ceph/src/rgw/rgw_rest_iam.cc

   1 // -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
   2 // vim: ts=8 sw=2 smarttab ft=cpp
   3
   4 #include <boost/tokenizer.hpp>
   5
   6 #include "rgw_rest.h"
   7 #include "rgw_rest_iam.h"
   8
   9 #include "rgw_request.h"
  10 #include "rgw_process.h"
  11
  12 #include "rgw_rest_role.h"
  13 #include "rgw_rest_user_policy.h"
  14 #include "rgw_rest_oidc_provider.h"
  15
  16 #define dout_context g_ceph_context
  17 #define dout_subsys ceph_subsys_rgw
  18
  19 void RGWHandler_REST_IAM::rgw_iam_parse_input()
  20 {
  21   if (post_body.size() > 0) {
  22     ldout(s->cct, 10) << "Content of POST: " << post_body << dendl;
  23
  24     if (post_body.find("Action") != string::npos) {
  25       boost::char_separator<char> sep("&");
  26       boost::tokenizer<boost::char_separator<char>> tokens(post_body, sep);
  27       for (const auto& t : tokens) {
  28         auto pos = t.find("=");
  29         if (pos != string::npos) {
  30           s->info.args.append(t.substr(0,pos),
  31                               url_decode(t.substr(pos+1, t.size() -1)));
  32         }
  33       }
  34     }
  35   }
  36   auto payload_hash = rgw::auth::s3::calc_v4_payload_hash(post_body);
  37   s->info.args.append("PayloadHash", payload_hash);
  38 }
  39
  40 RGWOp *RGWHandler_REST_IAM::op_post()
  41 {
  42   rgw_iam_parse_input();
  43
  44   if (s->info.args.exists("Action")) {
  45     string action = s->info.args.get("Action");
  46     if (action.compare("CreateRole") == 0)
  47       return new RGWCreateRole;
  48     if (action.compare("DeleteRole") == 0)
  49       return new RGWDeleteRole;
  50     if (action.compare("GetRole") == 0)
  51       return new RGWGetRole;
  52     if (action.compare("UpdateAssumeRolePolicy") == 0)
  53       return new RGWModifyRole;
  54     if (action.compare("ListRoles") == 0)
  55       return new RGWListRoles;
  56     if (action.compare("PutRolePolicy") == 0)
  57       return new RGWPutRolePolicy;
  58     if (action.compare("GetRolePolicy") == 0)
  59       return new RGWGetRolePolicy;
  60     if (action.compare("ListRolePolicies") == 0)
  61       return new RGWListRolePolicies;
  62     if (action.compare("DeleteRolePolicy") == 0)
  63       return new RGWDeleteRolePolicy;
  64     if (action.compare("PutUserPolicy") == 0)
  65       return new RGWPutUserPolicy;
  66     if (action.compare("GetUserPolicy") == 0)
  67       return new RGWGetUserPolicy;
  68     if (action.compare("ListUserPolicies") == 0)
  69       return new RGWListUserPolicies;
  70     if (action.compare("DeleteUserPolicy") == 0)
  71       return new RGWDeleteUserPolicy;
  72     if (action.compare("CreateOpenIDConnectProvider") == 0)
  73       return new RGWCreateOIDCProvider;
  74     if (action.compare("ListOpenIDConnectProviders") == 0)
  75       return new RGWListOIDCProviders;
  76     if (action.compare("GetOpenIDConnectProvider") == 0)
  77       return new RGWGetOIDCProvider;
  78     if (action.compare("DeleteOpenIDConnectProvider") == 0)
  79       return new RGWDeleteOIDCProvider;
  80   }
  81
  82   return nullptr;
  83 }
  84
  85 int RGWHandler_REST_IAM::init(rgw::sal::RGWRadosStore *store,
  86                               struct req_state *s,
  87                               rgw::io::BasicClient *cio)
  88 {
  89   s->dialect = "iam";
  90
  91   if (int ret = RGWHandler_REST_IAM::init_from_header(s, RGW_FORMAT_XML, true); ret < 0) {
  92     ldout(s->cct, 10) << "init_from_header returned err=" << ret <<  dendl;
  93     return ret;
  94   }
  95
  96   return RGWHandler_REST::init(store, s, cio);
  97 }
  98
  99 int RGWHandler_REST_IAM::authorize(const DoutPrefixProvider* dpp, optional_yield y)
 100 {
 101   return RGW_Auth_S3::authorize(dpp, store, auth_registry, s, y);
 102 }
 103
 104 int RGWHandler_REST_IAM::init_from_header(struct req_state* s,
 105                                           int default_formatter,
 106                                           bool configurable_format)
 107 {
 108   string req;
 109   string first;
 110
 111   s->prot_flags = RGW_REST_IAM;
 112
 113   const char *p, *req_name;
 114   if (req_name = s->relative_uri.c_str(); *req_name == '?') {
 115     p = req_name;
 116   } else {
 117     p = s->info.request_params.c_str();
 118   }
 119
 120   s->info.args.set(p);
 121   s->info.args.parse();
 122
 123   /* must be called after the args parsing */
 124   if (int ret = allocate_formatter(s, default_formatter, configurable_format); ret < 0)
 125     return ret;
 126
 127   if (*req_name != '/')
 128     return 0;
 129
 130   req_name++;
 131
 132   if (!*req_name)
 133     return 0;
 134
 135   req = req_name;
 136   int pos = req.find('/');
 137   if (pos >= 0) {
 138     first = req.substr(0, pos);
 139   } else {
 140     first = req;
 141   }
 142
 143   return 0;
 144 }
 145
 146 RGWHandler_REST*
 147 RGWRESTMgr_IAM::get_handler(rgw::sal::RGWRadosStore *store,
 148                             struct req_state* const s,
 149                             const rgw::auth::StrategyRegistry& auth_registry,
 150                             const std::string& frontend_prefix)
 151 {
 152   return new RGWHandler_REST_IAM(auth_registry);
 153 }