]>
git.proxmox.com Git - ceph.git/blob - ceph/src/rgw/rgw_rest_oidc_provider.cc
1 // -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
2 // vim: ts=8 sw=2 smarttab ft=cpp
6 #include "common/errno.h"
7 #include "common/Formatter.h"
8 #include "common/ceph_json.h"
10 #include "include/types.h"
11 #include "rgw_string.h"
13 #include "rgw_common.h"
17 #include "rgw_rest_oidc_provider.h"
18 #include "rgw_oidc_provider.h"
21 #define dout_subsys ceph_subsys_rgw
25 int RGWRestOIDCProvider::verify_permission(optional_yield y
)
27 if (s
->auth
.identity
->is_anonymous()) {
31 provider_arn
= s
->info
.args
.get("OpenIDConnectProviderArn");
32 if (provider_arn
.empty()) {
33 ldpp_dout(this, 20) << "ERROR: Provider ARN is empty"<< dendl
;
37 auto ret
= check_caps(s
->user
->get_caps());
42 uint64_t op
= get_op();
43 auto rgw_arn
= rgw::ARN::parse(provider_arn
, true);
45 if (!verify_user_permission(this, s
, *rgw_arn
, op
)) {
55 void RGWRestOIDCProvider::send_response()
58 set_req_state_err(s
, op_ret
);
64 int RGWRestOIDCProviderRead::check_caps(const RGWUserCaps
& caps
)
66 return caps
.check_cap("oidc-provider", RGW_CAP_READ
);
69 int RGWRestOIDCProviderWrite::check_caps(const RGWUserCaps
& caps
)
71 return caps
.check_cap("oidc-provider", RGW_CAP_WRITE
);
74 int RGWCreateOIDCProvider::verify_permission(optional_yield y
)
76 if (s
->auth
.identity
->is_anonymous()) {
80 auto ret
= check_caps(s
->user
->get_caps());
85 string idp_url
= url_remove_prefix(provider_url
);
86 if (!verify_user_permission(this,
90 s
->user
->get_tenant(), true),
97 int RGWCreateOIDCProvider::get_params()
99 provider_url
= s
->info
.args
.get("Url");
101 auto val_map
= s
->info
.args
.get_params();
102 for (auto& it
: val_map
) {
103 if (it
.first
.find("ClientIDList.member.") != string::npos
) {
104 client_ids
.emplace_back(it
.second
);
106 if (it
.first
.find("ThumbprintList.member.") != string::npos
) {
107 thumbprints
.emplace_back(it
.second
);
111 if (provider_url
.empty() || thumbprints
.empty()) {
112 ldpp_dout(this, 20) << "ERROR: one of url or thumbprints is empty" << dendl
;
119 void RGWCreateOIDCProvider::execute(optional_yield y
)
121 op_ret
= get_params();
126 std::unique_ptr
<rgw::sal::RGWOIDCProvider
> provider
= store
->get_oidc_provider();
127 provider
->set_url(provider_url
);
128 provider
->set_tenant(s
->user
->get_tenant());
129 provider
->set_client_ids(client_ids
);
130 provider
->set_thumbprints(thumbprints
);
131 op_ret
= provider
->create(s
, true, y
);
134 s
->formatter
->open_object_section("CreateOpenIDConnectProviderResponse");
135 s
->formatter
->open_object_section("CreateOpenIDConnectProviderResult");
136 provider
->dump(s
->formatter
);
137 s
->formatter
->close_section();
138 s
->formatter
->open_object_section("ResponseMetadata");
139 s
->formatter
->dump_string("RequestId", s
->trans_id
);
140 s
->formatter
->close_section();
141 s
->formatter
->close_section();
146 void RGWDeleteOIDCProvider::execute(optional_yield y
)
148 std::unique_ptr
<rgw::sal::RGWOIDCProvider
> provider
= store
->get_oidc_provider();
149 provider
->set_arn(provider_arn
);
150 provider
->set_tenant(s
->user
->get_tenant());
151 op_ret
= provider
->delete_obj(s
, y
);
153 if (op_ret
< 0 && op_ret
!= -ENOENT
&& op_ret
!= -EINVAL
) {
154 op_ret
= ERR_INTERNAL_ERROR
;
158 s
->formatter
->open_object_section("DeleteOpenIDConnectProviderResponse");
159 s
->formatter
->open_object_section("ResponseMetadata");
160 s
->formatter
->dump_string("RequestId", s
->trans_id
);
161 s
->formatter
->close_section();
162 s
->formatter
->close_section();
166 void RGWGetOIDCProvider::execute(optional_yield y
)
168 std::unique_ptr
<rgw::sal::RGWOIDCProvider
> provider
= store
->get_oidc_provider();
169 provider
->set_arn(provider_arn
);
170 provider
->set_tenant(s
->user
->get_tenant());
171 op_ret
= provider
->get(s
);
173 if (op_ret
< 0 && op_ret
!= -ENOENT
&& op_ret
!= -EINVAL
) {
174 op_ret
= ERR_INTERNAL_ERROR
;
178 s
->formatter
->open_object_section("GetOpenIDConnectProviderResponse");
179 s
->formatter
->open_object_section("ResponseMetadata");
180 s
->formatter
->dump_string("RequestId", s
->trans_id
);
181 s
->formatter
->close_section();
182 s
->formatter
->open_object_section("GetOpenIDConnectProviderResult");
183 provider
->dump_all(s
->formatter
);
184 s
->formatter
->close_section();
185 s
->formatter
->close_section();
189 int RGWListOIDCProviders::verify_permission(optional_yield y
)
191 if (s
->auth
.identity
->is_anonymous()) {
195 if (int ret
= check_caps(s
->user
->get_caps()); ret
== 0) {
199 if (!verify_user_permission(this,
209 void RGWListOIDCProviders::execute(optional_yield y
)
211 vector
<std::unique_ptr
<rgw::sal::RGWOIDCProvider
>> result
;
212 op_ret
= store
->get_oidc_providers(s
, s
->user
->get_tenant(), result
);
215 s
->formatter
->open_array_section("ListOpenIDConnectProvidersResponse");
216 s
->formatter
->open_object_section("ResponseMetadata");
217 s
->formatter
->dump_string("RequestId", s
->trans_id
);
218 s
->formatter
->close_section();
219 s
->formatter
->open_object_section("ListOpenIDConnectProvidersResult");
220 s
->formatter
->open_array_section("OpenIDConnectProviderList");
221 for (const auto& it
: result
) {
222 s
->formatter
->open_object_section("Arn");
223 auto& arn
= it
->get_arn();
224 ldpp_dout(s
, 0) << "ARN: " << arn
<< dendl
;
225 s
->formatter
->dump_string("Arn", arn
);
226 s
->formatter
->close_section();
228 s
->formatter
->close_section();
229 s
->formatter
->close_section();
230 s
->formatter
->close_section();