ceph/src/rgw/rgw_rest_iam.cc

   1 // -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
   2 // vim: ts=8 sw=2 smarttab ft=cpp
   3
   4 #include <boost/tokenizer.hpp>
   5
   6 #include "rgw_rest.h"
   7 #include "rgw_rest_iam.h"
   8
   9 #include "rgw_request.h"
  10 #include "rgw_process.h"
  11
  12 #include "rgw_rest_role.h"
  13 #include "rgw_rest_user_policy.h"
  14 #include "rgw_rest_oidc_provider.h"
  15
  16 #define dout_context g_ceph_context
  17 #define dout_subsys ceph_subsys_rgw
  18
  19 using namespace std;
  20
  21 void RGWHandler_REST_IAM::rgw_iam_parse_input()
  22 {
  23   if (post_body.size() > 0) {
  24     ldpp_dout(s, 10) << "Content of POST: " << post_body << dendl;
  25
  26     if (post_body.find("Action") != string::npos) {
  27       boost::char_separator<char> sep("&");
  28       boost::tokenizer<boost::char_separator<char>> tokens(post_body, sep);
  29       for (const auto& t : tokens) {
  30         auto pos = t.find("=");
  31         if (pos != string::npos) {
  32           s->info.args.append(t.substr(0,pos),
  33                               url_decode(t.substr(pos+1, t.size() -1)));
  34         }
  35       }
  36     }
  37   }
  38   auto payload_hash = rgw::auth::s3::calc_v4_payload_hash(post_body);
  39   s->info.args.append("PayloadHash", payload_hash);
  40 }
  41
  42 RGWOp *RGWHandler_REST_IAM::op_post()
  43 {
  44   rgw_iam_parse_input();
  45
  46   if (s->info.args.exists("Action")) {
  47     string action = s->info.args.get("Action");
  48     if (action.compare("CreateRole") == 0)
  49       return new RGWCreateRole;
  50     if (action.compare("DeleteRole") == 0)
  51       return new RGWDeleteRole;
  52     if (action.compare("GetRole") == 0)
  53       return new RGWGetRole;
  54     if (action.compare("UpdateAssumeRolePolicy") == 0)
  55       return new RGWModifyRole;
  56     if (action.compare("ListRoles") == 0)
  57       return new RGWListRoles;
  58     if (action.compare("PutRolePolicy") == 0)
  59       return new RGWPutRolePolicy;
  60     if (action.compare("GetRolePolicy") == 0)
  61       return new RGWGetRolePolicy;
  62     if (action.compare("ListRolePolicies") == 0)
  63       return new RGWListRolePolicies;
  64     if (action.compare("DeleteRolePolicy") == 0)
  65       return new RGWDeleteRolePolicy;
  66     if (action.compare("PutUserPolicy") == 0)
  67       return new RGWPutUserPolicy;
  68     if (action.compare("GetUserPolicy") == 0)
  69       return new RGWGetUserPolicy;
  70     if (action.compare("ListUserPolicies") == 0)
  71       return new RGWListUserPolicies;
  72     if (action.compare("DeleteUserPolicy") == 0)
  73       return new RGWDeleteUserPolicy;
  74     if (action.compare("CreateOpenIDConnectProvider") == 0)
  75       return new RGWCreateOIDCProvider;
  76     if (action.compare("ListOpenIDConnectProviders") == 0)
  77       return new RGWListOIDCProviders;
  78     if (action.compare("GetOpenIDConnectProvider") == 0)
  79       return new RGWGetOIDCProvider;
  80     if (action.compare("DeleteOpenIDConnectProvider") == 0)
  81       return new RGWDeleteOIDCProvider;
  82     if (action.compare("TagRole") == 0)
  83       return new RGWTagRole;
  84     if (action.compare("ListRoleTags") == 0)
  85       return new RGWListRoleTags;
  86     if (action.compare("UntagRole") == 0)
  87       return new RGWUntagRole;
  88   }
  89
  90   return nullptr;
  91 }
  92
  93 int RGWHandler_REST_IAM::init(rgw::sal::Store* store,
  94                               struct req_state *s,
  95                               rgw::io::BasicClient *cio)
  96 {
  97   s->dialect = "iam";
  98
  99   if (int ret = RGWHandler_REST_IAM::init_from_header(s, RGW_FORMAT_XML, true); ret < 0) {
 100     ldpp_dout(s, 10) << "init_from_header returned err=" << ret <<  dendl;
 101     return ret;
 102   }
 103
 104   return RGWHandler_REST::init(store, s, cio);
 105 }
 106
 107 int RGWHandler_REST_IAM::authorize(const DoutPrefixProvider* dpp, optional_yield y)
 108 {
 109   return RGW_Auth_S3::authorize(dpp, store, auth_registry, s, y);
 110 }
 111
 112 int RGWHandler_REST_IAM::init_from_header(struct req_state* s,
 113                                           int default_formatter,
 114                                           bool configurable_format)
 115 {
 116   string req;
 117   string first;
 118
 119   s->prot_flags = RGW_REST_IAM;
 120
 121   const char *p, *req_name;
 122   if (req_name = s->relative_uri.c_str(); *req_name == '?') {
 123     p = req_name;
 124   } else {
 125     p = s->info.request_params.c_str();
 126   }
 127
 128   s->info.args.set(p);
 129   s->info.args.parse(s);
 130
 131   /* must be called after the args parsing */
 132   if (int ret = allocate_formatter(s, default_formatter, configurable_format); ret < 0)
 133     return ret;
 134
 135   if (*req_name != '/')
 136     return 0;
 137
 138   req_name++;
 139
 140   if (!*req_name)
 141     return 0;
 142
 143   req = req_name;
 144   int pos = req.find('/');
 145   if (pos >= 0) {
 146     first = req.substr(0, pos);
 147   } else {
 148     first = req;
 149   }
 150
 151   return 0;
 152 }
 153
 154 RGWHandler_REST*
 155 RGWRESTMgr_IAM::get_handler(rgw::sal::Store* store,
 156                             struct req_state* const s,
 157                             const rgw::auth::StrategyRegistry& auth_registry,
 158                             const std::string& frontend_prefix)
 159 {
 160   return new RGWHandler_REST_IAM(auth_registry);
 161 }