1 // -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
2 // vim: ts=8 sw=2 smarttab ft=cpp
4 #include "common/errno.h"
5 #include "rgw_rest_realm.h"
6 #include "rgw_rest_s3.h"
7 #include "rgw_rest_config.h"
9 #include "rgw_sal_rados.h"
11 #include "services/svc_zone.h"
12 #include "services/svc_mdlog.h"
14 #include "include/ceph_assert.h"
16 #define dout_subsys ceph_subsys_rgw
18 // reject 'period push' if we would have to fetch too many intermediate periods
19 static const uint32_t PERIOD_HISTORY_FETCH_MAX
= 64;
21 // base period op, shared between Get and Post
22 class RGWOp_Period_Base
: public RGWRESTOp
{
25 std::ostringstream error_stream
;
27 int verify_permission(optional_yield
) override
{ return 0; }
28 void send_response() override
;
31 // reply with the period object on success
32 void RGWOp_Period_Base::send_response()
34 set_req_state_err(s
, op_ret
, error_stream
.str());
38 if (!s
->err
.message
.empty()) {
39 ldpp_dout(this, 4) << "Request failed with " << op_ret
40 << ": " << s
->err
.message
<< dendl
;
46 encode_json("period", period
, s
->formatter
);
47 end_header(s
, NULL
, "application/json", s
->formatter
->get_len());
51 // GET /admin/realm/period
52 class RGWOp_Period_Get
: public RGWOp_Period_Base
{
54 void execute(optional_yield y
) override
;
55 int check_caps(const RGWUserCaps
& caps
) override
{
56 return caps
.check_cap("zone", RGW_CAP_READ
);
58 int verify_permission(optional_yield
) override
{
59 return check_caps(s
->user
->get_caps());
61 const char* name() const override
{ return "get_period"; }
64 void RGWOp_Period_Get::execute(optional_yield y
)
66 string realm_id
, realm_name
, period_id
;
68 RESTArgs::get_string(s
, "realm_id", realm_id
, &realm_id
);
69 RESTArgs::get_string(s
, "realm_name", realm_name
, &realm_name
);
70 RESTArgs::get_string(s
, "period_id", period_id
, &period_id
);
71 RESTArgs::get_uint32(s
, "epoch", 0, &epoch
);
73 period
.set_id(period_id
);
74 period
.set_epoch(epoch
);
76 op_ret
= period
.init(this, store
->ctx(), store
->svc()->sysobj
, realm_id
, y
, realm_name
);
78 ldpp_dout(this, 5) << "failed to read period" << dendl
;
81 // POST /admin/realm/period
82 class RGWOp_Period_Post
: public RGWOp_Period_Base
{
84 void execute(optional_yield y
) override
;
85 int check_caps(const RGWUserCaps
& caps
) override
{
86 return caps
.check_cap("zone", RGW_CAP_WRITE
);
88 int verify_permission(optional_yield
) override
{
89 return check_caps(s
->user
->get_caps());
91 const char* name() const override
{ return "post_period"; }
94 void RGWOp_Period_Post::execute(optional_yield y
)
96 auto cct
= store
->ctx();
98 // initialize the period without reading from rados
99 period
.init(this, cct
, store
->svc()->sysobj
, y
, false);
101 // decode the period from input
102 const auto max_size
= cct
->_conf
->rgw_max_put_param_size
;
104 op_ret
= rgw_rest_get_json_input(cct
, s
, period
, max_size
, &empty
);
106 ldpp_dout(this, -1) << "failed to decode period" << dendl
;
110 // require period.realm_id to match our realm
111 if (period
.get_realm() != store
->svc()->zone
->get_realm().get_id()) {
112 error_stream
<< "period with realm id " << period
.get_realm()
113 << " doesn't match current realm " << store
->svc()->zone
->get_realm().get_id() << std::endl
;
118 // load the realm and current period from rados; there may be a more recent
119 // period that we haven't restarted with yet. we also don't want to modify
120 // the objects in use by RGWRados
121 RGWRealm
realm(period
.get_realm());
122 op_ret
= realm
.init(this, cct
, store
->svc()->sysobj
, y
);
124 ldpp_dout(this, -1) << "failed to read current realm: "
125 << cpp_strerror(-op_ret
) << dendl
;
129 RGWPeriod current_period
;
130 op_ret
= current_period
.init(this, cct
, store
->svc()->sysobj
, realm
.get_id(), y
);
132 ldpp_dout(this, -1) << "failed to read current period: "
133 << cpp_strerror(-op_ret
) << dendl
;
137 // if period id is empty, handle as 'period commit'
138 if (period
.get_id().empty()) {
139 op_ret
= period
.commit(this, store
, realm
, current_period
, error_stream
, y
);
141 ldpp_dout(this, -1) << "master zone failed to commit period" << dendl
;
146 // if it's not period commit, nobody is allowed to push to the master zone
147 if (period
.get_master_zone() == store
->svc()->zone
->get_zone_params().get_id()) {
148 ldpp_dout(this, 10) << "master zone rejecting period id="
149 << period
.get_id() << " epoch=" << period
.get_epoch() << dendl
;
150 op_ret
= -EINVAL
; // XXX: error code
154 // write the period to rados
155 op_ret
= period
.store_info(this, false, y
);
157 ldpp_dout(this, -1) << "failed to store period " << period
.get_id() << dendl
;
160 // set as latest epoch
161 op_ret
= period
.update_latest_epoch(this, period
.get_epoch(), y
);
162 if (op_ret
== -EEXIST
) {
163 // already have this epoch (or a more recent one)
164 ldpp_dout(this, 4) << "already have epoch >= " << period
.get_epoch()
165 << " for period " << period
.get_id() << dendl
;
170 ldpp_dout(this, -1) << "failed to set latest epoch" << dendl
;
174 auto period_history
= store
->svc()->mdlog
->get_period_history();
176 // decide whether we can set_current_period() or set_latest_epoch()
177 if (period
.get_id() != current_period
.get_id()) {
178 auto current_epoch
= current_period
.get_realm_epoch();
179 // discard periods in the past
180 if (period
.get_realm_epoch() < current_epoch
) {
181 ldpp_dout(this, 10) << "discarding period " << period
.get_id()
182 << " with realm epoch " << period
.get_realm_epoch()
183 << " older than current epoch " << current_epoch
<< dendl
;
184 // return success to ack that we have this period
187 // discard periods too far in the future
188 if (period
.get_realm_epoch() > current_epoch
+ PERIOD_HISTORY_FETCH_MAX
) {
189 ldpp_dout(this, -1) << "discarding period " << period
.get_id()
190 << " with realm epoch " << period
.get_realm_epoch() << " too far in "
191 "the future from current epoch " << current_epoch
<< dendl
;
192 op_ret
= -ENOENT
; // XXX: error code
195 // attach a copy of the period into the period history
196 auto cursor
= period_history
->attach(this, RGWPeriod
{period
}, y
);
198 // we're missing some history between the new period and current_period
199 op_ret
= cursor
.get_error();
200 ldpp_dout(this, -1) << "failed to collect the periods between current period "
201 << current_period
.get_id() << " (realm epoch " << current_epoch
202 << ") and the new period " << period
.get_id()
203 << " (realm epoch " << period
.get_realm_epoch()
204 << "): " << cpp_strerror(-op_ret
) << dendl
;
207 if (cursor
.has_next()) {
208 // don't switch if we have a newer period in our history
209 ldpp_dout(this, 4) << "attached period " << period
.get_id()
210 << " to history, but the history contains newer periods" << dendl
;
213 // set as current period
214 op_ret
= realm
.set_current_period(this, period
, y
);
216 ldpp_dout(this, -1) << "failed to update realm's current period" << dendl
;
219 ldpp_dout(this, 4) << "period " << period
.get_id()
220 << " is newer than current period " << current_period
.get_id()
221 << ", updating realm's current period and notifying zone" << dendl
;
222 realm
.notify_new_period(this, period
, y
);
225 // reflect the period into our local objects
226 op_ret
= period
.reflect(this, y
);
228 ldpp_dout(this, -1) << "failed to update local objects: "
229 << cpp_strerror(-op_ret
) << dendl
;
232 ldpp_dout(this, 4) << "period epoch " << period
.get_epoch()
233 << " is newer than current epoch " << current_period
.get_epoch()
234 << ", updating period's latest epoch and notifying zone" << dendl
;
235 realm
.notify_new_period(this, period
, y
);
236 // update the period history
237 period_history
->insert(RGWPeriod
{period
});
240 class RGWHandler_Period
: public RGWHandler_Auth_S3
{
242 using RGWHandler_Auth_S3::RGWHandler_Auth_S3
;
244 RGWOp
*op_get() override
{ return new RGWOp_Period_Get
; }
245 RGWOp
*op_post() override
{ return new RGWOp_Period_Post
; }
248 class RGWRESTMgr_Period
: public RGWRESTMgr
{
250 RGWHandler_REST
* get_handler(rgw::sal::RGWRadosStore
*store
,
252 const rgw::auth::StrategyRegistry
& auth_registry
,
253 const std::string
&) override
{
254 return new RGWHandler_Period(auth_registry
);
260 class RGWOp_Realm_Get
: public RGWRESTOp
{
261 std::unique_ptr
<RGWRealm
> realm
;
263 int check_caps(const RGWUserCaps
& caps
) override
{
264 return caps
.check_cap("zone", RGW_CAP_READ
);
266 int verify_permission(optional_yield
) override
{
267 return check_caps(s
->user
->get_caps());
269 void execute(optional_yield y
) override
;
270 void send_response() override
;
271 const char* name() const override
{ return "get_realm"; }
274 void RGWOp_Realm_Get::execute(optional_yield y
)
277 RESTArgs::get_string(s
, "id", id
, &id
);
279 RESTArgs::get_string(s
, "name", name
, &name
);
282 realm
.reset(new RGWRealm(id
, name
));
283 op_ret
= realm
->init(this, g_ceph_context
, store
->svc()->sysobj
, y
);
285 ldpp_dout(this, -1) << "failed to read realm id=" << id
286 << " name=" << name
<< dendl
;
289 void RGWOp_Realm_Get::send_response()
291 set_req_state_err(s
, op_ret
);
299 encode_json("realm", *realm
, s
->formatter
);
300 end_header(s
, NULL
, "application/json", s
->formatter
->get_len());
304 // GET /admin/realm?list
305 class RGWOp_Realm_List
: public RGWRESTOp
{
306 std::string default_id
;
307 std::list
<std::string
> realms
;
309 int check_caps(const RGWUserCaps
& caps
) override
{
310 return caps
.check_cap("zone", RGW_CAP_READ
);
312 int verify_permission(optional_yield
) override
{
313 return check_caps(s
->user
->get_caps());
315 void execute(optional_yield y
) override
;
316 void send_response() override
;
317 const char* name() const override
{ return "list_realms"; }
320 void RGWOp_Realm_List::execute(optional_yield y
)
323 // read default realm
324 RGWRealm
realm(store
->ctx(), store
->svc()->sysobj
);
325 [[maybe_unused
]] int ret
= realm
.read_default_id(this, default_id
, y
);
327 op_ret
= store
->svc()->zone
->list_realms(this, realms
);
329 ldpp_dout(this, -1) << "failed to list realms" << dendl
;
332 void RGWOp_Realm_List::send_response()
334 set_req_state_err(s
, op_ret
);
342 s
->formatter
->open_object_section("realms_list");
343 encode_json("default_info", default_id
, s
->formatter
);
344 encode_json("realms", realms
, s
->formatter
);
345 s
->formatter
->close_section();
346 end_header(s
, NULL
, "application/json", s
->formatter
->get_len());
350 class RGWHandler_Realm
: public RGWHandler_Auth_S3
{
352 using RGWHandler_Auth_S3::RGWHandler_Auth_S3
;
353 RGWOp
*op_get() override
{
354 if (s
->info
.args
.sub_resource_exists("list"))
355 return new RGWOp_Realm_List
;
356 return new RGWOp_Realm_Get
;
360 RGWRESTMgr_Realm::RGWRESTMgr_Realm()
362 // add the /admin/realm/period resource
363 register_resource("period", new RGWRESTMgr_Period
);
367 RGWRESTMgr_Realm::get_handler(rgw::sal::RGWRadosStore
*store
,
369 const rgw::auth::StrategyRegistry
& auth_registry
,
372 return new RGWHandler_Realm(auth_registry
);