ceph/src/rgw/rgw_rest_realm.cc

   1 // -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
   2 // vim: ts=8 sw=2 smarttab ft=cpp
   3
   4 #include "common/errno.h"
   5 #include "rgw_rest_realm.h"
   6 #include "rgw_rest_s3.h"
   7 #include "rgw_rest_config.h"
   8 #include "rgw_zone.h"
   9 #include "rgw_sal_rados.h"
  10
  11 #include "services/svc_zone.h"
  12 #include "services/svc_mdlog.h"
  13
  14 #include "include/ceph_assert.h"
  15
  16 #define dout_subsys ceph_subsys_rgw
  17
  18 // reject 'period push' if we would have to fetch too many intermediate periods
  19 static const uint32_t PERIOD_HISTORY_FETCH_MAX = 64;
  20
  21 // base period op, shared between Get and Post
  22 class RGWOp_Period_Base : public RGWRESTOp {
  23  protected:
  24   RGWPeriod period;
  25   std::ostringstream error_stream;
  26  public:
  27   int verify_permission(optional_yield) override { return 0; }
  28   void send_response() override;
  29 };
  30
  31 // reply with the period object on success
  32 void RGWOp_Period_Base::send_response()
  33 {
  34   set_req_state_err(s, op_ret, error_stream.str());
  35   dump_errno(s);
  36
  37   if (op_ret < 0) {
  38     if (!s->err.message.empty()) {
  39       ldpp_dout(this, 4) << "Request failed with " << op_ret
  40           << ": " << s->err.message << dendl;
  41     }
  42     end_header(s);
  43     return;
  44   }
  45
  46   encode_json("period", period, s->formatter);
  47   end_header(s, NULL, "application/json", s->formatter->get_len());
  48   flusher.flush();
  49 }
  50
  51 // GET /admin/realm/period
  52 class RGWOp_Period_Get : public RGWOp_Period_Base {
  53  public:
  54   void execute(optional_yield y) override;
  55   int check_caps(const RGWUserCaps& caps) override {
  56     return caps.check_cap("zone", RGW_CAP_READ);
  57   }
  58   int verify_permission(optional_yield) override {
  59     return check_caps(s->user->get_caps());
  60   }
  61   const char* name() const override { return "get_period"; }
  62 };
  63
  64 void RGWOp_Period_Get::execute(optional_yield y)
  65 {
  66   string realm_id, realm_name, period_id;
  67   epoch_t epoch = 0;
  68   RESTArgs::get_string(s, "realm_id", realm_id, &realm_id);
  69   RESTArgs::get_string(s, "realm_name", realm_name, &realm_name);
  70   RESTArgs::get_string(s, "period_id", period_id, &period_id);
  71   RESTArgs::get_uint32(s, "epoch", 0, &epoch);
  72
  73   period.set_id(period_id);
  74   period.set_epoch(epoch);
  75
  76   op_ret = period.init(this, store->ctx(), store->svc()->sysobj, realm_id, y, realm_name);
  77   if (op_ret < 0)
  78     ldpp_dout(this, 5) << "failed to read period" << dendl;
  79 }
  80
  81 // POST /admin/realm/period
  82 class RGWOp_Period_Post : public RGWOp_Period_Base {
  83  public:
  84   void execute(optional_yield y) override;
  85   int check_caps(const RGWUserCaps& caps) override {
  86     return caps.check_cap("zone", RGW_CAP_WRITE);
  87   }
  88   int verify_permission(optional_yield) override {
  89     return check_caps(s->user->get_caps());
  90   }
  91   const char* name() const override { return "post_period"; }
  92 };
  93
  94 void RGWOp_Period_Post::execute(optional_yield y)
  95 {
  96   auto cct = store->ctx();
  97
  98   // initialize the period without reading from rados
  99   period.init(this, cct, store->svc()->sysobj, y, false);
 100
 101   // decode the period from input
 102   const auto max_size = cct->_conf->rgw_max_put_param_size;
 103   bool empty;
 104   op_ret = rgw_rest_get_json_input(cct, s, period, max_size, &empty);
 105   if (op_ret < 0) {
 106     ldpp_dout(this, -1) << "failed to decode period" << dendl;
 107     return;
 108   }
 109
 110   // require period.realm_id to match our realm
 111   if (period.get_realm() != store->svc()->zone->get_realm().get_id()) {
 112     error_stream << "period with realm id " << period.get_realm()
 113         << " doesn't match current realm " << store->svc()->zone->get_realm().get_id() << std::endl;
 114     op_ret = -EINVAL;
 115     return;
 116   }
 117
 118   // load the realm and current period from rados; there may be a more recent
 119   // period that we haven't restarted with yet. we also don't want to modify
 120   // the objects in use by RGWRados
 121   RGWRealm realm(period.get_realm());
 122   op_ret = realm.init(this, cct, store->svc()->sysobj, y);
 123   if (op_ret < 0) {
 124     ldpp_dout(this, -1) << "failed to read current realm: "
 125         << cpp_strerror(-op_ret) << dendl;
 126     return;
 127   }
 128
 129   RGWPeriod current_period;
 130   op_ret = current_period.init(this, cct, store->svc()->sysobj, realm.get_id(), y);
 131   if (op_ret < 0) {
 132     ldpp_dout(this, -1) << "failed to read current period: "
 133         << cpp_strerror(-op_ret) << dendl;
 134     return;
 135   }
 136
 137   // if period id is empty, handle as 'period commit'
 138   if (period.get_id().empty()) {
 139     op_ret = period.commit(this, store, realm, current_period, error_stream, y);
 140     if (op_ret < 0) {
 141       ldpp_dout(this, -1) << "master zone failed to commit period" << dendl;
 142     }
 143     return;
 144   }
 145
 146   // if it's not period commit, nobody is allowed to push to the master zone
 147   if (period.get_master_zone() == store->svc()->zone->get_zone_params().get_id()) {
 148     ldpp_dout(this, 10) << "master zone rejecting period id="
 149         << period.get_id() << " epoch=" << period.get_epoch() << dendl;
 150     op_ret = -EINVAL; // XXX: error code
 151     return;
 152   }
 153
 154   // write the period to rados
 155   op_ret = period.store_info(this, false, y);
 156   if (op_ret < 0) {
 157     ldpp_dout(this, -1) << "failed to store period " << period.get_id() << dendl;
 158     return;
 159   }
 160   // set as latest epoch
 161   op_ret = period.update_latest_epoch(this, period.get_epoch(), y);
 162   if (op_ret == -EEXIST) {
 163     // already have this epoch (or a more recent one)
 164     ldpp_dout(this, 4) << "already have epoch >= " << period.get_epoch()
 165         << " for period " << period.get_id() << dendl;
 166     op_ret = 0;
 167     return;
 168   }
 169   if (op_ret < 0) {
 170     ldpp_dout(this, -1) << "failed to set latest epoch" << dendl;
 171     return;
 172   }
 173
 174   auto period_history = store->svc()->mdlog->get_period_history();
 175
 176   // decide whether we can set_current_period() or set_latest_epoch()
 177   if (period.get_id() != current_period.get_id()) {
 178     auto current_epoch = current_period.get_realm_epoch();
 179     // discard periods in the past
 180     if (period.get_realm_epoch() < current_epoch) {
 181       ldpp_dout(this, 10) << "discarding period " << period.get_id()
 182           << " with realm epoch " << period.get_realm_epoch()
 183           << " older than current epoch " << current_epoch << dendl;
 184       // return success to ack that we have this period
 185       return;
 186     }
 187     // discard periods too far in the future
 188     if (period.get_realm_epoch() > current_epoch + PERIOD_HISTORY_FETCH_MAX) {
 189       ldpp_dout(this, -1) << "discarding period " << period.get_id()
 190           << " with realm epoch " << period.get_realm_epoch() << " too far in "
 191           "the future from current epoch " << current_epoch << dendl;
 192       op_ret = -ENOENT; // XXX: error code
 193       return;
 194     }
 195     // attach a copy of the period into the period history
 196     auto cursor = period_history->attach(this, RGWPeriod{period}, y);
 197     if (!cursor) {
 198       // we're missing some history between the new period and current_period
 199       op_ret = cursor.get_error();
 200       ldpp_dout(this, -1) << "failed to collect the periods between current period "
 201           << current_period.get_id() << " (realm epoch " << current_epoch
 202           << ") and the new period " << period.get_id()
 203           << " (realm epoch " << period.get_realm_epoch()
 204           << "): " << cpp_strerror(-op_ret) << dendl;
 205       return;
 206     }
 207     if (cursor.has_next()) {
 208       // don't switch if we have a newer period in our history
 209       ldpp_dout(this, 4) << "attached period " << period.get_id()
 210           << " to history, but the history contains newer periods" << dendl;
 211       return;
 212     }
 213     // set as current period
 214     op_ret = realm.set_current_period(this, period, y);
 215     if (op_ret < 0) {
 216       ldpp_dout(this, -1) << "failed to update realm's current period" << dendl;
 217       return;
 218     }
 219     ldpp_dout(this, 4) << "period " << period.get_id()
 220         << " is newer than current period " << current_period.get_id()
 221         << ", updating realm's current period and notifying zone" << dendl;
 222     realm.notify_new_period(this, period, y);
 223     return;
 224   }
 225   // reflect the period into our local objects
 226   op_ret = period.reflect(this, y);
 227   if (op_ret < 0) {
 228     ldpp_dout(this, -1) << "failed to update local objects: "
 229         << cpp_strerror(-op_ret) << dendl;
 230     return;
 231   }
 232   ldpp_dout(this, 4) << "period epoch " << period.get_epoch()
 233       << " is newer than current epoch " << current_period.get_epoch()
 234       << ", updating period's latest epoch and notifying zone" << dendl;
 235   realm.notify_new_period(this, period, y);
 236   // update the period history
 237   period_history->insert(RGWPeriod{period});
 238 }
 239
 240 class RGWHandler_Period : public RGWHandler_Auth_S3 {
 241  protected:
 242   using RGWHandler_Auth_S3::RGWHandler_Auth_S3;
 243
 244   RGWOp *op_get() override { return new RGWOp_Period_Get; }
 245   RGWOp *op_post() override { return new RGWOp_Period_Post; }
 246 };
 247
 248 class RGWRESTMgr_Period : public RGWRESTMgr {
 249  public:
 250   RGWHandler_REST* get_handler(rgw::sal::RGWRadosStore *store,
 251                                struct req_state*,
 252                                const rgw::auth::StrategyRegistry& auth_registry,
 253                                const std::string&) override {
 254     return new RGWHandler_Period(auth_registry);
 255   }
 256 };
 257
 258
 259 // GET /admin/realm
 260 class RGWOp_Realm_Get : public RGWRESTOp {
 261   std::unique_ptr<RGWRealm> realm;
 262 public:
 263   int check_caps(const RGWUserCaps& caps) override {
 264     return caps.check_cap("zone", RGW_CAP_READ);
 265   }
 266   int verify_permission(optional_yield) override {
 267     return check_caps(s->user->get_caps());
 268   }
 269   void execute(optional_yield y) override;
 270   void send_response() override;
 271   const char* name() const override { return "get_realm"; }
 272 };
 273
 274 void RGWOp_Realm_Get::execute(optional_yield y)
 275 {
 276   string id;
 277   RESTArgs::get_string(s, "id", id, &id);
 278   string name;
 279   RESTArgs::get_string(s, "name", name, &name);
 280
 281   // read realm
 282   realm.reset(new RGWRealm(id, name));
 283   op_ret = realm->init(this, g_ceph_context, store->svc()->sysobj, y);
 284   if (op_ret < 0)
 285     ldpp_dout(this, -1) << "failed to read realm id=" << id
 286         << " name=" << name << dendl;
 287 }
 288
 289 void RGWOp_Realm_Get::send_response()
 290 {
 291   set_req_state_err(s, op_ret);
 292   dump_errno(s);
 293
 294   if (op_ret < 0) {
 295     end_header(s);
 296     return;
 297   }
 298
 299   encode_json("realm", *realm, s->formatter);
 300   end_header(s, NULL, "application/json", s->formatter->get_len());
 301   flusher.flush();
 302 }
 303
 304 // GET /admin/realm?list
 305 class RGWOp_Realm_List : public RGWRESTOp {
 306   std::string default_id;
 307   std::list<std::string> realms;
 308 public:
 309   int check_caps(const RGWUserCaps& caps) override {
 310     return caps.check_cap("zone", RGW_CAP_READ);
 311   }
 312   int verify_permission(optional_yield) override {
 313     return check_caps(s->user->get_caps());
 314   }
 315   void execute(optional_yield y) override;
 316   void send_response() override;
 317   const char* name() const override { return "list_realms"; }
 318 };
 319
 320 void RGWOp_Realm_List::execute(optional_yield y)
 321 {
 322   {
 323     // read default realm
 324     RGWRealm realm(store->ctx(), store->svc()->sysobj);
 325     [[maybe_unused]] int ret = realm.read_default_id(this, default_id, y);
 326   }
 327   op_ret = store->svc()->zone->list_realms(this, realms);
 328   if (op_ret < 0)
 329     ldpp_dout(this, -1) << "failed to list realms" << dendl;
 330 }
 331
 332 void RGWOp_Realm_List::send_response()
 333 {
 334   set_req_state_err(s, op_ret);
 335   dump_errno(s);
 336
 337   if (op_ret < 0) {
 338     end_header(s);
 339     return;
 340   }
 341
 342   s->formatter->open_object_section("realms_list");
 343   encode_json("default_info", default_id, s->formatter);
 344   encode_json("realms", realms, s->formatter);
 345   s->formatter->close_section();
 346   end_header(s, NULL, "application/json", s->formatter->get_len());
 347   flusher.flush();
 348 }
 349
 350 class RGWHandler_Realm : public RGWHandler_Auth_S3 {
 351 protected:
 352   using RGWHandler_Auth_S3::RGWHandler_Auth_S3;
 353   RGWOp *op_get() override {
 354     if (s->info.args.sub_resource_exists("list"))
 355       return new RGWOp_Realm_List;
 356     return new RGWOp_Realm_Get;
 357   }
 358 };
 359
 360 RGWRESTMgr_Realm::RGWRESTMgr_Realm()
 361 {
 362   // add the /admin/realm/period resource
 363   register_resource("period", new RGWRESTMgr_Period);
 364 }
 365
 366 RGWHandler_REST*
 367 RGWRESTMgr_Realm::get_handler(rgw::sal::RGWRadosStore *store,
 368                               struct req_state*,
 369                               const rgw::auth::StrategyRegistry& auth_registry,
 370                               const std::string&)
 371 {
 372   return new RGWHandler_Realm(auth_registry);
 373 }