_subuser() { return gen_subuser; } | |
403 | bool has_bucket_quota() { return bucket_quota_specified; } | |
404 | bool has_user_quota() { return user_quota_specified; } | |
405 | void set_populated() { populated = true; } | |
406 | void clear_populated() { populated = false; } | |
407 | void set_initialized() { initialized = true; } | |
408 | void set_existing_user(bool flag) { existing_user = flag; } | |
409 | void set_existing_key(bool flag) { existing_key = flag; } | |
410 | void set_existing_subuser(bool flag) { existing_subuser = flag; } | |
411 | void set_existing_email(bool flag) { existing_email = flag; } | |
412 | void set_purge_data(bool flag) { purge_data = flag; } | |
413 | void set_generate_subuser(bool flag) { gen_subuser = flag; } | |
414 | __u8 get_suspension_status() { return suspended; } | |
415 | int32_t get_key_type() {return key_type; } | |
416 | uint32_t get_subuser_perm() { return perm_mask; } | |
417 | int32_t get_max_buckets() { return max_buckets; } | |
418 | uint32_t get_op_mask() { return op_mask; } | |
419 | RGWQuotaInfo& get_bucket_quota() { return bucket_quota; } | |
420 | RGWQuotaInfo& get_user_quota() { return user_quota; } | |
421 | ||
422 | rgw_user& get_user_id() { return user_id; } | |
423 | std::string get_subuser() { return subuser; } | |
424 | std::string get_access_key() { return id; } | |
425 | std::string get_secret_key() { return key; } | |
426 | std::string get_caps() { return caps; } | |
427 | std::string get_user_email() { return user_email; } | |
428 | std::string get_display_name() { return display_name; } | |
429 | map<int, std::string>& get_temp_url_keys() { return temp_url_keys; } | |
430 | ||
431 | RGWUserInfo& get_user_info() { return info; } | |
432 | ||
433 | map<std::string, RGWAccessKey> *get_swift_keys() { return &info.swift_keys; } | |
434 | map<std::string, RGWAccessKey> *get_access_keys() { return &info.access_keys; } | |
435 | map<std::string, RGWSubUser> *get_subusers() { return &info.subusers; } | |
436 | ||
437 | RGWUserCaps *get_caps_obj() { return &info.caps; } | |
438 | ||
439 | std::string build_default_swift_kid() { | |
440 | if (user_id.empty() || subuser.empty()) | |
441 | return ""; | |
442 | ||
443 | std::string kid; | |
444 | user_id.to_str(kid); | |
445 | kid.append(":"); | |
446 | kid.append(subuser); | |
447 | ||
448 | return kid; | |
449 | } | |
450 | ||
451 | std::string generate_subuser() { | |
452 | if (user_id.empty()) | |
453 | return ""; | |
454 | ||
455 | std::string generated_subuser; | |
456 | user_id.to_str(generated_subuser); | |
457 | std::string rand_suffix; | |
458 | ||
459 | int sub_buf_size = RAND_SUBUSER_LEN + 1; | |
460 | char sub_buf[RAND_SUBUSER_LEN + 1]; | |
461 | ||
462 | if (gen_rand_alphanumeric_upper(g_ceph_context, sub_buf, sub_buf_size) < 0) | |
463 | return ""; | |
464 | ||
465 | rand_suffix = sub_buf; | |
466 | if (rand_suffix.empty()) | |
467 | return ""; | |
468 | ||
469 | generated_subuser.append(rand_suffix); | |
470 | subuser = generated_subuser; | |
471 | ||
472 | return generated_subuser; | |
473 | } | |
474 | ||
475 | RGWUserAdminOpState() : user_id(RGW_USER_ANON_ID) | |
476 | { | |
477 | max_buckets = RGW_DEFAULT_MAX_BUCKETS; | |
478 | key_type = -1; | |
479 | perm_mask = RGW_PERM_NONE; | |
480 | suspended = 0; | |
481 | admin = 0; | |
482 | system = 0; | |
483 | exclusive = 0; | |
484 | fetch_stats = 0; | |
485 | op_mask = 0; | |
486 | ||
487 | existing_user = false; | |
488 | existing_key = false; | |
489 | existing_subuser = false; | |
490 | existing_email = false; | |
491 | subuser_specified = false; | |
492 | caps_specified = false; | |
493 | purge_keys = false; | |
494 | gen_secret = false; | |
495 | gen_access = false; | |
496 | gen_subuser = false; | |
497 | id_specified = false; | |
498 | key_specified = false; | |
499 | type_specified = false; | |
500 | key_type_setbycontext = false; | |
501 | purge_data = false; | |
502 | display_name_specified = false; | |
503 | user_email_specified = false; | |
504 | max_buckets_specified = false; | |
505 | perm_specified = false; | |
506 | op_mask_specified = false; | |
507 | suspension_op = false; | |
508 | system_specified = false; | |
509 | key_op = false; | |
510 | populated = false; | |
511 | initialized = false; | |
512 | key_params_checked = false; | |
513 | subuser_params_checked = false; | |
514 | user_params_checked = false; | |
515 | bucket_quota_specified = false; | |
516 | temp_url_key_specified = false; | |
517 | user_quota_specified = false; | |
518 | found_by_uid = false; | |
519 | found_by_email = false; | |
520 | found_by_key = false; | |
521 | } | |
522 | }; | |
523 | ||
524 | class RGWUser; | |
525 | ||
526 | class RGWAccessKeyPool | |
527 | { | |
528 | RGWUser *user; | |
529 | ||
530 | std::map<std::string, int, ltstr_nocase> key_type_map; | |
531 | rgw_user user_id; | |
532 | RGWRados *store; | |
533 | ||
534 | map<std::string, RGWAccessKey> *swift_keys; | |
535 | map<std::string, RGWAccessKey> *access_keys; | |
536 | ||
537 | // we don't want to allow keys for the anonymous user or a null user | |
538 | bool keys_allowed; | |
539 | ||
540 | private: | |
541 | int create_key(RGWUserAdminOpState& op_state, std::string *err_msg = NULL); | |
542 | int generate_key(RGWUserAdminOpState& op_state, std::string *err_msg = NULL); | |
543 | int modify_key(RGWUserAdminOpState& op_state, std::string *err_msg = NULL); | |
544 | ||
545 | int check_key_owner(RGWUserAdminOpState& op_state); | |
546 | bool check_existing_key(RGWUserAdminOpState& op_state); | |
547 | int check_op(RGWUserAdminOpState& op_state, std::string *err_msg = NULL); | |
548 | ||
549 | /* API Contract Fulfilment */ | |
550 | int execute_add(RGWUserAdminOpState& op_state, std::string *err_msg, bool defer_save); | |
551 | int execute_remove(RGWUserAdminOpState& op_state, std::string *err_msg, bool defer_save); | |
552 | int remove_subuser_keys(RGWUserAdminOpState& op_state, std::string *err_msg, bool defer_save); | |
553 | ||
554 | int add(RGWUserAdminOpState& op_state, std::string *err_msg, bool defer_save); | |
555 | int remove(RGWUserAdminOpState& op_state, std::string *err_msg, bool defer_save); | |
556 | public: | |
557 | explicit RGWAccessKeyPool(RGWUser* usr); | |
558 | ~RGWAccessKeyPool(); | |
559 | ||
560 | int init(RGWUserAdminOpState& op_state); | |
561 | ||
562 | /* API Contracted Methods */ | |
563 | int add(RGWUserAdminOpState& op_state, std::string *err_msg = NULL); | |
564 | int remove(RGWUserAdminOpState& op_state, std::string *err_msg = NULL); | |
565 | ||
566 | friend class RGWUser; | |
567 | friend class RGWSubUserPool; | |
568 | }; | |
569 | ||
570 | class RGWSubUserPool | |
571 | { | |
572 | RGWUser *user; | |
573 | ||
574 | rgw_user user_id; | |
575 | RGWRados *store; | |
576 | bool subusers_allowed; | |
577 | ||
578 | map<string, RGWSubUser> *subuser_map; | |
579 | ||
580 | private: | |
581 | int check_op(RGWUserAdminOpState& op_state, std::string *err_msg = NULL); | |
582 | ||
583 | /* API Contract Fulfillment */ | |
584 | int execute_add(RGWUserAdminOpState& op_state, std::string *err_msg, bool defer_save); | |
585 | int execute_remove(RGWUserAdminOpState& op_state, std::string *err_msg, bool defer_save); | |
586 | int execute_modify(RGWUserAdminOpState& op_state, std::string *err_msg, bool defer_save); | |
587 | ||
588 | int add(RGWUserAdminOpState& op_state, std::string *err_msg, bool defer_save); | |
589 | int remove(RGWUserAdminOpState& op_state, std::string *err_msg, bool defer_save); | |
590 | int modify(RGWUserAdminOpState& op_state, std::string *err_msg, bool defer_save); | |
591 | public: | |
592 | explicit RGWSubUserPool(RGWUser *user); | |
593 | ~RGWSubUserPool(); | |
594 | ||
595 | bool exists(std::string subuser); | |
596 | int init(RGWUserAdminOpState& op_state); | |
597 | ||
598 | /* API contracted methods */ | |
599 | int add(RGWUserAdminOpState& op_state, std::string *err_msg = NULL); | |
600 | int remove(RGWUserAdminOpState& op_state, std::string *err_msg = NULL); | |
601 | int modify(RGWUserAdminOpState& op_state, std::string *err_msg = NULL); | |
602 | ||
603 | friend class RGWUser; | |
604 | }; | |
605 | ||
606 | class RGWUserCapPool | |
607 | { | |
608 | RGWUserCaps *caps; | |
609 | bool caps_allowed; | |
610 | RGWUser *user; | |
611 | ||
612 | private: | |
613 | int add(RGWUserAdminOpState& op_state, std::string *err_msg, bool defer_save); | |
614 | int remove(RGWUserAdminOpState& op_state, std::string *err_msg, bool defer_save); | |
615 | ||
616 | public: | |
617 | explicit RGWUserCapPool(RGWUser *user); | |
618 | ~RGWUserCapPool(); | |
619 | ||
620 | int init(RGWUserAdminOpState& op_state); | |
621 | ||
622 | /* API contracted methods */ | |
623 | int add(RGWUserAdminOpState& op_state, std::string *err_msg = NULL); | |
624 | int remove(RGWUserAdminOpState& op_state, std::string *err_msg = NULL); | |
625 | ||
626 | friend class RGWUser; | |
627 | }; | |
628 | ||
629 | class RGWUser | |
630 | { | |
631 | ||
632 | private: | |
633 | RGWUserInfo old_info; | |
634 | RGWRados *store; | |
635 | ||
636 | rgw_user user_id; | |
637 | bool info_stored; | |
638 | ||
639 | void set_populated() { info_stored = true; } | |
640 | void clear_populated() { info_stored = false; } | |
641 | bool is_populated() { return info_stored; } | |
642 | ||
643 | int check_op(RGWUserAdminOpState& req, std::string *err_msg); | |
644 | int update(RGWUserAdminOpState& op_state, std::string *err_msg); | |
645 | ||
646 | void clear_members(); | |
647 | void init_default(); | |
648 | ||
649 | /* API Contract Fulfillment */ | |
650 | int execute_add(RGWUserAdminOpState& op_state, std::string *err_msg); | |
651 | int execute_remove(RGWUserAdminOpState& op_state, std::string *err_msg); | |
652 | int execute_modify(RGWUserAdminOpState& op_state, std::string *err_msg); | |
653 | ||
654 | public: | |
655 | RGWUser(); | |
656 | ~RGWUser(); | |
657 | ||
658 | int init(RGWRados *storage, RGWUserAdminOpState& op_state); | |
659 | ||
660 | int init_storage(RGWRados *storage); | |
661 | int init(RGWUserAdminOpState& op_state); | |
662 | int init_members(RGWUserAdminOpState& op_state); | |
663 | ||
664 | RGWRados *get_store() { return store; } | |
665 | ||
666 | /* API Contracted Members */ | |
667 | RGWUserCapPool caps; | |
668 | RGWAccessKeyPool keys; | |
669 | RGWSubUserPool subusers; | |
670 | ||
671 | /* API Contracted Methods */ | |
672 | int add(RGWUserAdminOpState& op_state, std::string *err_msg = NULL); | |
673 | int remove(RGWUserAdminOpState& op_state, std::string *err_msg = NULL); | |
674 | ||
675 | /* remove an already populated RGWUser */ | |
676 | int remove(std::string *err_msg = NULL); | |
677 | ||
678 | int modify(RGWUserAdminOpState& op_state, std::string *err_msg = NULL); | |
679 | ||
680 | /* retrieve info from an existing user in the RGW system */ | |
681 | int info(RGWUserAdminOpState& op_state, RGWUserInfo& fetched_info, std::string *err_msg = NULL); | |
682 | ||
683 | /* info from an already populated RGWUser */ | |
684 | int info (RGWUserInfo& fetched_info, std::string *err_msg = NULL); | |
685 | ||
686 | friend class RGWAccessKeyPool; | |
687 | friend class RGWSubUserPool; | |
688 | friend class RGWUserCapPool; | |
689 | }; | |
690 | ||
691 | /* Wrapers for admin API functionality */ | |
692 | ||
693 | class RGWUserAdminOp_User | |
694 | { | |
695 | public: | |
696 | static int info(RGWRados *store, | |
697 | RGWUserAdminOpState& op_state, RGWFormatterFlusher& flusher); | |
698 | ||
699 | static int create(RGWRados *store, | |
700 | RGWUserAdminOpState& op_state, RGWFormatterFlusher& flusher); | |
701 | ||
702 | static int modify(RGWRados *store, | |
703 | RGWUserAdminOpState& op_state, RGWFormatterFlusher& flusher); | |
704 | ||
705 | static int remove(RGWRados *store, | |
706 | RGWUserAdminOpState& op_state, RGWFormatterFlusher& flusher); | |
707 | }; | |
708 | ||
709 | class RGWUserAdminOp_Subuser | |
710 | { | |
711 | public: | |
712 | static int create(RGWRados *store, | |
713 | RGWUserAdminOpState& op_state, RGWFormatterFlusher& flusher); | |
714 | ||
715 | static int modify(RGWRados *store, | |
716 | RGWUserAdminOpState& op_state, RGWFormatterFlusher& flusher); | |
717 | ||
718 | static int remove(RGWRados *store, | |
719 | RGWUserAdminOpState& op_state, RGWFormatterFlusher& flusher); | |
720 | }; | |
721 | ||
722 | class RGWUserAdminOp_Key | |
723 | { | |
724 | public: | |
725 | static int create(RGWRados *store, | |
726 | RGWUserAdminOpState& op_state, RGWFormatterFlusher& flusher); | |
727 | ||
728 | static int remove(RGWRados *store, | |
729 | RGWUserAdminOpState& op_state, RGWFormatterFlusher& flusher); | |
730 | }; | |
731 | ||
732 | class RGWUserAdminOp_Caps | |
733 | { | |
734 | public: | |
735 | static int add(RGWRados *store, | |
736 | RGWUserAdminOpState& op_state, RGWFormatterFlusher& flusher); | |
737 | ||
738 | static int remove(RGWRados *store, | |
739 | RGWUserAdminOpState& op_state, RGWFormatterFlusher& flusher); | |
740 | }; | |
741 | ||
742 | class RGWMetadataManager; | |
743 | ||
744 | extern void rgw_user_init(RGWRados *store); | |
745 | ||
746 | #endif |