diff options
author | Casey Bodley <cbodley@redhat.com> | 2024-02-11 18:21:45 +0100 |
---|---|---|
committer | Casey Bodley <cbodley@redhat.com> | 2024-04-10 19:09:16 +0200 |
commit | 386276ed00e3619e119bdd18d6fe20b656d2f05d (patch) | |
tree | bd5467b4513e295ef788c3c26f54532bf69d74e8 /src/rgw/rgw_rest_iam.cc | |
parent | rgw/iam: ListUserPolicies supports Marker/MaxItems (diff) | |
download | ceph-386276ed00e3619e119bdd18d6fe20b656d2f05d.tar.xz ceph-386276ed00e3619e119bdd18d6fe20b656d2f05d.zip |
rgw/iam: add Group/GroupPolicy APIs
Signed-off-by: Casey Bodley <cbodley@redhat.com>
Diffstat (limited to 'src/rgw/rgw_rest_iam.cc')
-rw-r--r-- | src/rgw/rgw_rest_iam.cc | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/src/rgw/rgw_rest_iam.cc b/src/rgw/rgw_rest_iam.cc index 80b4228b513..079a9f46071 100644 --- a/src/rgw/rgw_rest_iam.cc +++ b/src/rgw/rgw_rest_iam.cc @@ -10,6 +10,7 @@ #include "rgw_rest_role.h" #include "rgw_rest_user_policy.h" #include "rgw_rest_oidc_provider.h" +#include "rgw_rest_iam_group.h" #include "rgw_rest_iam_user.h" #include "rgw_rest_conn.h" #include "driver/rados/rgw_zone.h" @@ -57,6 +58,21 @@ static const std::unordered_map<std::string_view, op_generator> op_generators = {"UpdateAccessKey", make_iam_update_access_key_op}, {"DeleteAccessKey", make_iam_delete_access_key_op}, {"ListAccessKeys", make_iam_list_access_keys_op}, + {"CreateGroup", make_iam_create_group_op}, + {"GetGroup", make_iam_get_group_op}, + {"UpdateGroup", make_iam_update_group_op}, + {"DeleteGroup", make_iam_delete_group_op}, + {"ListGroups", make_iam_list_groups_op}, + {"AddUserToGroup", make_iam_add_user_to_group_op}, + {"RemoveUserFromGroup", make_iam_remove_user_from_group_op}, + {"ListGroupsForUser", make_iam_list_groups_for_user_op}, + {"PutGroupPolicy", make_iam_put_group_policy_op}, + {"GetGroupPolicy", make_iam_get_group_policy_op}, + {"ListGroupPolicies", make_iam_list_group_policies_op}, + {"DeleteGroupPolicy", make_iam_delete_group_policy_op}, + {"AttachGroupPolicy", make_iam_attach_group_policy_op}, + {"DetachGroupPolicy", make_iam_detach_group_policy_op}, + {"ListAttachedGroupPolicies", make_iam_list_attached_group_policies_op}, }; bool RGWHandler_REST_IAM::action_exists(const req_state* s) @@ -189,6 +205,26 @@ bool validate_iam_role_name(const std::string& name, std::string& err) return true; } +static constexpr size_t MAX_GROUP_NAME_LEN = 128; + +bool validate_iam_group_name(const std::string& name, std::string& err) +{ + if (name.empty()) { + err = "Missing required element GroupName"; + return false; + } + if (name.size() > MAX_GROUP_NAME_LEN) { + err = "GroupName too long"; + return false; + } + const std::regex pattern("[\\w+=,.@-]+"); + if (!std::regex_match(name, pattern)) { + err = "GroupName contains invalid characters"; + return false; + } + return true; +} + static constexpr size_t MAX_PATH_LEN = 512; bool validate_iam_path(const std::string& path, std::string& err) @@ -220,6 +256,16 @@ std::string iam_user_arn(const RGWUserInfo& info) acct, path, info.display_name); } +std::string iam_group_arn(const RGWGroupInfo& info) +{ + std::string_view path = info.path; + if (path.empty()) { + path = "/"; + } + return fmt::format("arn:aws:iam::{}:group{}{}", + info.account_id, path, info.name); +} + int forward_iam_request_to_master(const DoutPrefixProvider* dpp, const rgw::SiteConfig& site, const RGWUserInfo& user, |