1 // -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
2 // vim: ts=8 sw=2 smarttab ft=cpp
8 #include <boost/algorithm/string.hpp>
10 #include "common/errno.h"
11 #include "common/Formatter.h"
12 #include "common/ceph_json.h"
13 #include "common/RWLock.h"
15 #include "rgw_sal_rados.h"
19 #include "include/types.h"
21 #include "rgw_string.h"
23 // until everything is moved from rgw_common
24 #include "rgw_common.h"
26 #include "rgw_bucket.h"
27 #include "rgw_quota.h"
29 #include "services/svc_zone.h"
30 #include "services/svc_sys_obj.h"
31 #include "services/svc_sys_obj_cache.h"
32 #include "services/svc_user.h"
33 #include "services/svc_meta.h"
35 #define dout_subsys ceph_subsys_rgw
39 extern void op_type_to_str(uint32_t mask
, char *buf
, int len
);
42 * Get the anonymous (ie, unauthenticated) user info.
44 void rgw_get_anon_user(RGWUserInfo
& info
)
46 info
.user_id
= RGW_USER_ANON_ID
;
47 info
.display_name
.clear();
48 info
.access_keys
.clear();
51 int rgw_user_sync_all_stats(rgw::sal::RGWRadosStore
*store
,
52 const rgw_user
& user_id
, optional_yield y
)
54 rgw::sal::RGWBucketList user_buckets
;
55 rgw::sal::RGWRadosUser
user(store
, user_id
);
57 CephContext
*cct
= store
->ctx();
58 size_t max_entries
= cct
->_conf
->rgw_list_buckets_max_chunk
;
63 ret
= user
.list_buckets(marker
, string(), max_entries
, false, user_buckets
, y
);
65 ldout(cct
, 0) << "failed to read user buckets: ret=" << ret
<< dendl
;
68 auto& buckets
= user_buckets
.get_buckets();
69 for (auto i
= buckets
.begin(); i
!= buckets
.end(); ++i
) {
72 auto& bucket
= i
->second
;
74 ret
= bucket
->get_bucket_info(y
);
76 ldout(cct
, 0) << "ERROR: could not read bucket info: bucket=" << bucket
<< " ret=" << ret
<< dendl
;
79 ret
= bucket
->sync_user_stats(y
);
81 ldout(cct
, 0) << "ERROR: could not sync bucket stats: ret=" << ret
<< dendl
;
84 ret
= bucket
->check_bucket_shards();
86 ldout(cct
, 0) << "ERROR in check_bucket_shards: " << cpp_strerror(-ret
)<< dendl
;
89 } while (user_buckets
.is_truncated());
91 ret
= store
->ctl()->user
->complete_flush_stats(user
.get_user(), y
);
93 cerr
<< "ERROR: failed to complete syncing user stats: ret=" << ret
<< std::endl
;
100 int rgw_user_get_all_buckets_stats(rgw::sal::RGWRadosStore
*store
,
101 const rgw_user
& user_id
,
102 map
<string
, cls_user_bucket_entry
>& buckets_usage_map
,
105 CephContext
*cct
= store
->ctx();
106 size_t max_entries
= cct
->_conf
->rgw_list_buckets_max_chunk
;
112 rgw::sal::RGWBucketList buckets
;
113 ret
= rgw_read_user_buckets(store
, user_id
, buckets
, marker
,
114 string(), max_entries
, false, y
);
116 ldout(cct
, 0) << "failed to read user buckets: ret=" << ret
<< dendl
;
119 auto& m
= buckets
.get_buckets();
120 for (const auto& i
: m
) {
123 auto& bucket_ent
= i
.second
;
124 ret
= bucket_ent
->read_bucket_stats(y
);
126 ldout(cct
, 0) << "ERROR: could not get bucket stats: ret=" << ret
<< dendl
;
129 cls_user_bucket_entry entry
;
130 bucket_ent
->convert(&entry
);
131 buckets_usage_map
.emplace(bucket_ent
->get_name(), entry
);
133 done
= (buckets
.count() < max_entries
);
140 * Save the given user information to storage.
141 * Returns: 0 on success, -ERR# on failure.
143 int rgw_store_user_info(RGWUserCtl
*user_ctl
,
145 RGWUserInfo
*old_info
,
146 RGWObjVersionTracker
*objv_tracker
,
150 map
<string
, bufferlist
> *pattrs
)
152 return user_ctl
->store_info(info
, y
,
153 RGWUserCtl::PutParams()
154 .set_old_info(old_info
)
155 .set_objv_tracker(objv_tracker
)
157 .set_exclusive(exclusive
)
162 * Given a uid, finds the user info associated with it.
163 * returns: 0 on success, -ERR# on failure (including nonexistence)
165 int rgw_get_user_info_by_uid(RGWUserCtl
*user_ctl
,
169 RGWObjVersionTracker
* const objv_tracker
,
170 real_time
* const pmtime
,
171 rgw_cache_entry_info
* const cache_info
,
172 map
<string
, bufferlist
> * const pattrs
)
174 return user_ctl
->get_info_by_uid(uid
, &info
, y
,
175 RGWUserCtl::GetParams()
176 .set_objv_tracker(objv_tracker
)
178 .set_cache_info(cache_info
)
183 * Given an email, finds the user info associated with it.
184 * returns: 0 on success, -ERR# on failure (including nonexistence)
186 int rgw_get_user_info_by_email(RGWUserCtl
*user_ctl
, string
& email
,
187 RGWUserInfo
& info
, optional_yield y
,
188 RGWObjVersionTracker
*objv_tracker
,
191 return user_ctl
->get_info_by_email(email
, &info
, y
,
192 RGWUserCtl::GetParams()
193 .set_objv_tracker(objv_tracker
)
198 * Given an swift username, finds the user_info associated with it.
199 * returns: 0 on success, -ERR# on failure (including nonexistence)
201 int rgw_get_user_info_by_swift(RGWUserCtl
*user_ctl
,
202 const string
& swift_name
,
203 RGWUserInfo
& info
, /* out */
205 RGWObjVersionTracker
* const objv_tracker
,
206 real_time
* const pmtime
)
208 return user_ctl
->get_info_by_swift(swift_name
, &info
, y
,
209 RGWUserCtl::GetParams()
210 .set_objv_tracker(objv_tracker
)
215 * Given an access key, finds the user info associated with it.
216 * returns: 0 on success, -ERR# on failure (including nonexistence)
218 extern int rgw_get_user_info_by_access_key(RGWUserCtl
*user_ctl
,
219 const std::string
& access_key
,
222 RGWObjVersionTracker
* objv_tracker
,
225 return user_ctl
->get_info_by_access_key(access_key
, &info
, y
,
226 RGWUserCtl::GetParams()
227 .set_objv_tracker(objv_tracker
)
231 static bool char_is_unreserved_url(char c
)
247 struct rgw_flags_desc
{
252 static struct rgw_flags_desc rgw_perms
[] = {
253 { RGW_PERM_FULL_CONTROL
, "full-control" },
254 { RGW_PERM_READ
| RGW_PERM_WRITE
, "read-write" },
255 { RGW_PERM_READ
, "read" },
256 { RGW_PERM_WRITE
, "write" },
257 { RGW_PERM_READ_ACP
, "read-acp" },
258 { RGW_PERM_WRITE_ACP
, "write-acp" },
262 void rgw_perm_to_str(uint32_t mask
, char *buf
, int len
)
264 const char *sep
= "";
267 snprintf(buf
, len
, "<none>");
271 uint32_t orig_mask
= mask
;
272 for (int i
= 0; rgw_perms
[i
].mask
; i
++) {
273 struct rgw_flags_desc
*desc
= &rgw_perms
[i
];
274 if ((mask
& desc
->mask
) == desc
->mask
) {
275 pos
+= snprintf(buf
+ pos
, len
- pos
, "%s%s", sep
, desc
->str
);
284 if (mask
== orig_mask
) // no change
289 uint32_t rgw_str_to_perm(const char *str
)
291 if (strcasecmp(str
, "") == 0)
292 return RGW_PERM_NONE
;
293 else if (strcasecmp(str
, "read") == 0)
294 return RGW_PERM_READ
;
295 else if (strcasecmp(str
, "write") == 0)
296 return RGW_PERM_WRITE
;
297 else if (strcasecmp(str
, "readwrite") == 0)
298 return RGW_PERM_READ
| RGW_PERM_WRITE
;
299 else if (strcasecmp(str
, "full") == 0)
300 return RGW_PERM_FULL_CONTROL
;
302 return RGW_PERM_INVALID
;
305 int rgw_validate_tenant_name(const string
& t
)
308 static bool is_good(char ch
) {
309 return isalnum(ch
) || ch
== '_';
312 std::string::const_iterator it
=
313 std::find_if_not(t
.begin(), t
.end(), tench::is_good
);
314 return (it
== t
.end())? 0: -ERR_INVALID_TENANT_NAME
;
317 static bool validate_access_key(string
& key
)
319 const char *p
= key
.c_str();
321 if (!char_is_unreserved_url(*p
))
328 static void set_err_msg(std::string
*sink
, std::string msg
)
330 if (sink
&& !msg
.empty())
335 * Dump either the full user info or a subset to a formatter.
337 * NOTE: It is the caller's respnsibility to ensure that the
338 * formatter is flushed at the correct time.
341 static void dump_subusers_info(Formatter
*f
, RGWUserInfo
&info
)
343 map
<string
, RGWSubUser
>::iterator uiter
;
345 f
->open_array_section("subusers");
346 for (uiter
= info
.subusers
.begin(); uiter
!= info
.subusers
.end(); ++uiter
) {
347 RGWSubUser
& u
= uiter
->second
;
348 f
->open_object_section("user");
350 info
.user_id
.to_str(s
);
351 f
->dump_format("id", "%s:%s", s
.c_str(), u
.name
.c_str());
353 rgw_perm_to_str(u
.perm_mask
, buf
, sizeof(buf
));
354 f
->dump_string("permissions", buf
);
360 static void dump_access_keys_info(Formatter
*f
, RGWUserInfo
&info
)
362 map
<string
, RGWAccessKey
>::iterator kiter
;
363 f
->open_array_section("keys");
364 for (kiter
= info
.access_keys
.begin(); kiter
!= info
.access_keys
.end(); ++kiter
) {
365 RGWAccessKey
& k
= kiter
->second
;
366 const char *sep
= (k
.subuser
.empty() ? "" : ":");
367 const char *subuser
= (k
.subuser
.empty() ? "" : k
.subuser
.c_str());
368 f
->open_object_section("key");
370 info
.user_id
.to_str(s
);
371 f
->dump_format("user", "%s%s%s", s
.c_str(), sep
, subuser
);
372 f
->dump_string("access_key", k
.id
);
373 f
->dump_string("secret_key", k
.key
);
379 static void dump_swift_keys_info(Formatter
*f
, RGWUserInfo
&info
)
381 map
<string
, RGWAccessKey
>::iterator kiter
;
382 f
->open_array_section("swift_keys");
383 for (kiter
= info
.swift_keys
.begin(); kiter
!= info
.swift_keys
.end(); ++kiter
) {
384 RGWAccessKey
& k
= kiter
->second
;
385 const char *sep
= (k
.subuser
.empty() ? "" : ":");
386 const char *subuser
= (k
.subuser
.empty() ? "" : k
.subuser
.c_str());
387 f
->open_object_section("key");
389 info
.user_id
.to_str(s
);
390 f
->dump_format("user", "%s%s%s", s
.c_str(), sep
, subuser
);
391 f
->dump_string("secret_key", k
.key
);
397 static void dump_user_info(Formatter
*f
, RGWUserInfo
&info
,
398 RGWStorageStats
*stats
= NULL
)
400 f
->open_object_section("user_info");
401 encode_json("tenant", info
.user_id
.tenant
, f
);
402 encode_json("user_id", info
.user_id
.id
, f
);
403 encode_json("display_name", info
.display_name
, f
);
404 encode_json("email", info
.user_email
, f
);
405 encode_json("suspended", (int)info
.suspended
, f
);
406 encode_json("max_buckets", (int)info
.max_buckets
, f
);
408 dump_subusers_info(f
, info
);
409 dump_access_keys_info(f
, info
);
410 dump_swift_keys_info(f
, info
);
412 encode_json("caps", info
.caps
, f
);
415 op_type_to_str(info
.op_mask
, buf
, sizeof(buf
));
416 encode_json("op_mask", (const char *)buf
, f
);
417 encode_json("system", (bool)info
.system
, f
);
418 encode_json("admin", (bool)info
.admin
, f
);
419 encode_json("default_placement", info
.default_placement
.name
, f
);
420 encode_json("default_storage_class", info
.default_placement
.storage_class
, f
);
421 encode_json("placement_tags", info
.placement_tags
, f
);
422 encode_json("bucket_quota", info
.bucket_quota
, f
);
423 encode_json("user_quota", info
.user_quota
, f
);
424 encode_json("temp_url_keys", info
.temp_url_keys
, f
);
426 string user_source_type
;
427 switch ((RGWIdentityType
)info
.type
) {
429 user_source_type
= "rgw";
432 user_source_type
= "keystone";
435 user_source_type
= "ldap";
438 user_source_type
= "none";
441 user_source_type
= "none";
444 encode_json("type", user_source_type
, f
);
445 encode_json("mfa_ids", info
.mfa_ids
, f
);
447 encode_json("stats", *stats
, f
);
453 RGWAccessKeyPool::RGWAccessKeyPool(RGWUser
* usr
)
461 store
= user
->get_store();
462 user_ctl
= user
->get_user_ctl();
465 int RGWAccessKeyPool::init(RGWUserAdminOpState
& op_state
)
467 if (!op_state
.is_initialized()) {
468 keys_allowed
= false;
472 rgw_user
& uid
= op_state
.get_user_id();
473 if (uid
.compare(RGW_USER_ANON_ID
) == 0) {
474 keys_allowed
= false;
478 swift_keys
= op_state
.get_swift_keys();
479 access_keys
= op_state
.get_access_keys();
487 * Do a fairly exhaustive search for an existing key matching the parameters
488 * given. Also handles the case where no key type was specified and updates
489 * the operation state if needed.
492 bool RGWAccessKeyPool::check_existing_key(RGWUserAdminOpState
& op_state
)
494 bool existing_key
= false;
496 int key_type
= op_state
.get_key_type();
497 std::string kid
= op_state
.get_access_key();
498 std::map
<std::string
, RGWAccessKey
>::iterator kiter
;
499 std::string swift_kid
= op_state
.build_default_swift_kid();
501 RGWUserInfo dup_info
;
503 if (kid
.empty() && swift_kid
.empty())
508 kiter
= swift_keys
->find(swift_kid
);
510 existing_key
= (kiter
!= swift_keys
->end());
512 op_state
.set_access_key(swift_kid
);
516 kiter
= access_keys
->find(kid
);
517 existing_key
= (kiter
!= access_keys
->end());
521 kiter
= access_keys
->find(kid
);
523 existing_key
= (kiter
!= access_keys
->end());
525 op_state
.set_key_type(KEY_TYPE_S3
);
529 kiter
= swift_keys
->find(kid
);
531 existing_key
= (kiter
!= swift_keys
->end());
533 op_state
.set_key_type(KEY_TYPE_SWIFT
);
537 // handle the case where the access key was not provided in user:key format
538 if (swift_kid
.empty())
541 kiter
= swift_keys
->find(swift_kid
);
543 existing_key
= (kiter
!= swift_keys
->end());
545 op_state
.set_access_key(swift_kid
);
546 op_state
.set_key_type(KEY_TYPE_SWIFT
);
550 op_state
.set_existing_key(existing_key
);
555 int RGWAccessKeyPool::check_op(RGWUserAdminOpState
& op_state
,
556 std::string
*err_msg
)
558 RGWUserInfo dup_info
;
560 if (!op_state
.is_populated()) {
561 set_err_msg(err_msg
, "user info was not populated");
566 set_err_msg(err_msg
, "keys not allowed for this user");
570 int32_t key_type
= op_state
.get_key_type();
572 // if a key type wasn't specified
574 if (op_state
.has_subuser()) {
575 key_type
= KEY_TYPE_SWIFT
;
577 key_type
= KEY_TYPE_S3
;
581 op_state
.set_key_type(key_type
);
583 /* see if the access key was specified */
584 if (key_type
== KEY_TYPE_S3
&& !op_state
.will_gen_access() &&
585 op_state
.get_access_key().empty()) {
586 set_err_msg(err_msg
, "empty access key");
587 return -ERR_INVALID_ACCESS_KEY
;
590 // don't check for secret key because we may be doing a removal
592 check_existing_key(op_state
);
597 // Generate a new random key
598 int RGWAccessKeyPool::generate_key(RGWUserAdminOpState
& op_state
,
599 optional_yield y
, std::string
*err_msg
)
604 std::pair
<std::string
, RGWAccessKey
> key_pair
;
605 RGWAccessKey new_key
;
606 RGWUserInfo duplicate_check
;
608 int key_type
= op_state
.get_key_type();
609 bool gen_access
= op_state
.will_gen_access();
610 bool gen_secret
= op_state
.will_gen_secret();
613 set_err_msg(err_msg
, "access keys not allowed for this user");
617 if (op_state
.has_existing_key()) {
618 set_err_msg(err_msg
, "cannot create existing key");
619 return -ERR_KEY_EXIST
;
623 id
= op_state
.get_access_key();
629 if (rgw_get_user_info_by_swift(user_ctl
, id
, duplicate_check
, y
) >= 0) {
630 set_err_msg(err_msg
, "existing swift key in RGW system:" + id
);
631 return -ERR_KEY_EXIST
;
635 if (rgw_get_user_info_by_access_key(user_ctl
, id
, duplicate_check
, y
) >= 0) {
636 set_err_msg(err_msg
, "existing S3 key in RGW system:" + id
);
637 return -ERR_KEY_EXIST
;
643 if (op_state
.has_subuser()) {
644 //create user and subuser at the same time, user's s3 key should not be set this
645 if (!op_state
.key_type_setbycontext
|| (key_type
== KEY_TYPE_SWIFT
)) {
646 new_key
.subuser
= op_state
.get_subuser();
652 if (op_state
.get_secret_key().empty()) {
653 set_err_msg(err_msg
, "empty secret key");
654 return -ERR_INVALID_SECRET_KEY
;
657 key
= op_state
.get_secret_key();
659 char secret_key_buf
[SECRET_KEY_LEN
+ 1];
660 gen_rand_alphanumeric_plain(g_ceph_context
, secret_key_buf
, sizeof(secret_key_buf
));
661 key
= secret_key_buf
;
664 // Generate the access key
665 if (key_type
== KEY_TYPE_S3
&& gen_access
) {
666 char public_id_buf
[PUBLIC_ID_LEN
+ 1];
669 int id_buf_size
= sizeof(public_id_buf
);
670 gen_rand_alphanumeric_upper(g_ceph_context
, public_id_buf
, id_buf_size
);
672 if (!validate_access_key(id
))
675 } while (!rgw_get_user_info_by_access_key(user_ctl
, id
, duplicate_check
, y
));
678 if (key_type
== KEY_TYPE_SWIFT
) {
679 id
= op_state
.build_default_swift_kid();
681 set_err_msg(err_msg
, "empty swift access key");
682 return -ERR_INVALID_ACCESS_KEY
;
685 // check that the access key doesn't exist
686 if (rgw_get_user_info_by_swift(user_ctl
, id
, duplicate_check
, y
) >= 0) {
687 set_err_msg(err_msg
, "cannot create existing swift key");
688 return -ERR_KEY_EXIST
;
692 // finally create the new key
697 key_pair
.second
= new_key
;
699 if (key_type
== KEY_TYPE_S3
) {
700 access_keys
->insert(key_pair
);
701 } else if (key_type
== KEY_TYPE_SWIFT
) {
702 swift_keys
->insert(key_pair
);
708 // modify an existing key
709 int RGWAccessKeyPool::modify_key(RGWUserAdminOpState
& op_state
, std::string
*err_msg
)
712 std::string key
= op_state
.get_secret_key();
713 int key_type
= op_state
.get_key_type();
715 RGWAccessKey modify_key
;
717 pair
<string
, RGWAccessKey
> key_pair
;
718 map
<std::string
, RGWAccessKey
>::iterator kiter
;
722 id
= op_state
.get_access_key();
724 set_err_msg(err_msg
, "no access key specified");
725 return -ERR_INVALID_ACCESS_KEY
;
729 id
= op_state
.build_default_swift_kid();
731 set_err_msg(err_msg
, "no subuser specified");
736 set_err_msg(err_msg
, "invalid key type");
737 return -ERR_INVALID_KEY_TYPE
;
740 if (!op_state
.has_existing_key()) {
741 set_err_msg(err_msg
, "key does not exist");
742 return -ERR_INVALID_ACCESS_KEY
;
747 if (key_type
== KEY_TYPE_SWIFT
) {
749 modify_key
.subuser
= op_state
.get_subuser();
750 } else if (key_type
== KEY_TYPE_S3
) {
751 kiter
= access_keys
->find(id
);
752 if (kiter
!= access_keys
->end()) {
753 modify_key
= kiter
->second
;
757 if (op_state
.will_gen_secret()) {
758 char secret_key_buf
[SECRET_KEY_LEN
+ 1];
759 int key_buf_size
= sizeof(secret_key_buf
);
760 gen_rand_alphanumeric_plain(g_ceph_context
, secret_key_buf
, key_buf_size
);
761 key
= secret_key_buf
;
765 set_err_msg(err_msg
, "empty secret key");
766 return -ERR_INVALID_SECRET_KEY
;
769 // update the access key with the new secret key
770 modify_key
.key
= key
;
772 key_pair
.second
= modify_key
;
775 if (key_type
== KEY_TYPE_S3
) {
776 (*access_keys
)[id
] = modify_key
;
777 } else if (key_type
== KEY_TYPE_SWIFT
) {
778 (*swift_keys
)[id
] = modify_key
;
784 int RGWAccessKeyPool::execute_add(RGWUserAdminOpState
& op_state
,
785 std::string
*err_msg
, bool defer_user_update
,
790 std::string subprocess_msg
;
791 int key_op
= GENERATE_KEY
;
794 if (op_state
.has_existing_key())
799 ret
= generate_key(op_state
, y
, &subprocess_msg
);
802 ret
= modify_key(op_state
, &subprocess_msg
);
807 set_err_msg(err_msg
, subprocess_msg
);
811 // store the updated info
812 if (!defer_user_update
)
813 ret
= user
->update(op_state
, err_msg
, y
);
821 int RGWAccessKeyPool::add(RGWUserAdminOpState
& op_state
, optional_yield y
,
822 std::string
*err_msg
)
824 return add(op_state
, err_msg
, false, y
);
827 int RGWAccessKeyPool::add(RGWUserAdminOpState
& op_state
, std::string
*err_msg
,
828 bool defer_user_update
, optional_yield y
)
831 std::string subprocess_msg
;
833 ret
= check_op(op_state
, &subprocess_msg
);
835 set_err_msg(err_msg
, "unable to parse request, " + subprocess_msg
);
839 ret
= execute_add(op_state
, &subprocess_msg
, defer_user_update
, y
);
841 set_err_msg(err_msg
, "unable to add access key, " + subprocess_msg
);
848 int RGWAccessKeyPool::execute_remove(RGWUserAdminOpState
& op_state
,
849 std::string
*err_msg
,
850 bool defer_user_update
,
855 int key_type
= op_state
.get_key_type();
856 std::string id
= op_state
.get_access_key();
857 map
<std::string
, RGWAccessKey
>::iterator kiter
;
858 map
<std::string
, RGWAccessKey
> *keys_map
;
860 if (!op_state
.has_existing_key()) {
861 set_err_msg(err_msg
, "unable to find access key");
862 return -ERR_INVALID_ACCESS_KEY
;
865 if (key_type
== KEY_TYPE_S3
) {
866 keys_map
= access_keys
;
867 } else if (key_type
== KEY_TYPE_SWIFT
) {
868 keys_map
= swift_keys
;
871 set_err_msg(err_msg
, "invalid access key");
872 return -ERR_INVALID_ACCESS_KEY
;
875 kiter
= keys_map
->find(id
);
876 if (kiter
== keys_map
->end()) {
877 set_err_msg(err_msg
, "key not found");
878 return -ERR_INVALID_ACCESS_KEY
;
881 keys_map
->erase(kiter
);
883 if (!defer_user_update
)
884 ret
= user
->update(op_state
, err_msg
, y
);
892 int RGWAccessKeyPool::remove(RGWUserAdminOpState
& op_state
, optional_yield y
,
893 std::string
*err_msg
)
895 return remove(op_state
, err_msg
, false, y
);
898 int RGWAccessKeyPool::remove(RGWUserAdminOpState
& op_state
,
899 std::string
*err_msg
, bool defer_user_update
,
904 std::string subprocess_msg
;
906 ret
= check_op(op_state
, &subprocess_msg
);
908 set_err_msg(err_msg
, "unable to parse request, " + subprocess_msg
);
912 ret
= execute_remove(op_state
, &subprocess_msg
, defer_user_update
, y
);
914 set_err_msg(err_msg
, "unable to remove access key, " + subprocess_msg
);
921 // remove all keys associated with a subuser
922 int RGWAccessKeyPool::remove_subuser_keys(RGWUserAdminOpState
& op_state
,
923 std::string
*err_msg
,
924 bool defer_user_update
,
929 if (!op_state
.is_populated()) {
930 set_err_msg(err_msg
, "user info was not populated");
934 if (!op_state
.has_subuser()) {
935 set_err_msg(err_msg
, "no subuser specified");
939 std::string swift_kid
= op_state
.build_default_swift_kid();
940 if (swift_kid
.empty()) {
941 set_err_msg(err_msg
, "empty swift access key");
945 map
<std::string
, RGWAccessKey
>::iterator kiter
;
946 map
<std::string
, RGWAccessKey
> *keys_map
;
948 // a subuser can have at most one swift key
949 keys_map
= swift_keys
;
950 kiter
= keys_map
->find(swift_kid
);
951 if (kiter
!= keys_map
->end()) {
952 keys_map
->erase(kiter
);
955 // a subuser may have multiple s3 key pairs
956 std::string subuser_str
= op_state
.get_subuser();
957 keys_map
= access_keys
;
958 RGWUserInfo user_info
= op_state
.get_user_info();
959 auto user_kiter
= user_info
.access_keys
.begin();
960 for (; user_kiter
!= user_info
.access_keys
.end(); ++user_kiter
) {
961 if (user_kiter
->second
.subuser
== subuser_str
) {
962 kiter
= keys_map
->find(user_kiter
->first
);
963 if (kiter
!= keys_map
->end()) {
964 keys_map
->erase(kiter
);
969 if (!defer_user_update
)
970 ret
= user
->update(op_state
, err_msg
, y
);
978 RGWSubUserPool::RGWSubUserPool(RGWUser
*usr
)
986 subusers_allowed
= true;
987 store
= user
->get_store();
988 user_ctl
= user
->get_user_ctl();
991 int RGWSubUserPool::init(RGWUserAdminOpState
& op_state
)
993 if (!op_state
.is_initialized()) {
994 subusers_allowed
= false;
998 rgw_user
& uid
= op_state
.get_user_id();
999 if (uid
.compare(RGW_USER_ANON_ID
) == 0) {
1000 subusers_allowed
= false;
1004 subuser_map
= op_state
.get_subusers();
1005 if (subuser_map
== NULL
) {
1006 subusers_allowed
= false;
1010 subusers_allowed
= true;
1015 bool RGWSubUserPool::exists(std::string subuser
)
1017 if (subuser
.empty())
1023 if (subuser_map
->count(subuser
))
1029 int RGWSubUserPool::check_op(RGWUserAdminOpState
& op_state
,
1030 std::string
*err_msg
)
1032 bool existing
= false;
1033 std::string subuser
= op_state
.get_subuser();
1035 if (!op_state
.is_populated()) {
1036 set_err_msg(err_msg
, "user info was not populated");
1040 if (!subusers_allowed
) {
1041 set_err_msg(err_msg
, "subusers not allowed for this user");
1045 if (subuser
.empty() && !op_state
.will_gen_subuser()) {
1046 set_err_msg(err_msg
, "empty subuser name");
1050 if (op_state
.get_subuser_perm() == RGW_PERM_INVALID
) {
1051 set_err_msg(err_msg
, "invaild subuser access");
1055 //set key type when it not set or set by context
1056 if ((op_state
.get_key_type() < 0) || op_state
.key_type_setbycontext
) {
1057 op_state
.set_key_type(KEY_TYPE_SWIFT
);
1058 op_state
.key_type_setbycontext
= true;
1061 // check if the subuser exists
1062 if (!subuser
.empty())
1063 existing
= exists(subuser
);
1065 op_state
.set_existing_subuser(existing
);
1070 int RGWSubUserPool::execute_add(RGWUserAdminOpState
& op_state
,
1071 std::string
*err_msg
, bool defer_user_update
,
1075 std::string subprocess_msg
;
1078 std::pair
<std::string
, RGWSubUser
> subuser_pair
;
1079 std::string subuser_str
= op_state
.get_subuser();
1081 subuser_pair
.first
= subuser_str
;
1083 // assumes key should be created
1084 if (op_state
.has_key_op()) {
1085 ret
= user
->keys
.add(op_state
, &subprocess_msg
, true, y
);
1087 set_err_msg(err_msg
, "unable to create subuser key, " + subprocess_msg
);
1092 // create the subuser
1093 subuser
.name
= subuser_str
;
1095 if (op_state
.has_subuser_perm())
1096 subuser
.perm_mask
= op_state
.get_subuser_perm();
1098 // insert the subuser into user info
1099 subuser_pair
.second
= subuser
;
1100 subuser_map
->insert(subuser_pair
);
1102 // attempt to save the subuser
1103 if (!defer_user_update
)
1104 ret
= user
->update(op_state
, err_msg
, y
);
1112 int RGWSubUserPool::add(RGWUserAdminOpState
& op_state
, optional_yield y
,
1113 std::string
*err_msg
)
1115 return add(op_state
, err_msg
, false, y
);
1118 int RGWSubUserPool::add(RGWUserAdminOpState
& op_state
, std::string
*err_msg
, bool defer_user_update
, optional_yield y
)
1120 std::string subprocess_msg
;
1122 int32_t key_type
= op_state
.get_key_type();
1124 ret
= check_op(op_state
, &subprocess_msg
);
1126 set_err_msg(err_msg
, "unable to parse request, " + subprocess_msg
);
1130 if (key_type
== KEY_TYPE_S3
&& op_state
.get_access_key().empty()) {
1131 op_state
.set_gen_access();
1134 if (op_state
.get_secret_key().empty()) {
1135 op_state
.set_gen_secret();
1138 ret
= execute_add(op_state
, &subprocess_msg
, defer_user_update
, y
);
1140 set_err_msg(err_msg
, "unable to create subuser, " + subprocess_msg
);
1147 int RGWSubUserPool::execute_remove(RGWUserAdminOpState
& op_state
,
1148 std::string
*err_msg
, bool defer_user_update
,
1152 std::string subprocess_msg
;
1154 std::string subuser_str
= op_state
.get_subuser();
1156 map
<std::string
, RGWSubUser
>::iterator siter
;
1157 siter
= subuser_map
->find(subuser_str
);
1158 if (siter
== subuser_map
->end()){
1159 set_err_msg(err_msg
, "subuser not found: " + subuser_str
);
1160 return -ERR_NO_SUCH_SUBUSER
;
1162 if (!op_state
.has_existing_subuser()) {
1163 set_err_msg(err_msg
, "subuser not found: " + subuser_str
);
1164 return -ERR_NO_SUCH_SUBUSER
;
1167 // always purge all associate keys
1168 user
->keys
.remove_subuser_keys(op_state
, &subprocess_msg
, true, y
);
1170 // remove the subuser from the user info
1171 subuser_map
->erase(siter
);
1173 // attempt to save the subuser
1174 if (!defer_user_update
)
1175 ret
= user
->update(op_state
, err_msg
, y
);
1183 int RGWSubUserPool::remove(RGWUserAdminOpState
& op_state
, optional_yield y
,
1184 std::string
*err_msg
)
1186 return remove(op_state
, err_msg
, false, y
);
1189 int RGWSubUserPool::remove(RGWUserAdminOpState
& op_state
, std::string
*err_msg
,
1190 bool defer_user_update
, optional_yield y
)
1192 std::string subprocess_msg
;
1195 ret
= check_op(op_state
, &subprocess_msg
);
1197 set_err_msg(err_msg
, "unable to parse request, " + subprocess_msg
);
1201 ret
= execute_remove(op_state
, &subprocess_msg
, defer_user_update
, y
);
1203 set_err_msg(err_msg
, "unable to remove subuser, " + subprocess_msg
);
1210 int RGWSubUserPool::execute_modify(RGWUserAdminOpState
& op_state
, std::string
*err_msg
, bool defer_user_update
, optional_yield y
)
1213 std::string subprocess_msg
;
1214 std::map
<std::string
, RGWSubUser
>::iterator siter
;
1215 std::pair
<std::string
, RGWSubUser
> subuser_pair
;
1217 std::string subuser_str
= op_state
.get_subuser();
1220 if (!op_state
.has_existing_subuser()) {
1221 set_err_msg(err_msg
, "subuser does not exist");
1222 return -ERR_NO_SUCH_SUBUSER
;
1225 subuser_pair
.first
= subuser_str
;
1227 siter
= subuser_map
->find(subuser_str
);
1228 subuser
= siter
->second
;
1230 if (op_state
.has_key_op()) {
1231 ret
= user
->keys
.add(op_state
, &subprocess_msg
, true, y
);
1233 set_err_msg(err_msg
, "unable to create subuser keys, " + subprocess_msg
);
1238 if (op_state
.has_subuser_perm())
1239 subuser
.perm_mask
= op_state
.get_subuser_perm();
1241 subuser_pair
.second
= subuser
;
1243 subuser_map
->erase(siter
);
1244 subuser_map
->insert(subuser_pair
);
1246 // attempt to save the subuser
1247 if (!defer_user_update
)
1248 ret
= user
->update(op_state
, err_msg
, y
);
1256 int RGWSubUserPool::modify(RGWUserAdminOpState
& op_state
, optional_yield y
, std::string
*err_msg
)
1258 return RGWSubUserPool::modify(op_state
, y
, err_msg
, false);
1261 int RGWSubUserPool::modify(RGWUserAdminOpState
& op_state
, optional_yield y
, std::string
*err_msg
, bool defer_user_update
)
1263 std::string subprocess_msg
;
1268 ret
= check_op(op_state
, &subprocess_msg
);
1270 set_err_msg(err_msg
, "unable to parse request, " + subprocess_msg
);
1274 ret
= execute_modify(op_state
, &subprocess_msg
, defer_user_update
, y
);
1276 set_err_msg(err_msg
, "unable to modify subuser, " + subprocess_msg
);
1283 RGWUserCapPool::RGWUserCapPool(RGWUser
*usr
)
1289 caps_allowed
= true;
1292 int RGWUserCapPool::init(RGWUserAdminOpState
& op_state
)
1294 if (!op_state
.is_initialized()) {
1295 caps_allowed
= false;
1299 rgw_user
& uid
= op_state
.get_user_id();
1300 if (uid
.compare(RGW_USER_ANON_ID
) == 0) {
1301 caps_allowed
= false;
1305 caps
= op_state
.get_caps_obj();
1307 caps_allowed
= false;
1308 return -ERR_INVALID_CAP
;
1311 caps_allowed
= true;
1316 int RGWUserCapPool::add(RGWUserAdminOpState
& op_state
, optional_yield y
,
1317 std::string
*err_msg
)
1319 return add(op_state
, err_msg
, false, y
);
1322 int RGWUserCapPool::add(RGWUserAdminOpState
& op_state
, std::string
*err_msg
,
1323 bool defer_save
, optional_yield y
)
1326 std::string caps_str
= op_state
.get_caps();
1328 if (!op_state
.is_populated()) {
1329 set_err_msg(err_msg
, "user info was not populated");
1333 if (!caps_allowed
) {
1334 set_err_msg(err_msg
, "caps not allowed for this user");
1338 if (caps_str
.empty()) {
1339 set_err_msg(err_msg
, "empty user caps");
1340 return -ERR_INVALID_CAP
;
1343 int r
= caps
->add_from_string(caps_str
);
1345 set_err_msg(err_msg
, "unable to add caps: " + caps_str
);
1350 ret
= user
->update(op_state
, err_msg
, y
);
1358 int RGWUserCapPool::remove(RGWUserAdminOpState
& op_state
, optional_yield y
,
1359 std::string
*err_msg
)
1361 return remove(op_state
, err_msg
, false, y
);
1364 int RGWUserCapPool::remove(RGWUserAdminOpState
& op_state
, std::string
*err_msg
,
1365 bool defer_save
, optional_yield y
)
1369 std::string caps_str
= op_state
.get_caps();
1371 if (!op_state
.is_populated()) {
1372 set_err_msg(err_msg
, "user info was not populated");
1376 if (!caps_allowed
) {
1377 set_err_msg(err_msg
, "caps not allowed for this user");
1381 if (caps_str
.empty()) {
1382 set_err_msg(err_msg
, "empty user caps");
1383 return -ERR_INVALID_CAP
;
1386 int r
= caps
->remove_from_string(caps_str
);
1388 set_err_msg(err_msg
, "unable to remove caps: " + caps_str
);
1393 ret
= user
->update(op_state
, err_msg
, y
);
1401 RGWUser::RGWUser() : caps(this), keys(this), subusers(this)
1406 int RGWUser::init(rgw::sal::RGWRadosStore
*storage
,
1407 RGWUserAdminOpState
& op_state
, optional_yield y
)
1410 int ret
= init_storage(storage
);
1414 ret
= init(op_state
, y
);
1421 void RGWUser::init_default()
1423 // use anonymous user info as a placeholder
1424 rgw_get_anon_user(old_info
);
1425 user_id
= RGW_USER_ANON_ID
;
1430 int RGWUser::init_storage(rgw::sal::RGWRadosStore
*storage
)
1437 user_ctl
= store
->ctl()->user
;
1442 keys
= RGWAccessKeyPool(this);
1443 caps
= RGWUserCapPool(this);
1444 subusers
= RGWSubUserPool(this);
1449 int RGWUser::init(RGWUserAdminOpState
& op_state
, optional_yield y
)
1452 std::string swift_user
;
1453 user_id
= op_state
.get_user_id();
1454 std::string user_email
= op_state
.get_user_email();
1455 std::string access_key
= op_state
.get_access_key();
1456 std::string subuser
= op_state
.get_subuser();
1458 int key_type
= op_state
.get_key_type();
1459 if (key_type
== KEY_TYPE_SWIFT
) {
1460 swift_user
= op_state
.get_access_key();
1464 RGWUserInfo user_info
;
1468 if (user_id
.empty() && !subuser
.empty()) {
1469 size_t pos
= subuser
.find(':');
1470 if (pos
!= string::npos
) {
1471 user_id
= subuser
.substr(0, pos
);
1472 op_state
.set_user_id(user_id
);
1476 if (!user_id
.empty() && (user_id
.compare(RGW_USER_ANON_ID
) != 0)) {
1477 found
= (rgw_get_user_info_by_uid(user_ctl
, user_id
, user_info
, y
, &op_state
.objv
) >= 0);
1478 op_state
.found_by_uid
= found
;
1480 if (store
->ctx()->_conf
.get_val
<bool>("rgw_user_unique_email")) {
1481 if (!user_email
.empty() && !found
) {
1482 found
= (rgw_get_user_info_by_email(user_ctl
, user_email
, user_info
, y
, &op_state
.objv
) >= 0);
1483 op_state
.found_by_email
= found
;
1486 if (!swift_user
.empty() && !found
) {
1487 found
= (rgw_get_user_info_by_swift(user_ctl
, swift_user
, user_info
, y
, &op_state
.objv
) >= 0);
1488 op_state
.found_by_key
= found
;
1490 if (!access_key
.empty() && !found
) {
1491 found
= (rgw_get_user_info_by_access_key(user_ctl
, access_key
, user_info
, y
, &op_state
.objv
) >= 0);
1492 op_state
.found_by_key
= found
;
1495 op_state
.set_existing_user(found
);
1497 op_state
.set_user_info(user_info
);
1498 op_state
.set_populated();
1500 old_info
= user_info
;
1504 if (user_id
.empty()) {
1505 user_id
= user_info
.user_id
;
1507 op_state
.set_initialized();
1509 // this may have been called by a helper object
1510 int ret
= init_members(op_state
);
1517 int RGWUser::init_members(RGWUserAdminOpState
& op_state
)
1521 ret
= keys
.init(op_state
);
1525 ret
= subusers
.init(op_state
);
1529 ret
= caps
.init(op_state
);
1536 int RGWUser::update(RGWUserAdminOpState
& op_state
, std::string
*err_msg
,
1540 std::string subprocess_msg
;
1541 RGWUserInfo user_info
= op_state
.get_user_info();
1544 set_err_msg(err_msg
, "couldn't initialize storage");
1548 RGWUserInfo
*pold_info
= (is_populated() ? &old_info
: nullptr);
1550 ret
= rgw_store_user_info(user_ctl
, user_info
, pold_info
, &op_state
.objv
,
1551 real_time(), false, y
);
1553 set_err_msg(err_msg
, "unable to store user info");
1557 old_info
= user_info
;
1563 int RGWUser::check_op(RGWUserAdminOpState
& op_state
, std::string
*err_msg
)
1567 rgw_user
& op_id
= op_state
.get_user_id();
1569 RGWUserInfo user_info
;
1571 same_id
= (user_id
.compare(op_id
) == 0);
1572 populated
= is_populated();
1574 if (op_id
.compare(RGW_USER_ANON_ID
) == 0) {
1575 set_err_msg(err_msg
, "unable to perform operations on the anonymous user");
1579 if (populated
&& !same_id
) {
1580 set_err_msg(err_msg
, "user id mismatch, operation id: " + op_id
.to_str()
1581 + " does not match: " + user_id
.to_str());
1586 int ret
= rgw_validate_tenant_name(op_id
.tenant
);
1588 set_err_msg(err_msg
,
1589 "invalid tenant only alphanumeric and _ characters are allowed");
1593 //set key type when it not set or set by context
1594 if ((op_state
.get_key_type() < 0) || op_state
.key_type_setbycontext
) {
1595 op_state
.set_key_type(KEY_TYPE_S3
);
1596 op_state
.key_type_setbycontext
= true;
1602 // update swift_keys with new user id
1603 static void rename_swift_keys(const rgw_user
& user
,
1604 std::map
<std::string
, RGWAccessKey
>& keys
)
1606 std::string user_id
;
1607 user
.to_str(user_id
);
1609 auto modify_keys
= std::move(keys
);
1610 for ([[maybe_unused
]] auto& [k
, key
] : modify_keys
) {
1611 std::string id
= user_id
+ ":" + key
.subuser
;
1613 keys
[id
] = std::move(key
);
1617 int RGWUser::execute_rename(RGWUserAdminOpState
& op_state
, std::string
*err_msg
, optional_yield y
)
1620 bool populated
= op_state
.is_populated();
1622 if (!op_state
.has_existing_user() && !populated
) {
1623 set_err_msg(err_msg
, "user not found");
1628 ret
= init(op_state
, y
);
1630 set_err_msg(err_msg
, "unable to retrieve user info");
1635 rgw::sal::RGWRadosUser
old_user(store
, op_state
.get_user_info());
1636 rgw::sal::RGWRadosUser
new_user(store
, op_state
.get_new_uid());
1637 if (old_user
.get_tenant() != new_user
.get_tenant()) {
1638 set_err_msg(err_msg
, "users have to be under the same tenant namespace "
1639 + old_user
.get_tenant() + " != " + new_user
.get_tenant());
1643 // create a stub user and write only the uid index and buckets object
1644 RGWUserInfo stub_user_info
;
1645 stub_user_info
.user_id
= new_user
.get_user();
1647 RGWObjVersionTracker objv
;
1648 const bool exclusive
= !op_state
.get_overwrite_new_user(); // overwrite if requested
1650 ret
= user_ctl
->store_info(stub_user_info
, y
,
1651 RGWUserCtl::PutParams()
1652 .set_objv_tracker(&objv
)
1653 .set_exclusive(exclusive
));
1654 if (ret
== -EEXIST
) {
1655 set_err_msg(err_msg
, "user name given by --new-uid already exists");
1659 set_err_msg(err_msg
, "unable to store new user info");
1663 RGWAccessControlPolicy policy_instance
;
1664 policy_instance
.create_default(new_user
.get_user(), old_user
.get_display_name());
1666 //unlink and link buckets to new user
1668 CephContext
*cct
= store
->ctx();
1669 size_t max_buckets
= cct
->_conf
->rgw_list_buckets_max_chunk
;
1670 rgw::sal::RGWBucketList buckets
;
1673 ret
= old_user
.list_buckets(marker
, "", max_buckets
, false, buckets
, y
);
1675 set_err_msg(err_msg
, "unable to list user buckets");
1679 auto& m
= buckets
.get_buckets();
1681 for (auto it
= m
.begin(); it
!= m
.end(); ++it
) {
1682 auto& bucket
= it
->second
;
1685 ret
= bucket
->get_bucket_info(y
);
1687 set_err_msg(err_msg
, "failed to fetch bucket info for bucket=" + bucket
->get_name());
1691 ret
= bucket
->set_acl(policy_instance
, y
);
1693 set_err_msg(err_msg
, "failed to set acl on bucket " + bucket
->get_name());
1697 ret
= bucket
->link(&new_user
, y
);
1699 set_err_msg(err_msg
, "failed to link bucket " + bucket
->get_name());
1703 ret
= bucket
->chown(&new_user
, &old_user
, y
);
1705 set_err_msg(err_msg
, "failed to run bucket chown" + cpp_strerror(-ret
));
1710 } while (buckets
.is_truncated());
1712 // update the 'stub user' with all of the other fields and rewrite all of the
1713 // associated index objects
1714 RGWUserInfo
& user_info
= op_state
.get_user_info();
1715 user_info
.user_id
= new_user
.get_user();
1716 op_state
.objv
= objv
;
1718 rename_swift_keys(new_user
.get_user(), user_info
.swift_keys
);
1720 return update(op_state
, err_msg
, y
);
1723 int RGWUser::execute_add(RGWUserAdminOpState
& op_state
, std::string
*err_msg
,
1726 std::string subprocess_msg
;
1728 bool defer_user_update
= true;
1730 RGWUserInfo user_info
;
1732 rgw_user
& uid
= op_state
.get_user_id();
1733 std::string user_email
= op_state
.get_user_email();
1734 std::string display_name
= op_state
.get_display_name();
1736 // fail if the user exists already
1737 if (op_state
.has_existing_user()) {
1738 if (op_state
.found_by_email
) {
1739 set_err_msg(err_msg
, "email: " + user_email
+
1740 " is the email address an existing user");
1741 ret
= -ERR_EMAIL_EXIST
;
1742 } else if (op_state
.found_by_key
) {
1743 set_err_msg(err_msg
, "duplicate key provided");
1744 ret
= -ERR_KEY_EXIST
;
1746 set_err_msg(err_msg
, "user: " + op_state
.user_id
.to_str() + " exists");
1752 // fail if the user_info has already been populated
1753 if (op_state
.is_populated()) {
1754 set_err_msg(err_msg
, "cannot overwrite already populated user");
1758 // fail if the display name was not included
1759 if (display_name
.empty()) {
1760 set_err_msg(err_msg
, "no display name specified");
1765 // set the user info
1767 user_info
.user_id
= user_id
;
1768 user_info
.display_name
= display_name
;
1769 user_info
.type
= TYPE_RGW
;
1771 if (!user_email
.empty())
1772 user_info
.user_email
= user_email
;
1774 CephContext
*cct
= store
->ctx();
1775 if (op_state
.max_buckets_specified
) {
1776 user_info
.max_buckets
= op_state
.get_max_buckets();
1778 user_info
.max_buckets
=
1779 cct
->_conf
.get_val
<int64_t>("rgw_user_max_buckets");
1782 user_info
.suspended
= op_state
.get_suspension_status();
1783 user_info
.admin
= op_state
.admin
;
1784 user_info
.system
= op_state
.system
;
1786 if (op_state
.op_mask_specified
)
1787 user_info
.op_mask
= op_state
.get_op_mask();
1789 if (op_state
.has_bucket_quota()) {
1790 user_info
.bucket_quota
= op_state
.get_bucket_quota();
1792 rgw_apply_default_bucket_quota(user_info
.bucket_quota
, cct
->_conf
);
1795 if (op_state
.temp_url_key_specified
) {
1796 map
<int, string
>::iterator iter
;
1797 for (iter
= op_state
.temp_url_keys
.begin();
1798 iter
!= op_state
.temp_url_keys
.end(); ++iter
) {
1799 user_info
.temp_url_keys
[iter
->first
] = iter
->second
;
1803 if (op_state
.has_user_quota()) {
1804 user_info
.user_quota
= op_state
.get_user_quota();
1806 rgw_apply_default_user_quota(user_info
.user_quota
, cct
->_conf
);
1809 if (op_state
.default_placement_specified
) {
1810 user_info
.default_placement
= op_state
.default_placement
;
1813 if (op_state
.placement_tags_specified
) {
1814 user_info
.placement_tags
= op_state
.placement_tags
;
1817 // update the request
1818 op_state
.set_user_info(user_info
);
1819 op_state
.set_populated();
1821 // update the helper objects
1822 ret
= init_members(op_state
);
1824 set_err_msg(err_msg
, "unable to initialize user");
1828 // see if we need to add an access key
1829 if (op_state
.has_key_op()) {
1830 ret
= keys
.add(op_state
, &subprocess_msg
, defer_user_update
, y
);
1832 set_err_msg(err_msg
, "unable to create access key, " + subprocess_msg
);
1837 // see if we need to add some caps
1838 if (op_state
.has_caps_op()) {
1839 ret
= caps
.add(op_state
, &subprocess_msg
, defer_user_update
, y
);
1841 set_err_msg(err_msg
, "unable to add user capabilities, " + subprocess_msg
);
1846 ret
= update(op_state
, err_msg
, y
);
1854 int RGWUser::add(RGWUserAdminOpState
& op_state
, optional_yield y
, std::string
*err_msg
)
1856 std::string subprocess_msg
;
1859 ret
= check_op(op_state
, &subprocess_msg
);
1861 set_err_msg(err_msg
, "unable to parse parameters, " + subprocess_msg
);
1865 ret
= execute_add(op_state
, &subprocess_msg
, y
);
1867 set_err_msg(err_msg
, "unable to create user, " + subprocess_msg
);
1874 int RGWUser::rename(RGWUserAdminOpState
& op_state
, optional_yield y
, std::string
*err_msg
)
1876 std::string subprocess_msg
;
1879 ret
= check_op(op_state
, &subprocess_msg
);
1881 set_err_msg(err_msg
, "unable to parse parameters, " + subprocess_msg
);
1885 ret
= execute_rename(op_state
, &subprocess_msg
, y
);
1887 set_err_msg(err_msg
, "unable to rename user, " + subprocess_msg
);
1894 int RGWUser::execute_remove(RGWUserAdminOpState
& op_state
, std::string
*err_msg
, optional_yield y
)
1898 bool purge_data
= op_state
.will_purge_data();
1899 rgw_user
& uid
= op_state
.get_user_id();
1900 RGWUserInfo user_info
= op_state
.get_user_info();
1902 if (!op_state
.has_existing_user()) {
1903 set_err_msg(err_msg
, "user does not exist");
1907 rgw::sal::RGWBucketList buckets
;
1909 CephContext
*cct
= store
->ctx();
1910 size_t max_buckets
= cct
->_conf
->rgw_list_buckets_max_chunk
;
1912 ret
= rgw_read_user_buckets(store
, uid
, buckets
, marker
, string(),
1913 max_buckets
, false, y
);
1915 set_err_msg(err_msg
, "unable to read user bucket info");
1919 auto& m
= buckets
.get_buckets();
1920 if (!m
.empty() && !purge_data
) {
1921 set_err_msg(err_msg
, "must specify purge data to remove user with buckets");
1922 return -EEXIST
; // change to code that maps to 409: conflict
1925 std::string prefix
, delimiter
;
1926 for (auto it
= m
.begin(); it
!= m
.end(); ++it
) {
1927 ret
= it
->second
->remove_bucket(true, prefix
, delimiter
, false, nullptr, y
);
1929 set_err_msg(err_msg
, "unable to delete user data");
1936 } while (buckets
.is_truncated());
1938 ret
= user_ctl
->remove_info(user_info
, y
, RGWUserCtl::RemoveParams()
1939 .set_objv_tracker(&op_state
.objv
));
1941 set_err_msg(err_msg
, "unable to remove user from RADOS");
1945 op_state
.clear_populated();
1951 int RGWUser::remove(RGWUserAdminOpState
& op_state
, optional_yield y
, std::string
*err_msg
)
1953 std::string subprocess_msg
;
1956 ret
= check_op(op_state
, &subprocess_msg
);
1958 set_err_msg(err_msg
, "unable to parse parameters, " + subprocess_msg
);
1962 ret
= execute_remove(op_state
, &subprocess_msg
, y
);
1964 set_err_msg(err_msg
, "unable to remove user, " + subprocess_msg
);
1971 int RGWUser::execute_modify(RGWUserAdminOpState
& op_state
, std::string
*err_msg
, optional_yield y
)
1973 bool populated
= op_state
.is_populated();
1975 std::string subprocess_msg
;
1976 std::string op_email
= op_state
.get_user_email();
1977 std::string display_name
= op_state
.get_display_name();
1979 RGWUserInfo user_info
;
1980 RGWUserInfo duplicate_check
;
1982 // ensure that the user info has been populated or is populate-able
1983 if (!op_state
.has_existing_user() && !populated
) {
1984 set_err_msg(err_msg
, "user not found");
1988 // if the user hasn't already been populated...attempt to
1990 ret
= init(op_state
, y
);
1992 set_err_msg(err_msg
, "unable to retrieve user info");
1997 // ensure that we can modify the user's attributes
1998 if (user_id
.compare(RGW_USER_ANON_ID
) == 0) {
1999 set_err_msg(err_msg
, "unable to modify anonymous user's info");
2003 user_info
= old_info
;
2005 std::string old_email
= old_info
.user_email
;
2006 if (!op_email
.empty()) {
2007 // make sure we are not adding a duplicate email
2008 if (old_email
!= op_email
) {
2009 ret
= rgw_get_user_info_by_email(user_ctl
, op_email
, duplicate_check
,y
);
2010 if (ret
>= 0 && duplicate_check
.user_id
.compare(user_id
) != 0) {
2011 set_err_msg(err_msg
, "cannot add duplicate email");
2012 return -ERR_EMAIL_EXIST
;
2015 user_info
.user_email
= op_email
;
2016 } else if (op_email
.empty() && op_state
.user_email_specified
) {
2017 ldout(store
->ctx(), 10) << "removing email index: " << user_info
.user_email
<< dendl
;
2018 /* will be physically removed later when calling update() */
2019 user_info
.user_email
.clear();
2022 // update the remaining user info
2023 if (!display_name
.empty())
2024 user_info
.display_name
= display_name
;
2026 if (op_state
.max_buckets_specified
)
2027 user_info
.max_buckets
= op_state
.get_max_buckets();
2029 if (op_state
.admin_specified
)
2030 user_info
.admin
= op_state
.admin
;
2032 if (op_state
.system_specified
)
2033 user_info
.system
= op_state
.system
;
2035 if (op_state
.temp_url_key_specified
) {
2036 map
<int, string
>::iterator iter
;
2037 for (iter
= op_state
.temp_url_keys
.begin();
2038 iter
!= op_state
.temp_url_keys
.end(); ++iter
) {
2039 user_info
.temp_url_keys
[iter
->first
] = iter
->second
;
2043 if (op_state
.op_mask_specified
)
2044 user_info
.op_mask
= op_state
.get_op_mask();
2046 if (op_state
.has_bucket_quota())
2047 user_info
.bucket_quota
= op_state
.get_bucket_quota();
2049 if (op_state
.has_user_quota())
2050 user_info
.user_quota
= op_state
.get_user_quota();
2052 if (op_state
.has_suspension_op()) {
2053 __u8 suspended
= op_state
.get_suspension_status();
2054 user_info
.suspended
= suspended
;
2056 rgw::sal::RGWBucketList buckets
;
2058 if (user_id
.empty()) {
2059 set_err_msg(err_msg
, "empty user id passed...aborting");
2064 CephContext
*cct
= store
->ctx();
2065 size_t max_buckets
= cct
->_conf
->rgw_list_buckets_max_chunk
;
2067 ret
= rgw_read_user_buckets(store
, user_id
, buckets
, marker
, string(),
2068 max_buckets
, false, y
);
2070 set_err_msg(err_msg
, "could not get buckets for uid: " + user_id
.to_str());
2074 auto& m
= buckets
.get_buckets();
2076 vector
<rgw_bucket
> bucket_names
;
2077 for (auto iter
= m
.begin(); iter
!= m
.end(); ++iter
) {
2078 auto& bucket
= iter
->second
;
2079 bucket_names
.push_back(bucket
->get_key());
2081 marker
= iter
->first
;
2084 ret
= store
->getRados()->set_buckets_enabled(bucket_names
, !suspended
);
2086 set_err_msg(err_msg
, "failed to modify bucket");
2090 } while (buckets
.is_truncated());
2093 if (op_state
.mfa_ids_specified
) {
2094 user_info
.mfa_ids
= op_state
.mfa_ids
;
2097 if (op_state
.default_placement_specified
) {
2098 user_info
.default_placement
= op_state
.default_placement
;
2101 if (op_state
.placement_tags_specified
) {
2102 user_info
.placement_tags
= op_state
.placement_tags
;
2105 op_state
.set_user_info(user_info
);
2107 // if we're supposed to modify keys, do so
2108 if (op_state
.has_key_op()) {
2109 ret
= keys
.add(op_state
, &subprocess_msg
, true, y
);
2111 set_err_msg(err_msg
, "unable to create or modify keys, " + subprocess_msg
);
2116 ret
= update(op_state
, err_msg
, y
);
2123 int RGWUser::modify(RGWUserAdminOpState
& op_state
, optional_yield y
, std::string
*err_msg
)
2125 std::string subprocess_msg
;
2128 ret
= check_op(op_state
, &subprocess_msg
);
2130 if (is_populated() && (user_id
.compare(op_state
.get_user_id()) != 0)) {
2131 set_err_msg(err_msg
, "unable to create user " + user_id
.to_str()
2132 + " because user id " + op_state
.get_user_id().to_str()
2133 + " already exists with email "
2134 + op_state
.get_user_email());
2136 set_err_msg(err_msg
, "unable to parse parameters, " + subprocess_msg
);
2141 ret
= execute_modify(op_state
, &subprocess_msg
, y
);
2143 set_err_msg(err_msg
, "unable to modify user, " + subprocess_msg
);
2150 int RGWUser::info(RGWUserAdminOpState
& op_state
, RGWUserInfo
& fetched_info
,
2151 optional_yield y
, std::string
*err_msg
)
2153 int ret
= init(op_state
, y
);
2155 set_err_msg(err_msg
, "unable to fetch user info");
2159 fetched_info
= op_state
.get_user_info();
2164 int RGWUser::info(RGWUserInfo
& fetched_info
, std::string
*err_msg
)
2166 if (!is_populated()) {
2167 set_err_msg(err_msg
, "no user info saved");
2171 fetched_info
= old_info
;
2176 int RGWUser::list(RGWUserAdminOpState
& op_state
, RGWFormatterFlusher
& flusher
)
2178 Formatter
*formatter
= flusher
.get_formatter();
2179 void *handle
= nullptr;
2180 std::string metadata_key
= "user";
2181 if (op_state
.max_entries
> 1000) {
2182 op_state
.max_entries
= 1000;
2185 auto meta_mgr
= store
->ctl()->meta
.mgr
;
2187 int ret
= meta_mgr
->list_keys_init(metadata_key
, op_state
.marker
, &handle
);
2192 bool truncated
= false;
2197 // open the result object section
2198 formatter
->open_object_section("result");
2200 // open the user id list array section
2201 formatter
->open_array_section("keys");
2203 std::list
<std::string
> keys
;
2204 left
= op_state
.max_entries
- count
;
2205 ret
= meta_mgr
->list_keys_next(handle
, left
, keys
, &truncated
);
2206 if (ret
< 0 && ret
!= -ENOENT
) {
2208 } if (ret
!= -ENOENT
) {
2209 for (std::list
<std::string
>::iterator iter
= keys
.begin(); iter
!= keys
.end(); ++iter
) {
2210 formatter
->dump_string("key", *iter
);
2214 } while (truncated
&& left
> 0);
2215 // close user id list section
2216 formatter
->close_section();
2218 formatter
->dump_bool("truncated", truncated
);
2219 formatter
->dump_int("count", count
);
2221 formatter
->dump_string("marker", meta_mgr
->get_marker(handle
));
2224 // close result object section
2225 formatter
->close_section();
2227 meta_mgr
->list_keys_complete(handle
);
2233 int RGWUserAdminOp_User::list(rgw::sal::RGWRadosStore
*store
, RGWUserAdminOpState
& op_state
,
2234 RGWFormatterFlusher
& flusher
)
2238 int ret
= user
.init_storage(store
);
2242 ret
= user
.list(op_state
, flusher
);
2249 int RGWUserAdminOp_User::info(rgw::sal::RGWRadosStore
*store
, RGWUserAdminOpState
& op_state
,
2250 RGWFormatterFlusher
& flusher
,
2256 int ret
= user
.init(store
, op_state
, y
);
2260 if (!op_state
.has_existing_user())
2261 return -ERR_NO_SUCH_USER
;
2263 Formatter
*formatter
= flusher
.get_formatter();
2265 ret
= user
.info(info
, NULL
);
2269 if (op_state
.sync_stats
) {
2270 ret
= rgw_user_sync_all_stats(store
, info
.user_id
, y
);
2276 RGWStorageStats stats
;
2277 RGWStorageStats
*arg_stats
= NULL
;
2278 if (op_state
.fetch_stats
) {
2279 int ret
= store
->ctl()->user
->read_stats(info
.user_id
, &stats
, y
);
2280 if (ret
< 0 && ret
!= -ENOENT
) {
2290 dump_user_info(formatter
, info
, arg_stats
);
2297 int RGWUserAdminOp_User::create(rgw::sal::RGWRadosStore
*store
,
2298 RGWUserAdminOpState
& op_state
,
2299 RGWFormatterFlusher
& flusher
, optional_yield y
)
2303 int ret
= user
.init(store
, op_state
, y
);
2307 Formatter
*formatter
= flusher
.get_formatter();
2309 ret
= user
.add(op_state
, y
, NULL
);
2312 ret
= -ERR_USER_EXIST
;
2316 ret
= user
.info(info
, NULL
);
2323 dump_user_info(formatter
, info
);
2330 int RGWUserAdminOp_User::modify(rgw::sal::RGWRadosStore
*store
,
2331 RGWUserAdminOpState
& op_state
,
2332 RGWFormatterFlusher
& flusher
, optional_yield y
)
2336 int ret
= user
.init(store
, op_state
, y
);
2339 Formatter
*formatter
= flusher
.get_formatter();
2341 ret
= user
.modify(op_state
, y
, NULL
);
2344 ret
= -ERR_NO_SUCH_USER
;
2348 ret
= user
.info(info
, NULL
);
2355 dump_user_info(formatter
, info
);
2362 int RGWUserAdminOp_User::remove(rgw::sal::RGWRadosStore
*store
, RGWUserAdminOpState
& op_state
,
2363 RGWFormatterFlusher
& flusher
, optional_yield y
)
2367 int ret
= user
.init(store
, op_state
, y
);
2372 ret
= user
.remove(op_state
, y
, NULL
);
2375 ret
= -ERR_NO_SUCH_USER
;
2379 int RGWUserAdminOp_Subuser::create(rgw::sal::RGWRadosStore
*store
,
2380 RGWUserAdminOpState
& op_state
,
2381 RGWFormatterFlusher
& flusher
,
2386 int ret
= user
.init(store
, op_state
, y
);
2390 if (!op_state
.has_existing_user())
2391 return -ERR_NO_SUCH_USER
;
2393 Formatter
*formatter
= flusher
.get_formatter();
2395 ret
= user
.subusers
.add(op_state
, y
, NULL
);
2399 ret
= user
.info(info
, NULL
);
2406 dump_subusers_info(formatter
, info
);
2413 int RGWUserAdminOp_Subuser::modify(rgw::sal::RGWRadosStore
*store
, RGWUserAdminOpState
& op_state
,
2414 RGWFormatterFlusher
& flusher
, optional_yield y
)
2418 int ret
= user
.init(store
, op_state
, y
);
2422 if (!op_state
.has_existing_user())
2423 return -ERR_NO_SUCH_USER
;
2425 Formatter
*formatter
= flusher
.get_formatter();
2427 ret
= user
.subusers
.modify(op_state
, y
, NULL
);
2431 ret
= user
.info(info
, NULL
);
2438 dump_subusers_info(formatter
, info
);
2445 int RGWUserAdminOp_Subuser::remove(rgw::sal::RGWRadosStore
*store
,
2446 RGWUserAdminOpState
& op_state
,
2447 RGWFormatterFlusher
& flusher
,
2452 int ret
= user
.init(store
, op_state
, y
);
2457 if (!op_state
.has_existing_user())
2458 return -ERR_NO_SUCH_USER
;
2460 ret
= user
.subusers
.remove(op_state
, y
, NULL
);
2467 int RGWUserAdminOp_Key::create(rgw::sal::RGWRadosStore
*store
, RGWUserAdminOpState
& op_state
,
2468 RGWFormatterFlusher
& flusher
,
2473 int ret
= user
.init(store
, op_state
, y
);
2477 if (!op_state
.has_existing_user())
2478 return -ERR_NO_SUCH_USER
;
2480 Formatter
*formatter
= flusher
.get_formatter();
2482 ret
= user
.keys
.add(op_state
, y
, NULL
);
2486 ret
= user
.info(info
, NULL
);
2493 int key_type
= op_state
.get_key_type();
2495 if (key_type
== KEY_TYPE_SWIFT
)
2496 dump_swift_keys_info(formatter
, info
);
2498 else if (key_type
== KEY_TYPE_S3
)
2499 dump_access_keys_info(formatter
, info
);
2507 int RGWUserAdminOp_Key::remove(rgw::sal::RGWRadosStore
*store
,
2508 RGWUserAdminOpState
& op_state
,
2509 RGWFormatterFlusher
& flusher
,
2514 int ret
= user
.init(store
, op_state
, y
);
2518 if (!op_state
.has_existing_user())
2519 return -ERR_NO_SUCH_USER
;
2522 ret
= user
.keys
.remove(op_state
, y
, NULL
);
2529 int RGWUserAdminOp_Caps::add(rgw::sal::RGWRadosStore
*store
,
2530 RGWUserAdminOpState
& op_state
,
2531 RGWFormatterFlusher
& flusher
, optional_yield y
)
2535 int ret
= user
.init(store
, op_state
, y
);
2539 if (!op_state
.has_existing_user())
2540 return -ERR_NO_SUCH_USER
;
2542 Formatter
*formatter
= flusher
.get_formatter();
2544 ret
= user
.caps
.add(op_state
, y
, NULL
);
2548 ret
= user
.info(info
, NULL
);
2555 info
.caps
.dump(formatter
);
2563 int RGWUserAdminOp_Caps::remove(rgw::sal::RGWRadosStore
*store
,
2564 RGWUserAdminOpState
& op_state
,
2565 RGWFormatterFlusher
& flusher
, optional_yield y
)
2569 int ret
= user
.init(store
, op_state
, y
);
2573 if (!op_state
.has_existing_user())
2574 return -ERR_NO_SUCH_USER
;
2576 Formatter
*formatter
= flusher
.get_formatter();
2578 ret
= user
.caps
.remove(op_state
, y
, NULL
);
2582 ret
= user
.info(info
, NULL
);
2589 info
.caps
.dump(formatter
);
2596 class RGWUserMetadataHandler
: public RGWMetadataHandler_GenericMetaBE
{
2599 RGWSI_User
*user
{nullptr};
2602 RGWUserMetadataHandler(RGWSI_User
*user_svc
) {
2603 base_init(user_svc
->ctx(), user_svc
->get_be_handler());
2604 svc
.user
= user_svc
;
2607 string
get_type() override
{ return "user"; }
2609 int do_get(RGWSI_MetaBackend_Handler::Op
*op
, string
& entry
, RGWMetadataObject
**obj
, optional_yield y
) override
{
2610 RGWUserCompleteInfo uci
;
2611 RGWObjVersionTracker objv_tracker
;
2614 rgw_user user
= RGWSI_User::user_from_meta_key(entry
);
2616 int ret
= svc
.user
->read_user_info(op
->ctx(), user
, &uci
.info
, &objv_tracker
,
2617 &mtime
, nullptr, &uci
.attrs
,
2623 RGWUserMetadataObject
*mdo
= new RGWUserMetadataObject(uci
, objv_tracker
.read_version
, mtime
);
2629 RGWMetadataObject
*get_meta_obj(JSONObj
*jo
, const obj_version
& objv
, const ceph::real_time
& mtime
) override
{
2630 RGWUserCompleteInfo uci
;
2633 decode_json_obj(uci
, jo
);
2634 } catch (JSONDecoder::err
& e
) {
2638 return new RGWUserMetadataObject(uci
, objv
, mtime
);
2641 int do_put(RGWSI_MetaBackend_Handler::Op
*op
, string
& entry
,
2642 RGWMetadataObject
*obj
,
2643 RGWObjVersionTracker
& objv_tracker
,
2645 RGWMDLogSyncType type
, bool from_remote_zone
) override
;
2647 int do_remove(RGWSI_MetaBackend_Handler::Op
*op
, string
& entry
, RGWObjVersionTracker
& objv_tracker
,
2648 optional_yield y
) override
{
2651 rgw_user user
= RGWSI_User::user_from_meta_key(entry
);
2653 int ret
= svc
.user
->read_user_info(op
->ctx(), user
, &info
, nullptr,
2654 nullptr, nullptr, nullptr,
2660 return svc
.user
->remove_user_info(op
->ctx(), info
, &objv_tracker
,
2665 class RGWMetadataHandlerPut_User
: public RGWMetadataHandlerPut_SObj
2667 RGWUserMetadataHandler
*uhandler
;
2668 RGWUserMetadataObject
*uobj
;
2670 RGWMetadataHandlerPut_User(RGWUserMetadataHandler
*_handler
,
2671 RGWSI_MetaBackend_Handler::Op
*op
, string
& entry
,
2672 RGWMetadataObject
*obj
, RGWObjVersionTracker
& objv_tracker
,
2674 RGWMDLogSyncType type
, bool from_remote_zone
) : RGWMetadataHandlerPut_SObj(_handler
, op
, entry
, obj
, objv_tracker
, y
, type
, from_remote_zone
),
2675 uhandler(_handler
) {
2676 uobj
= static_cast<RGWUserMetadataObject
*>(obj
);
2679 int put_checked() override
;
2682 int RGWUserMetadataHandler::do_put(RGWSI_MetaBackend_Handler::Op
*op
, string
& entry
,
2683 RGWMetadataObject
*obj
,
2684 RGWObjVersionTracker
& objv_tracker
,
2686 RGWMDLogSyncType type
, bool from_remote_zone
)
2688 RGWMetadataHandlerPut_User
put_op(this, op
, entry
, obj
, objv_tracker
, y
, type
, from_remote_zone
);
2689 return do_put_operate(&put_op
);
2692 int RGWMetadataHandlerPut_User::put_checked()
2694 RGWUserMetadataObject
*orig_obj
= static_cast<RGWUserMetadataObject
*>(old_obj
);
2695 RGWUserCompleteInfo
& uci
= uobj
->get_uci();
2697 map
<string
, bufferlist
> *pattrs
{nullptr};
2698 if (uci
.has_attrs
) {
2699 pattrs
= &uci
.attrs
;
2702 RGWUserInfo
*pold_info
= (orig_obj
? &orig_obj
->get_uci().info
: nullptr);
2704 auto mtime
= obj
->get_mtime();
2706 int ret
= uhandler
->svc
.user
->store_user_info(op
->ctx(), uci
.info
, pold_info
,
2707 &objv_tracker
, mtime
,
2713 return STATUS_APPLIED
;
2717 RGWUserCtl::RGWUserCtl(RGWSI_Zone
*zone_svc
,
2718 RGWSI_User
*user_svc
,
2719 RGWUserMetadataHandler
*_umhandler
) : umhandler(_umhandler
) {
2720 svc
.zone
= zone_svc
;
2721 svc
.user
= user_svc
;
2722 be_handler
= umhandler
->get_be_handler();
2726 class optional_default
2728 const std::optional
<T
>& opt
;
2729 std::optional
<T
> def
;
2732 optional_default(const std::optional
<T
>& _o
) : opt(_o
) {
2741 const T
*operator->() {
2745 const T
& operator*() {
2750 int RGWUserCtl::get_info_by_uid(const rgw_user
& uid
,
2753 const GetParams
& params
)
2756 return be_handler
->call([&](RGWSI_MetaBackend_Handler::Op
*op
) {
2757 return svc
.user
->read_user_info(op
->ctx(),
2760 params
.objv_tracker
,
2768 int RGWUserCtl::get_info_by_email(const string
& email
,
2771 const GetParams
& params
)
2773 return be_handler
->call([&](RGWSI_MetaBackend_Handler::Op
*op
) {
2774 return svc
.user
->get_user_info_by_email(op
->ctx(), email
,
2776 params
.objv_tracker
,
2782 int RGWUserCtl::get_info_by_swift(const string
& swift_name
,
2785 const GetParams
& params
)
2787 return be_handler
->call([&](RGWSI_MetaBackend_Handler::Op
*op
) {
2788 return svc
.user
->get_user_info_by_swift(op
->ctx(), swift_name
,
2790 params
.objv_tracker
,
2796 int RGWUserCtl::get_info_by_access_key(const string
& access_key
,
2799 const GetParams
& params
)
2801 return be_handler
->call([&](RGWSI_MetaBackend_Handler::Op
*op
) {
2802 return svc
.user
->get_user_info_by_access_key(op
->ctx(), access_key
,
2804 params
.objv_tracker
,
2810 int RGWUserCtl::get_attrs_by_uid(const rgw_user
& user_id
,
2811 map
<string
, bufferlist
> *pattrs
,
2813 RGWObjVersionTracker
*objv_tracker
)
2815 RGWUserInfo user_info
;
2817 return get_info_by_uid(user_id
, &user_info
, y
, RGWUserCtl::GetParams()
2819 .set_objv_tracker(objv_tracker
));
2822 int RGWUserCtl::store_info(const RGWUserInfo
& info
, optional_yield y
,
2823 const PutParams
& params
)
2825 string key
= RGWSI_User::get_meta_key(info
.user_id
);
2827 return be_handler
->call([&](RGWSI_MetaBackend_Handler::Op
*op
) {
2828 return svc
.user
->store_user_info(op
->ctx(), info
,
2830 params
.objv_tracker
,
2838 int RGWUserCtl::remove_info(const RGWUserInfo
& info
, optional_yield y
,
2839 const RemoveParams
& params
)
2842 string key
= RGWSI_User::get_meta_key(info
.user_id
);
2844 return be_handler
->call([&](RGWSI_MetaBackend_Handler::Op
*op
) {
2845 return svc
.user
->remove_user_info(op
->ctx(), info
,
2846 params
.objv_tracker
,
2851 int RGWUserCtl::add_bucket(const rgw_user
& user
,
2852 const rgw_bucket
& bucket
,
2853 ceph::real_time creation_time
,
2857 return be_handler
->call([&](RGWSI_MetaBackend_Handler::Op
*op
) {
2858 return svc
.user
->add_bucket(op
->ctx(), user
, bucket
, creation_time
, y
);
2862 int RGWUserCtl::remove_bucket(const rgw_user
& user
,
2863 const rgw_bucket
& bucket
,
2867 return be_handler
->call([&](RGWSI_MetaBackend_Handler::Op
*op
) {
2868 return svc
.user
->remove_bucket(op
->ctx(), user
, bucket
, y
);
2872 int RGWUserCtl::list_buckets(const rgw_user
& user
,
2873 const string
& marker
,
2874 const string
& end_marker
,
2877 RGWUserBuckets
*buckets
,
2880 uint64_t default_max
)
2886 return be_handler
->call([&](RGWSI_MetaBackend_Handler::Op
*op
) {
2887 int ret
= svc
.user
->list_buckets(op
->ctx(), user
, marker
, end_marker
,
2888 max
, buckets
, is_truncated
, y
);
2893 map
<string
, RGWBucketEnt
>& m
= buckets
->get_buckets();
2894 ret
= ctl
.bucket
->read_buckets_stats(m
, y
);
2895 if (ret
< 0 && ret
!= -ENOENT
) {
2896 ldout(svc
.user
->ctx(), 0) << "ERROR: could not get stats for buckets" << dendl
;
2904 int RGWUserCtl::flush_bucket_stats(const rgw_user
& user
,
2905 const RGWBucketEnt
& ent
,
2908 return be_handler
->call([&](RGWSI_MetaBackend_Handler::Op
*op
) {
2909 return svc
.user
->flush_bucket_stats(op
->ctx(), user
, ent
, y
);
2913 int RGWUserCtl::complete_flush_stats(const rgw_user
& user
, optional_yield y
)
2915 return be_handler
->call([&](RGWSI_MetaBackend_Handler::Op
*op
) {
2916 return svc
.user
->complete_flush_stats(op
->ctx(), user
, y
);
2920 int RGWUserCtl::reset_stats(const rgw_user
& user
, optional_yield y
)
2922 return be_handler
->call([&](RGWSI_MetaBackend_Handler::Op
*op
) {
2923 return svc
.user
->reset_bucket_stats(op
->ctx(), user
, y
);
2927 int RGWUserCtl::read_stats(const rgw_user
& user
, RGWStorageStats
*stats
,
2929 ceph::real_time
*last_stats_sync
,
2930 ceph::real_time
*last_stats_update
)
2932 return be_handler
->call([&](RGWSI_MetaBackend_Handler::Op
*op
) {
2933 return svc
.user
->read_stats(op
->ctx(), user
, stats
,
2934 last_stats_sync
, last_stats_update
, y
);
2938 int RGWUserCtl::read_stats_async(const rgw_user
& user
, RGWGetUserStats_CB
*cb
)
2940 return be_handler
->call([&](RGWSI_MetaBackend_Handler::Op
*op
) {
2941 return svc
.user
->read_stats_async(op
->ctx(), user
, cb
);
2945 RGWMetadataHandler
*RGWUserMetaHandlerAllocator::alloc(RGWSI_User
*user_svc
) {
2946 return new RGWUserMetadataHandler(user_svc
);