diff options
38 files changed, 406 insertions, 379 deletions
diff --git a/src/rgw/librgw.cc b/src/rgw/librgw.cc index a2f6e141f32..23e5e099180 100644 --- a/src/rgw/librgw.cc +++ b/src/rgw/librgw.cc @@ -303,7 +303,7 @@ namespace rgw { if (ret < 0) { if (s->system_request) { dout(2) << "overriding permissions due to system operation" << dendl; - } else if (s->auth.identity->is_admin_of(s->user->user_id)) { + } else if (s->auth.identity->is_admin_of(s->user->get_id())) { dout(2) << "overriding permissions due to admin operation" << dendl; } else { abort_req(s, op, ret); @@ -423,7 +423,7 @@ namespace rgw { if (ret < 0) { if (s->system_request) { dout(2) << "overriding permissions due to system operation" << dendl; - } else if (s->auth.identity->is_admin_of(s->user->user_id)) { + } else if (s->auth.identity->is_admin_of(s->user->get_id())) { dout(2) << "overriding permissions due to admin operation" << dendl; } else { abort_req(s, op, ret); @@ -677,8 +677,8 @@ namespace rgw { s->perm_mask = RGW_PERM_FULL_CONTROL; // populate the owner info - s->owner.set_id(s->user->user_id); - s->owner.set_name(s->user->display_name); + s->owner.set_id(s->user->get_id()); + s->owner.set_name(s->user->get_display_name()); return 0; } /* RGWHandler_Lib::authorize */ diff --git a/src/rgw/rgw_auth.cc b/src/rgw/rgw_auth.cc index e8db9fd3a59..cc2f822350c 100644 --- a/src/rgw/rgw_auth.cc +++ b/src/rgw/rgw_auth.cc @@ -9,6 +9,7 @@ #include "rgw_user.h" #include "rgw_http_client.h" #include "rgw_keystone.h" +#include "rgw_sal.h" #include "include/str_list.h" @@ -37,15 +38,14 @@ transform_old_authinfo(const req_state* const s) const uint32_t type; public: DummyIdentityApplier(CephContext* const cct, - const rgw_user& auth_id, + const sal::RGWUser* user, const int perm_mask, - const bool is_admin, - const uint32_t type) + const bool is_admin) : cct(cct), - id(auth_id), + id(user->get_id()), perm_mask(perm_mask), is_admin(is_admin), - type(type) { + type(user->get_type()) { } uint32_t get_perms_from_aclspec(const DoutPrefixProvider* dpp, const aclspec_t& aclspec) const override { @@ -96,12 +96,11 @@ transform_old_authinfo(const req_state* const s) return std::unique_ptr<rgw::auth::Identity>( new DummyIdentityApplier(s->cct, - s->user->user_id, + s->user, s->perm_mask, /* System user has admin permissions by default - it's supposed to pass * through any security check. */ - s->system_request, - s->user->type)); + s->system_request)); } } /* namespace auth */ @@ -285,7 +284,7 @@ rgw::auth::Strategy::apply(const DoutPrefixProvider *dpp, const rgw::auth::Strat /* Account used by a given RGWOp is decoupled from identity employed * in the authorization phase (RGWOp::verify_permissions). */ - applier->load_acct_info(dpp, *s->user); + applier->load_acct_info(dpp, s->user->get_info()); s->perm_mask = applier->get_perm_mask(); /* This is the single place where we pass req_state as a pointer @@ -676,7 +675,7 @@ void rgw::auth::RoleApplier::modify_request_state(const DoutPrefixProvider *dpp, for (auto it : role_policies) { try { bufferlist bl = bufferlist::static_from_string(it); - const rgw::IAM::Policy p(s->cct, s->user->user_id.tenant, bl); + const rgw::IAM::Policy p(s->cct, s->user->get_tenant(), bl); s->iam_user_policies.push_back(std::move(p)); } catch (rgw::IAM::PolicyParseException& e) { //Control shouldn't reach here as the policy has already been diff --git a/src/rgw/rgw_common.cc b/src/rgw/rgw_common.cc index 65421d6e130..13ea0524e6c 100644 --- a/src/rgw/rgw_common.cc +++ b/src/rgw/rgw_common.cc @@ -254,7 +254,7 @@ void req_info::rebuild_from(req_info& src) } -req_state::req_state(CephContext* _cct, RGWEnv* e, RGWUserInfo* u, uint64_t id) +req_state::req_state(CephContext* _cct, RGWEnv* e, rgw::sal::RGWUser* u, uint64_t id) : cct(_cct), user(u), info(_cct, e), id(id) { @@ -1744,9 +1744,9 @@ void RGWUserCaps::decode_json(JSONObj *obj) } } -int RGWUserCaps::check_cap(const string& cap, uint32_t perm) +int RGWUserCaps::check_cap(const string& cap, uint32_t perm) const { - map<string, uint32_t>::iterator iter = caps.find(cap); + auto iter = caps.find(cap); if ((iter == caps.end()) || (iter->second & perm) != perm) { diff --git a/src/rgw/rgw_common.h b/src/rgw/rgw_common.h index 6af3de23af6..38aa7e08e47 100644 --- a/src/rgw/rgw_common.h +++ b/src/rgw/rgw_common.h @@ -41,6 +41,10 @@ namespace ceph { class Formatter; } +namespace rgw::sal { + class RGWUser; +} + using ceph::crypto::MD5; @@ -614,7 +618,7 @@ public: decode(caps, bl); DECODE_FINISH(bl); } - int check_cap(const string& cap, uint32_t perm); + int check_cap(const string& cap, uint32_t perm) const; bool is_valid_cap_type(const string& tp); void dump(Formatter *f) const; void dump(Formatter *f, const char *name) const; @@ -2027,7 +2031,7 @@ struct req_state : DoutPrefixProvider { bool has_bad_meta{false}; - RGWUserInfo *user; + rgw::sal::RGWUser *user; struct { /* TODO(rzarzynski): switch out to the static_ptr for both members. */ @@ -2108,7 +2112,7 @@ struct req_state : DoutPrefixProvider { /// optional coroutine context optional_yield yield{null_yield}; - req_state(CephContext* _cct, RGWEnv* e, RGWUserInfo* u, uint64_t id); + req_state(CephContext* _cct, RGWEnv* e, rgw::sal::RGWUser* u, uint64_t id); ~req_state(); bool is_err() const { return err.is_err(); } diff --git a/src/rgw/rgw_cr_tools.cc b/src/rgw/rgw_cr_tools.cc index b2ced7da5c5..ff904c3ca51 100644 --- a/src/rgw/rgw_cr_tools.cc +++ b/src/rgw/rgw_cr_tools.cc @@ -137,7 +137,7 @@ int RGWBucketCreateLocalCR::Request::_send_request() bucket_owner.set_id(user); bucket_owner.set_name(user_info->display_name); if (bucket_exists) { - ret = rgw_op_get_bucket_policy_from_attr(cct, store->ctl()->user, bucket_info, + ret = rgw_op_get_bucket_policy_from_attr(cct, store, bucket_info, bucket_attrs, &old_policy); if (ret >= 0) { if (old_policy.get_owner().get_id().compare(user) != 0) { diff --git a/src/rgw/rgw_file.cc b/src/rgw/rgw_file.cc index 58fe74ba9c0..38ae6467611 100644 --- a/src/rgw/rgw_file.cc +++ b/src/rgw/rgw_file.cc @@ -76,7 +76,8 @@ namespace rgw { { LookupFHResult fhr{nullptr, 0}; std::string bucket_name{path}; - RGWStatBucketRequest req(cct, get_user(), bucket_name, bs); + rgw::sal::RGWRadosUser ruser(rgwlib.get_store(), user); + RGWStatBucketRequest req(cct, &ruser, bucket_name, bs); int rc = rgwlib.get_fe()->execute_req(&req); if ((rc == 0) && @@ -162,6 +163,7 @@ namespace rgw { * object locator w/o trailing slash */ std::string obj_path = parent->format_child_name(path, false); + rgw::sal::RGWRadosUser ruser(rgwlib.get_store(), user); for (auto ix : { 0, 1, 2 }) { switch (ix) { @@ -171,7 +173,7 @@ namespace rgw { if (type == RGW_FS_TYPE_DIRECTORY) continue; - RGWStatObjRequest req(cct, get_user(), + RGWStatObjRequest req(cct, &ruser, parent->bucket_name(), obj_path, RGWStatObjRequest::FLAG_NONE); int rc = rgwlib.get_fe()->execute_req(&req); @@ -207,7 +209,7 @@ namespace rgw { continue; obj_path += "/"; - RGWStatObjRequest req(cct, get_user(), + RGWStatObjRequest req(cct, &ruser, parent->bucket_name(), obj_path, RGWStatObjRequest::FLAG_NONE); int rc = rgwlib.get_fe()->execute_req(&req); @@ -238,7 +240,7 @@ namespace rgw { case 2: { std::string object_name{path}; - RGWStatLeafRequest req(cct, get_user(), parent, object_name); + RGWStatLeafRequest req(cct, &ruser, parent, object_name); int rc = rgwlib.get_fe()->execute_req(&req); if ((rc == 0) && (req.get_ret() == 0)) { @@ -290,7 +292,8 @@ namespace rgw { if (rgw_fh->deleted()) return -ESTALE; - RGWReadRequest req(get_context(), get_user(), rgw_fh, offset, length, + rgw::sal::RGWRadosUser ruser(rgwlib.get_store(), user); + RGWReadRequest req(get_context(), &ruser, rgw_fh, offset, length, buffer); int rc = rgwlib.get_fe()->execute_req(&req); @@ -313,7 +316,8 @@ namespace rgw { if (rgw_fh->deleted()) return -ESTALE; - RGWReadRequest req(get_context(), get_user(), rgw_fh, offset, length, + rgw::sal::RGWRadosUser ruser(rgwlib.get_store(), user); + RGWReadRequest req(get_context(), &ruser, rgw_fh, offset, length, buffer); int rc = rgwlib.get_fe()->execute_req(&req); @@ -345,6 +349,7 @@ namespace rgw { /* LOCKED */ } + rgw::sal::RGWRadosUser ruser(rgwlib.get_store(), user); if (parent->is_root()) { /* a bucket may have an object storing Unix attributes, check * for and delete it */ @@ -371,14 +376,14 @@ namespace rgw { } else { /* delete object w/key "<bucket>/" (uxattrs), if any */ string oname{"/"}; - RGWDeleteObjRequest req(cct, get_user(), bkt_fh->bucket_name(), oname); + RGWDeleteObjRequest req(cct, &ruser, bkt_fh->bucket_name(), oname); rc = rgwlib.get_fe()->execute_req(&req); /* don't care if ENOENT */ unref(bkt_fh); } string bname{name}; - RGWDeleteBucketRequest req(cct, get_user(), bname); + RGWDeleteBucketRequest req(cct, &ruser, bname); rc = rgwlib.get_fe()->execute_req(&req); if (! rc) { rc = req.get_ret(); @@ -414,7 +419,7 @@ namespace rgw { } oname += "/"; } - RGWDeleteObjRequest req(cct, get_user(), parent->bucket_name(), + RGWDeleteObjRequest req(cct, &ruser, parent->bucket_name(), oname); rc = rgwlib.get_fe()->execute_req(&req); if (! rc) { @@ -448,6 +453,7 @@ namespace rgw { /* XXX initial implementation: try-copy, and delete if copy * succeeds */ int rc = -EINVAL; + rgw::sal::RGWRadosUser ruser(rgwlib.get_store(), user); real_time t; @@ -493,7 +499,7 @@ namespace rgw { switch (ix) { case 0: { - RGWCopyObjRequest req(cct, get_user(), src_fh, dst_fh, src_name, + RGWCopyObjRequest req(cct, &ruser, src_fh, dst_fh, src_name, dst_name); int rc = rgwlib.get_fe()->execute_req(&req); if ((rc != 0) || @@ -565,6 +571,7 @@ namespace rgw { { int rc, rc2; rgw_file_handle *lfh; + rgw::sal::RGWRadosUser ruser(rgwlib.get_store(), user); rc = rgw_lookup(get_fs(), parent->get_fh(), name, &lfh, nullptr /* st */, 0 /* mask */, @@ -614,7 +621,7 @@ namespace rgw { return mkr; } - RGWCreateBucketRequest req(get_context(), get_user(), bname); + RGWCreateBucketRequest req(get_context(), &ruser, bname); /* save attrs */ req.emplace_attr(RGW_ATTR_UNIX_KEY1, std::move(ux_key)); @@ -640,7 +647,7 @@ namespace rgw { return mkr; } - RGWPutObjRequest req(get_context(), get_user(), parent->bucket_name(), + RGWPutObjRequest req(get_context(), &ruser, parent->bucket_name(), dir_name, bl); /* save attrs */ @@ -699,7 +706,8 @@ namespace rgw { /* create it */ buffer::list bl; - RGWPutObjRequest req(cct, get_user(), parent->bucket_name(), obj_name, bl); + rgw::sal::RGWRadosUser ruser(rgwlib.get_store(), user); + RGWPutObjRequest req(cct, &ruser, parent->bucket_name(), obj_name, bl); MkObjResult mkr{nullptr, -EINVAL}; rc = rgwlib.get_fe()->execute_req(&req); @@ -809,7 +817,8 @@ namespace rgw { buffer::copy(link_path, strlen(link_path))); #endif - RGWPutObjRequest req(get_context(), get_user(), parent->bucket_name(), + rgw::sal::RGWRadosUser ruser(rgwlib.get_store(), user); + RGWPutObjRequest req(get_context(), &ruser, parent->bucket_name(), obj_name, bl); /* save attrs */ @@ -884,7 +893,8 @@ namespace rgw { obj_name += "/"; } - RGWSetAttrsRequest req(cct, get_user(), rgw_fh->bucket_name(), obj_name); + rgw::sal::RGWRadosUser ruser(rgwlib.get_store(), user); + RGWSetAttrsRequest req(cct, &ruser, rgw_fh->bucket_name(), obj_name); rgw_fh->create_stat(st, mask); rgw_fh->encode_attrs(ux_key, ux_attrs); @@ -901,7 +911,7 @@ namespace rgw { if (rc == -ENOENT) { /* special case: materialize placeholder dir */ buffer::list bl; - RGWPutObjRequest req(get_context(), get_user(), rgw_fh->bucket_name(), + RGWPutObjRequest req(get_context(), &ruser, rgw_fh->bucket_name(), obj_name, bl); rgw_fh->encode_attrs(ux_key, ux_attrs); /* because std::moved */ @@ -940,7 +950,8 @@ namespace rgw { << " update old versioned fh : " << obj_name << dendl; - RGWSetAttrsRequest req(cct, get_user(), rgw_fh->bucket_name(), obj_name); + rgw::sal::RGWRadosUser ruser(rgwlib.get_store(), user); + RGWSetAttrsRequest req(cct, &ruser, rgw_fh->bucket_name(), obj_name); rgw_fh->encode_attrs(ux_key, ux_attrs); @@ -1218,10 +1229,11 @@ namespace rgw { bool RGWFileHandle::has_children() const { + rgw::sal::RGWRadosUser ruser(rgwlib.get_store(), *fs->get_user()); if (unlikely(! is_dir())) return false; - RGWRMdirCheck req(fs->get_context(), fs->get_user(), this); + RGWRMdirCheck req(fs->get_context(), &ruser, this); int rc = rgwlib.get_fe()->execute_req(&req); if (! rc) { return req.valid && req.has_children; @@ -1252,6 +1264,7 @@ namespace rgw { int rc = 0; struct timespec now; CephContext* cct = fs->get_context(); + rgw::sal::RGWRadosUser ruser(rgwlib.get_store(), *fs->get_user()); lsubdout(cct, rgw, 10) << __func__ << " readdir called on " @@ -1276,7 +1289,7 @@ namespace rgw { } if (is_root()) { - RGWListBucketsRequest req(cct, fs->get_user(), this, rcb, cb_arg, + RGWListBucketsRequest req(cct, &ruser, this, rcb, cb_arg, offset); rc = rgwlib.get_fe()->execute_req(&req); if (! rc) { @@ -1289,7 +1302,7 @@ namespace rgw { *eof = req.eof(); } } else { - RGWReaddirRequest req(cct, fs->get_user(), this, rcb, cb_arg, offset); + RGWReaddirRequest req(cct, &ruser, this, rcb, cb_arg, offset); rc = rgwlib.get_fe()->execute_req(&req); if (! rc) { (void) clock_gettime(CLOCK_MONOTONIC_COARSE, &now); /* !LOCKED */ @@ -1319,6 +1332,7 @@ namespace rgw { { using std::get; using WriteCompletion = RGWLibFS::WriteCompletion; + rgw::sal::RGWRadosUser ruser(rgwlib.get_store(), *fs->get_user()); lock_guard guard(mtx); @@ -1357,7 +1371,7 @@ namespace rgw { /* start */ std::string object_name = relative_object_name(); f->write_req = - new RGWWriteRequest(fs->get_context(), fs->get_user(), this, + new RGWWriteRequest(fs->get_context(), &ruser, this, bucket_name(), object_name); rc = rgwlib.get_fe()->start_req(f->write_req); if (rc < 0) { @@ -1830,8 +1844,9 @@ int rgw_statfs(struct rgw_fs *rgw_fs, { RGWLibFS *fs = static_cast<RGWLibFS*>(rgw_fs->fs_private); struct rados_cluster_stat_t stats; + rgw::sal::RGWRadosUser ruser(rgwlib.get_store(), *fs->get_user()); - RGWGetClusterStatReq req(fs->get_context(), fs->get_user(), stats); + RGWGetClusterStatReq req(fs->get_context(), &ruser, stats); int rc = rgwlib.get_fe()->execute_req(&req); if (rc < 0) { lderr(fs->get_context()) << "ERROR: getting total cluster usage" @@ -2381,6 +2396,7 @@ int rgw_writev(struct rgw_fs *rgw_fs, struct rgw_file_handle *fh, CephContext* cct = static_cast<CephContext*>(rgw_fs->rgw); RGWLibFS *fs = static_cast<RGWLibFS*>(rgw_fs->fs_private); RGWFileHandle* rgw_fh = get_rgwfh(fh); + rgw::sal::RGWRadosUser ruser(rgwlib.get_store(), *fs->get_user()); if (! rgw_fh->is_file()) return -EINVAL; @@ -2394,7 +2410,7 @@ int rgw_writev(struct rgw_fs *rgw_fs, struct rgw_file_handle *fh, } std::string oname = rgw_fh->relative_object_name(); - RGWPutObjRequest req(cct, fs->get_user(), rgw_fh->bucket_name(), + RGWPutObjRequest req(cct, &ruser, rgw_fh->bucket_name(), oname, bl); int rc = rgwlib.get_fe()->execute_req(&req); diff --git a/src/rgw/rgw_file.h b/src/rgw/rgw_file.h index 026e70f585b..8132b24ac22 100644 --- a/src/rgw/rgw_file.h +++ b/src/rgw/rgw_file.h @@ -1317,7 +1317,7 @@ public: uint32_t d_count; bool rcb_eof; // caller forced early stop in readdir cycle - RGWListBucketsRequest(CephContext* _cct, RGWUserInfo *_user, + RGWListBucketsRequest(CephContext* _cct, rgw::sal::RGWUser *_user, RGWFileHandle* _rgw_fh, rgw_readdir_cb _rcb, void* _cb_arg, RGWFileHandle::readdir_offset& _offset) : RGWLibRequest(_cct, _user), rgw_fh(_rgw_fh), offset(_offset), @@ -1368,7 +1368,7 @@ public: // woo s->user = user; - s->bucket_tenant = user->user_id.tenant; + s->bucket_tenant = user->get_tenant(); return 0; } @@ -1451,7 +1451,7 @@ public: uint32_t d_count; bool rcb_eof; // caller forced early stop in readdir cycle - RGWReaddirRequest(CephContext* _cct, RGWUserInfo *_user, + RGWReaddirRequest(CephContext* _cct, rgw::sal::RGWUser *_user, RGWFileHandle* _rgw_fh, rgw_readdir_cb _rcb, void* _cb_arg, RGWFileHandle::readdir_offset& _offset) : RGWLibRequest(_cct, _user), rgw_fh(_rgw_fh), offset(_offset), @@ -1509,7 +1509,7 @@ public: // woo s->user = user; - s->bucket_tenant = user->user_id.tenant; + s->bucket_tenant = user->get_tenant(); prefix = rgw_fh->relative_object_name(); if (prefix.length() > 0) @@ -1682,7 +1682,7 @@ public: bool valid; bool has_children; - RGWRMdirCheck (CephContext* _cct, RGWUserInfo *_user, + RGWRMdirCheck (CephContext* _cct, rgw::sal::RGWUser *_user, const RGWFileHandle* _rgw_fh) : RGWLibRequest(_cct, _user), rgw_fh(_rgw_fh), valid(false), has_children(false) { @@ -1716,7 +1716,7 @@ public: s->info.domain = ""; /* XXX ? */ s->user = user; - s->bucket_tenant = user->user_id.tenant; + s->bucket_tenant = user->get_tenant(); prefix = rgw_fh->relative_object_name(); if (prefix.length() > 0) @@ -1764,7 +1764,7 @@ class RGWCreateBucketRequest : public RGWLibRequest, public: const std::string& bucket_name; - RGWCreateBucketRequest(CephContext* _cct, RGWUserInfo *_user, + RGWCreateBucketRequest(CephContext* _cct, rgw::sal::RGWUser *_user, std::string& _bname) : RGWLibRequest(_cct, _user), bucket_name(_bname) { op = this; @@ -1804,7 +1804,7 @@ public: // woo s->user = user; - s->bucket_tenant = user->user_id.tenant; + s->bucket_tenant = user->get_tenant(); return 0; } @@ -1833,7 +1833,7 @@ class RGWDeleteBucketRequest : public RGWLibRequest, public: const std::string& bucket_name; - RGWDeleteBucketRequest(CephContext* _cct, RGWUserInfo *_user, + RGWDeleteBucketRequest(CephContext* _cct, rgw::sal::RGWUser *_user, std::string& _bname) : RGWLibRequest(_cct, _user), bucket_name(_bname) { op = this; @@ -1868,7 +1868,7 @@ public: // woo s->user = user; - s->bucket_tenant = user->user_id.tenant; + s->bucket_tenant = user->get_tenant(); return 0; } @@ -1889,7 +1889,7 @@ public: buffer::list& bl; /* XXX */ size_t bytes_written; - RGWPutObjRequest(CephContext* _cct, RGWUserInfo *_user, + RGWPutObjRequest(CephContext* _cct, rgw::sal::RGWUser *_user, const std::string& _bname, const std::string& _oname, buffer::list& _bl) : RGWLibRequest(_cct, _user), bucket_name(_bname), obj_name(_oname), @@ -1934,7 +1934,7 @@ public: // woo s->user = user; - s->bucket_tenant = user->user_id.tenant; + s->bucket_tenant = user->get_tenant(); return 0; } @@ -1985,7 +1985,7 @@ public: size_t read_resid; /* initialize to len, <= sizeof(ulp_buffer) */ bool do_hexdump = false; - RGWReadRequest(CephContext* _cct, RGWUserInfo *_user, + RGWReadRequest(CephContext* _cct, rgw::sal::RGWUser *_user, RGWFileHandle* _rgw_fh, uint64_t off, uint64_t len, void *_ulp_buffer) : RGWLibRequest(_cct, _user), rgw_fh(_rgw_fh), ulp_buffer(_ulp_buffer), @@ -2029,7 +2029,7 @@ public: // woo s->user = user; - s->bucket_tenant = user->user_id.tenant; + s->bucket_tenant = user->get_tenant(); return 0; } @@ -2080,7 +2080,7 @@ public: const std::string& bucket_name; const std::string& obj_name; - RGWDeleteObjRequest(CephContext* _cct, RGWUserInfo *_user, + RGWDeleteObjRequest(CephContext* _cct, rgw::sal::RGWUser *_user, const std::string& _bname, const std::string& _oname) : RGWLibRequest(_cct, _user), bucket_name(_bname), obj_name(_oname) { op = this; @@ -2115,7 +2115,7 @@ public: // woo s->user = user; - s->bucket_tenant = user->user_id.tenant; + s->bucket_tenant = user->get_tenant(); return 0; } @@ -2135,7 +2135,7 @@ public: static constexpr uint32_t FLAG_NONE = 0x000; - RGWStatObjRequest(CephContext* _cct, RGWUserInfo *_user, + RGWStatObjRequest(CephContext* _cct, rgw::sal::RGWUser *_user, const std::string& _bname, const std::string& _oname, uint32_t _flags) : RGWLibRequest(_cct, _user), bucket_name(_bname), obj_name(_oname), @@ -2196,7 +2196,7 @@ public: // woo s->user = user; - s->bucket_tenant = user->user_id.tenant; + s->bucket_tenant = user->get_tenant(); return 0; } @@ -2232,7 +2232,7 @@ public: std::map<std::string, buffer::list> attrs; RGWLibFS::BucketStats& bs; - RGWStatBucketRequest(CephContext* _cct, RGWUserInfo *_user, + RGWStatBucketRequest(CephContext* _cct, rgw::sal::RGWUser *_user, const std::string& _path, RGWLibFS::BucketStats& _stats) : RGWLibRequest(_cct, _user), bs(_stats) { @@ -2277,7 +2277,7 @@ public: // woo s->user = user; - s->bucket_tenant = user->user_id.tenant; + s->bucket_tenant = user->get_tenant(); return 0; } @@ -2311,7 +2311,7 @@ public: bool is_dir; bool exact_matched; - RGWStatLeafRequest(CephContext* _cct, RGWUserInfo *_user, + RGWStatLeafRequest(CephContext* _cct, rgw::sal::RGWUser *_user, RGWFileHandle* _rgw_fh, const std::string& _path) : RGWLibRequest(_cct, _user), rgw_fh(_rgw_fh), path(_path), matched(false), is_dir(false), exact_matched(false) { @@ -2348,7 +2348,7 @@ public: // woo s->user = user; - s->bucket_tenant = user->user_id.tenant; + s->bucket_tenant = user->get_tenant(); prefix = rgw_fh->relative_object_name(); if (prefix.length() > 0) @@ -2429,7 +2429,7 @@ public: size_t bytes_written; bool eio; - RGWWriteRequest(CephContext* _cct, RGWUserInfo *_user, RGWFileHandle* _fh, + RGWWriteRequest(CephContext* _cct, rgw::sal::RGWUser *_user, RGWFileHandle* _fh, const std::string& _bname, const std::string& _oname) : RGWLibContinuedReq(_cct, _user), bucket_name(_bname), obj_name(_oname), @@ -2472,7 +2472,7 @@ public: // woo s->user = user; - s->bucket_tenant = user->user_id.tenant; + s->bucket_tenant = user->get_tenant(); return 0; } @@ -2526,7 +2526,7 @@ public: const std::string& src_name; const std::string& dst_name; - RGWCopyObjRequest(CephContext* _cct, RGWUserInfo *_user, + RGWCopyObjRequest(CephContext* _cct, rgw::sal::RGWUser *_user, RGWFileHandle* _src_parent, RGWFileHandle* _dst_parent, const std::string& _src_name, const std::string& _dst_name) : RGWLibRequest(_cct, _user), src_parent(_src_parent), @@ -2589,7 +2589,7 @@ public: // woo s->user = user; - s->bucket_tenant = user->user_id.tenant; + s->bucket_tenant = user->get_tenant(); return 0; } @@ -2615,7 +2615,7 @@ public: const std::string& bucket_name; const std::string& obj_name; - RGWSetAttrsRequest(CephContext* _cct, RGWUserInfo *_user, + RGWSetAttrsRequest(CephContext* _cct, rgw::sal::RGWUser *_user, const std::string& _bname, const std::string& _oname) : RGWLibRequest(_cct, _user), bucket_name(_bname), obj_name(_oname) { op = this; @@ -2650,7 +2650,7 @@ public: // woo s->user = user; - s->bucket_tenant = user->user_id.tenant; + s->bucket_tenant = user->get_tenant(); return 0; } @@ -2670,7 +2670,7 @@ class RGWGetClusterStatReq : public RGWLibRequest, public RGWGetClusterStat { public: struct rados_cluster_stat_t& stats_req; - RGWGetClusterStatReq(CephContext* _cct,RGWUserInfo *_user, + RGWGetClusterStatReq(CephContext* _cct,rgw::sal::RGWUser *_user, rados_cluster_stat_t& _stats): RGWLibRequest(_cct, _user), stats_req(_stats){ op = this; diff --git a/src/rgw/rgw_lib.h b/src/rgw/rgw_lib.h index c0cd65a2a8d..3117f3c3468 100644 --- a/src/rgw/rgw_lib.h +++ b/src/rgw/rgw_lib.h @@ -128,18 +128,18 @@ namespace rgw { public RGWHandler_Lib { public: CephContext* cct; - RGWUserInfo* user; + rgw::sal::RGWUser* user; boost::optional<RGWSysObjectCtx> sysobj_ctx; /* unambiguiously return req_state */ inline struct req_state* get_state() { return this->RGWRequest::s; } - RGWLibRequest(CephContext* _cct, RGWUserInfo* _user) + RGWLibRequest(CephContext* _cct, rgw::sal::RGWUser* _user) : RGWRequest(rgwlib.get_store()->getRados()->get_new_req_id()), cct(_cct), user(_user) {} - RGWUserInfo* get_user() { return user; } + rgw::sal::RGWUser* get_user() { return user; } int postauth_init() override { return 0; } @@ -190,7 +190,7 @@ namespace rgw { RGWObjectCtx rados_ctx; public: - RGWLibContinuedReq(CephContext* _cct, RGWUserInfo* _user) + RGWLibContinuedReq(CephContext* _cct, rgw::sal::RGWUser* _user) : RGWLibRequest(_cct, _user), io_ctx(), rstate(_cct, &io_ctx.get_env(), _user, id), rados_ctx(rgwlib.get_store(), &rstate) diff --git a/src/rgw/rgw_log.cc b/src/rgw/rgw_log.cc index 096917cde95..0bc0b5fbf28 100644 --- a/src/rgw/rgw_log.cc +++ b/src/rgw/rgw_log.cc @@ -200,10 +200,10 @@ static void log_usage(struct req_state *s, const string& op_name) if (!bucket_name.empty()) { user = s->bucket_owner.get_id(); if (s->bucket_info.requester_pays) { - payer = s->user->user_id; + payer = s->user->get_id(); } } else { - user = s->user->user_id; + user = s->user->get_id(); } bool error = s->err.is_err(); @@ -406,7 +406,7 @@ int rgw_log_op(RGWRados *store, RGWREST* const rest, struct req_state *s, } } - entry.user = s->user->user_id.to_str(); + entry.user = s->user->get_id().to_str(); if (s->object_acl) entry.object_owner = s->object_acl->get_owner().get_id(); entry.bucket_owner = s->bucket_owner.get_id(); diff --git a/src/rgw/rgw_notify.cc b/src/rgw/rgw_notify.cc index 0c41b679a11..87cea8f0c0a 100644 --- a/src/rgw/rgw_notify.cc +++ b/src/rgw/rgw_notify.cc @@ -21,7 +21,7 @@ void populate_record_from_request(const req_state *s, rgw_pubsub_s3_record& record) { record.eventTime = mtime; record.eventName = to_string(event_type); - record.userIdentity = s->user->user_id.id; // user that triggered the change + record.userIdentity = s->user->get_id().id; // user that triggered the change record.x_amz_request_id = s->req_id; // request ID of the original change record.x_amz_id_2 = s->host_id; // RGW on which the change was made // configurationId is filled from subscription configuration @@ -65,7 +65,7 @@ int publish(const req_state* s, const std::string& etag, EventType event_type, rgw::sal::RGWRadosStore* store) { - RGWUserPubSub ps_user(store, s->user->user_id); + RGWUserPubSub ps_user(store, s->user->get_id()); RGWUserPubSub::Bucket ps_bucket(&ps_user, s->bucket); rgw_pubsub_bucket_topics bucket_topics; auto rc = ps_bucket.get_topics(&bucket_topics); diff --git a/src/rgw/rgw_op.cc b/src/rgw/rgw_op.cc index 19ab3cc537a..dbffcfb1a6e 100644 --- a/src/rgw/rgw_op.cc +++ b/src/rgw/rgw_op.cc @@ -212,7 +212,7 @@ static int get_user_policy_from_attr(CephContext * const cct, * Returns: 0 on success, -ERR# otherwise. */ int rgw_op_get_bucket_policy_from_attr(CephContext *cct, - RGWUserCtl *user_ctl, + rgw::sal::RGWRadosStore *store, RGWBucketInfo& bucket_info, map<string, bufferlist>& bucket_attrs, RGWAccessControlPolicy *policy) @@ -225,13 +225,13 @@ int rgw_op_get_bucket_policy_from_attr(CephContext *cct, return ret; } else { ldout(cct, 0) << "WARNING: couldn't find acl header for bucket, generating default" << dendl; - RGWUserInfo uinfo; + rgw::sal::RGWRadosUser user(store); /* object exists, but policy is broken */ - int r = user_ctl->get_info_by_uid(bucket_info.owner, &uinfo, null_yield); + int r = user.get_by_id(bucket_info.owner, null_yield); if (r < 0) return r; - policy->create_default(bucket_info.owner, uinfo.display_name); + policy->create_default(bucket_info.owner, user.get_display_name()); } return 0; } @@ -260,12 +260,12 @@ static int get_obj_policy_from_attr(CephContext *cct, } else if (ret == -ENODATA) { /* object exists, but policy is broken */ ldout(cct, 0) << "WARNING: couldn't find acl header for object, generating default" << dendl; - RGWUserInfo uinfo; - ret = store->ctl()->user->get_info_by_uid(bucket_info.owner, &uinfo, y); + rgw::sal::RGWRadosUser user(store); + ret = user.get_by_id(bucket_info.owner, y); if (ret < 0) return ret; - policy->create_default(bucket_info.owner, uinfo.display_name); + policy->create_default(bucket_info.owner, user.get_display_name()); } if (storage_class) { @@ -449,7 +449,7 @@ static int modify_obj_attr(rgw::sal::RGWRadosStore *store, struct req_state *s, return store->getRados()->set_attrs(s->obj_ctx, s->bucket_info, read_op.state.obj, attrs, NULL, s->yield); } -static int read_bucket_policy(RGWUserCtl *user_ctl, +static int read_bucket_policy(rgw::sal::RGWRadosStore *store, struct req_state *s, RGWBucketInfo& bucket_info, map<string, bufferlist>& bucket_attrs, @@ -466,7 +466,7 @@ static int read_bucket_policy(RGWUserCtl *user_ctl, return 0; } - int ret = rgw_op_get_bucket_policy_from_attr(s->cct, user_ctl, bucket_info, bucket_attrs, policy); + int ret = rgw_op_get_bucket_policy_from_attr(s->cct, store, bucket_info, bucket_attrs, policy); if (ret == -ENOENT) { ret = -ERR_NO_SUCH_BUCKET; } @@ -512,12 +512,12 @@ static int read_obj_policy(rgw::sal::RGWRadosStore *store, /* object does not exist checking the bucket's ACL to make sure that we send a proper error code */ RGWAccessControlPolicy bucket_policy(s->cct); - ret = rgw_op_get_bucket_policy_from_attr(s->cct, store->ctl()->user, bucket_info, bucket_attrs, &bucket_policy); + ret = rgw_op_get_bucket_policy_from_attr(s->cct, store, bucket_info, bucket_attrs, &bucket_policy); if (ret < 0) { return ret; } const rgw_user& bucket_owner = bucket_policy.get_owner().get_id(); - if (bucket_owner.compare(s->user->user_id) != 0 && + if (bucket_owner.compare(s->user->get_id()) != 0 && ! s->auth.identity->is_admin_of(bucket_owner)) { if (policy) { auto r = policy->eval(s->env, *s->auth.identity, rgw::IAM::s3ListBucket, ARN(bucket)); @@ -548,7 +548,6 @@ int rgw_build_bucket_policies(rgw::sal::RGWRadosStore* store, struct req_state* { int ret = 0; rgw_obj_key obj; - RGWUserInfo bucket_owner_info; auto obj_ctx = store->svc()->sysobj->init_obj_ctx(); string bi = s->info.args.get(RGW_SYS_PARAM_PREFIX "bucket-instance"); @@ -566,7 +565,7 @@ int rgw_build_bucket_policies(rgw::sal::RGWRadosStore* store, struct req_state* /* We aren't allocating the account policy for those operations using * the Swift's infrastructure that don't really need req_state::user. * Typical example here is the implementation of /info. */ - if (!s->user->user_id.empty()) { + if (!s->user->get_id().empty()) { s->user_acl = std::make_unique<RGWAccessControlPolicy_SWIFTAcct>(s->cct); } s->bucket_acl = std::make_unique<RGWAccessControlPolicy_SWIFT>(s->cct); @@ -593,8 +592,8 @@ int rgw_build_bucket_policies(rgw::sal::RGWRadosStore* store, struct req_state* rgw_user uid; std::string display_name; } acct_acl_user = { - s->user->user_id, - s->user->display_name, + s->user->get_id(), + s->user->get_display_name(), }; if (!s->bucket_name.empty()) { @@ -623,7 +622,7 @@ int rgw_build_bucket_policies(rgw::sal::RGWRadosStore* store, struct req_state* s->bucket = s->bucket_info.bucket; if (s->bucket_exists) { - ret = read_bucket_policy(store->ctl()->user, s, s->bucket_info, s->bucket_attrs, + ret = read_bucket_policy(store, s, s->bucket_info, s->bucket_attrs, s->bucket_acl.get(), s->bucket); acct_acl_user = { s->bucket_info.owner, @@ -704,22 +703,22 @@ int rgw_build_bucket_policies(rgw::sal::RGWRadosStore* store, struct req_state* ret = 0; } else if (ret < 0) { ldpp_dout(s, 0) << "NOTICE: couldn't get user attrs for handling ACL " - "(user_id=" << s->user->user_id << ", ret=" << ret << ")" << dendl; + "(user_id=" << s->user->get_id() << ", ret=" << ret << ")" << dendl; return ret; } } // We don't need user policies in case of STS token returned by AssumeRole, // hence the check for user type - if (! s->user->user_id.empty() && s->auth.identity->get_identity_type() != TYPE_ROLE) { + if (! s->user->get_id().empty() && s->auth.identity->get_identity_type() != TYPE_ROLE) { try { map<string, bufferlist> uattrs; - if (ret = store->ctl()->user->get_attrs_by_uid(s->user->user_id, &uattrs, s->yield); ! ret) { + if (ret = store->ctl()->user->get_attrs_by_uid(s->user->get_id(), &uattrs, s->yield); ! ret) { if (s->iam_user_policies.empty()) { - s->iam_user_policies = get_iam_user_policy_from_attr(s->cct, store, uattrs, s->user->user_id.tenant); + s->iam_user_policies = get_iam_user_policy_from_attr(s->cct, store, uattrs, s->user->get_tenant()); } else { // This scenario can happen when a STS token has a policy, then we need to append other user policies // to the existing ones. (e.g. token returned by GetSessionToken) - auto user_policies = get_iam_user_policy_from_attr(s->cct, store, uattrs, s->user->user_id.tenant); + auto user_policies = get_iam_user_policy_from_attr(s->cct, store, uattrs, s->user->get_tenant()); s->iam_user_policies.insert(s->iam_user_policies.end(), user_policies.begin(), user_policies.end()); } } else { @@ -888,7 +887,7 @@ void rgw_build_iam_environment(rgw::sal::RGWRadosStore* store, // What to do about aws::userid? One can have multiple access // keys so that isn't really suitable. Do we have a durable // identifier that can persist through name changes? - s->env.emplace("aws:username", s->user->user_id.id); + s->env.emplace("aws:username", s->user->get_id().id); } i = m.find("HTTP_X_AMZ_SECURITY_TOKEN"); @@ -1006,9 +1005,9 @@ int RGWOp::verify_op_mask() uint32_t required_mask = op_mask(); ldpp_dout(this, 20) << "required_mask= " << required_mask - << " user.op_mask=" << s->user->op_mask << dendl; + << " user.op_mask=" << s->user->get_info().op_mask << dendl; - if ((s->user->op_mask & required_mask) != required_mask) { + if ((s->user->get_info().op_mask & required_mask) != required_mask) { return -EPERM; } @@ -1276,7 +1275,7 @@ int RGWOp::init_quota() return 0; /* init quota related stuff */ - if (!(s->user->op_mask & RGW_OP_TYPE_MODIFY)) { + if (!(s->user->get_info().op_mask & RGW_OP_TYPE_MODIFY)) { return 0; } @@ -1285,28 +1284,28 @@ int RGWOp::init_quota() return 0; } - RGWUserInfo owner_info; - RGWUserInfo *uinfo; + rgw::sal::RGWRadosUser owner_user(store); + rgw::sal::RGWUser *user; - if (s->user->user_id == s->bucket_owner.get_id()) { - uinfo = s->user; + if (s->user->get_id() == s->bucket_owner.get_id()) { + user = s->user; } else { - int r = store->ctl()->user->get_info_by_uid(s->bucket_info.owner, &owner_info, s->yield); + int r = owner_user.get_by_id(s->bucket_info.owner, s->yield); if (r < 0) return r; - uinfo = &owner_info; + user = &owner_user; } if (s->bucket_info.quota.enabled) { bucket_quota = s->bucket_info.quota; - } else if (uinfo->bucket_quota.enabled) { - bucket_quota = uinfo->bucket_quota; + } else if (user->get_info().bucket_quota.enabled) { + bucket_quota = user->get_info().bucket_quota; } else { bucket_quota = store->svc()->quota->get_bucket_quota(); } - if (uinfo->user_quota.enabled) { - user_quota = uinfo->user_quota; + if (user->get_info().user_quota.enabled) { + user_quota = user->get_info().user_quota; } else { user_quota = store->svc()->quota->get_user_quota(); } @@ -1553,7 +1552,7 @@ int RGWGetObj::read_user_manifest_part(rgw_bucket& bucket, * stored inside different accounts. */ if (s->system_request) { ldpp_dout(this, 2) << "overriding permissions due to system operation" << dendl; - } else if (s->auth.identity->is_admin_of(s->user->user_id)) { + } else if (s->auth.identity->is_admin_of(s->user->get_id())) { ldpp_dout(this, 2) << "overriding permissions due to admin operation" << dendl; } else if (!verify_object_permission(this, s, part, s->user_acl.get(), bucket_acl, &obj_policy, bucket_policy, s->iam_user_policies, action)) { @@ -1798,7 +1797,7 @@ int RGWGetObj::handle_user_manifest(const char *prefix) if (bucket_name.compare(s->bucket.name) != 0) { map<string, bufferlist> bucket_attrs; auto obj_ctx = store->svc()->sysobj->init_obj_ctx(); - int r = store->getRados()->get_bucket_info(store->svc(), s->user->user_id.tenant, + int r = store->getRados()->get_bucket_info(store->svc(), s->user->get_tenant(), bucket_name, bucket_info, NULL, s->yield, &bucket_attrs); if (r < 0) { @@ -1809,7 +1808,7 @@ int RGWGetObj::handle_user_manifest(const char *prefix) bucket = bucket_info.bucket; pbucket_info = &bucket_info; bucket_acl = &_bucket_acl; - r = read_bucket_policy(store->ctl()->user, s, bucket_info, bucket_attrs, bucket_acl, bucket); + r = read_bucket_policy(store, s, bucket_info, bucket_attrs, bucket_acl, bucket); if (r < 0) { ldpp_dout(this, 0) << "failed to read bucket policy" << dendl; return r; @@ -1932,7 +1931,7 @@ int RGWGetObj::handle_slo_manifest(bufferlist& bl) RGWBucketInfo bucket_info; map<string, bufferlist> bucket_attrs; auto obj_ctx = store->svc()->sysobj->init_obj_ctx(); - int r = store->getRados()->get_bucket_info(store->svc(), s->user->user_id.tenant, + int r = store->getRados()->get_bucket_info(store->svc(), s->user->get_tenant(), bucket_name, bucket_info, nullptr, s->yield, &bucket_attrs); if (r < 0) { @@ -1942,7 +1941,7 @@ int RGWGetObj::handle_slo_manifest(bufferlist& bl) } bucket = bucket_info.bucket; bucket_acl = &_bucket_acl; - r = read_bucket_policy(store->ctl()->user, s, bucket_info, bucket_attrs, bucket_acl, + r = read_bucket_policy(store, s, bucket_info, bucket_attrs, bucket_acl, bucket); if (r < 0) { ldpp_dout(this, 0) << "failed to read bucket ACL for bucket " @@ -2291,7 +2290,7 @@ int RGWListBuckets::verify_permission() rgw::Partition partition = rgw::Partition::aws; rgw::Service service = rgw::Service::s3; - if (!verify_user_permission(this, s, ARN(partition, service, "", s->user->user_id.tenant, "*"), rgw::IAM::s3ListAllMyBuckets)) { + if (!verify_user_permission(this, s, ARN(partition, service, "", s->user->get_tenant(), "*"), rgw::IAM::s3ListAllMyBuckets)) { return -EACCES; } @@ -2321,7 +2320,7 @@ void RGWListBuckets::execute() } if (supports_account_metadata()) { - op_ret = store->ctl()->user->get_attrs_by_uid(s->user->user_id, &attrs, s->yield); + op_ret = store->ctl()->user->get_attrs_by_uid(s->user->get_id(), &attrs, s->yield); if (op_ret < 0) { goto send_end; } @@ -2337,7 +2336,7 @@ void RGWListBuckets::execute() read_count = max_buckets; } - rgw::sal::RGWRadosUser user(store, s->user->user_id); + rgw::sal::RGWRadosUser user(store, s->user->get_id()); op_ret = user.list_buckets(marker, end_marker, read_count, should_get_stats(), buckets); @@ -2345,7 +2344,7 @@ void RGWListBuckets::execute() /* hmm.. something wrong here.. the user was authenticated, so it should exist */ ldpp_dout(this, 10) << "WARNING: failed on rgw_get_user_buckets uid=" - << s->user->user_id << dendl; + << s->user->get_id() << dendl; break; } @@ -2430,7 +2429,7 @@ void RGWGetUsage::execute() RGWUsageIter usage_iter; while (is_truncated) { - op_ret = store->getRados()->read_usage(s->user->user_id, s->bucket_name, start_epoch, end_epoch, max_entries, + op_ret = store->getRados()->read_usage(s->user->get_id(), s->bucket_name, start_epoch, end_epoch, max_entries, &is_truncated, usage_iter, usage); if (op_ret == -ENOENT) { @@ -2443,19 +2442,19 @@ void RGWGetUsage::execute() } } - op_ret = rgw_user_sync_all_stats(store, s->user->user_id); + op_ret = rgw_user_sync_all_stats(store, s->user->get_id()); if (op_ret < 0) { ldpp_dout(this, 0) << "ERROR: failed to sync user stats" << dendl; return; } - op_ret = rgw_user_get_all_buckets_stats(store, s->user->user_id, buckets_usage); + op_ret = rgw_user_get_all_buckets_stats(store, s->user->get_id(), buckets_usage); if (op_ret < 0) { ldpp_dout(this, 0) << "ERROR: failed to get user's buckets stats" << dendl; return; } - op_ret = store->ctl()->user->read_stats(s->user->user_id, &stats); + op_ret = store->ctl()->user->read_stats(s->user->get_id(), &stats); if (op_ret < 0) { ldpp_dout(this, 0) << "ERROR: can't read user header" << dendl; return; @@ -2481,13 +2480,13 @@ void RGWStatAccount::execute() do { - op_ret = rgw_read_user_buckets(store, s->user->user_id, buckets, marker, + op_ret = rgw_read_user_buckets(store, s->user->get_id(), buckets, marker, string(), max_buckets, true); if (op_ret < 0) { /* hmm.. something wrong here.. the user was authenticated, so it should exist */ ldpp_dout(this, 10) << "WARNING: failed on rgw_get_user_buckets uid=" - << s->user->user_id << dendl; + << s->user->get_id() << dendl; break; } else { /* We need to have stats for all our policies - even if a given policy @@ -2741,7 +2740,7 @@ void RGWStatBucket::execute() return; } - rgw::sal::RGWRadosUser user(store, s->user->user_id); + rgw::sal::RGWRadosUser user(store, s->user->get_id()); bucket = new rgw::sal::RGWRadosBucket(store, user, s->bucket); op_ret = bucket->update_container_stats(); } @@ -2851,28 +2850,28 @@ int RGWCreateBucket::verify_permission() return -EACCES; } - if (s->user->user_id.tenant != s->bucket_tenant) { + if (s->user->get_tenant() != s->bucket_tenant) { ldpp_dout(this, 10) << "user cannot create a bucket in a different tenant" - << " (user_id.tenant=" << s->user->user_id.tenant + << " (user_id.tenant=" << s->user->get_tenant() << " requested=" << s->bucket_tenant << ")" << dendl; return -EACCES; } - if (s->user->max_buckets < 0) { + if (s->user->get_max_buckets() < 0) { return -EPERM; } - if (s->user->max_buckets) { + if (s->user->get_max_buckets()) { rgw::sal::RGWBucketList buckets; string marker; - op_ret = rgw_read_user_buckets(store, s->user->user_id, buckets, - marker, string(), s->user->max_buckets, + op_ret = rgw_read_user_buckets(store, s->user->get_id(), buckets, + marker, string(), s->user->get_max_buckets(), false); if (op_ret < 0) { return op_ret; } - if ((int)buckets.count() >= s->user->max_buckets) { + if ((int)buckets.count() >= s->user->get_max_buckets()) { return -ERR_TOO_MANY_BUCKETS; } } @@ -2890,7 +2889,7 @@ int forward_request_to_master(struct req_state *s, obj_version *objv, } ldpp_dout(s, 0) << "sending request to master zonegroup" << dendl; bufferlist response; - string uid_str = s->user->user_id.to_str(); + string uid_str = s->user->get_id().to_str(); #define MAX_REST_RESPONSE (128 * 1024) // we expect a very small response int ret = store->svc()->zone->get_master_conn()->forward(rgw_user(uid_str), (forward_info ? *forward_info : s->info), objv, MAX_REST_RESPONSE, &in_data, &response); @@ -3086,7 +3085,6 @@ void RGWCreateBucket::execute() string bucket_name = rgw_make_bucket_entry_name(s->bucket_tenant, s->bucket_name); rgw_raw_obj obj(store->svc()->zone->get_zone_params().domain_root, bucket_name); obj_version objv, *pobjv = NULL; - rgw::sal::RGWRadosUser user(store, *s->user); op_ret = get_params(); if (op_ret < 0) @@ -3128,21 +3126,21 @@ void RGWCreateBucket::execute() s->bucket.tenant = s->bucket_tenant; s->bucket.name = s->bucket_name; rgw::sal::RGWBucket* bucket = NULL; - op_ret = store->get_bucket(user, s->bucket, &bucket); + op_ret = store->get_bucket(*s->user, s->bucket, &bucket); if (op_ret < 0 && op_ret != -ENOENT) return; s->bucket_exists = (op_ret != -ENOENT); - s->bucket_owner.set_id(s->user->user_id); - s->bucket_owner.set_name(user.get_display_name()); + s->bucket_owner.set_id(s->user->get_id()); + s->bucket_owner.set_name(s->user->get_display_name()); if (s->bucket_exists) { s->bucket_info = bucket->get_info(); s->bucket_attrs = bucket->get_attrs(); delete bucket; - int r = rgw_op_get_bucket_policy_from_attr(s->cct, store->ctl()->user, s->bucket_info, + int r = rgw_op_get_bucket_policy_from_attr(s->cct, store, s->bucket_info, s->bucket_attrs, &old_policy); if (r >= 0) { - if (old_policy.get_owner().get_id().compare(s->user->user_id) != 0) { + if (old_policy.get_owner().get_id().compare(s->user->get_id()) != 0) { op_ret = -EEXIST; return; } @@ -3192,7 +3190,8 @@ void RGWCreateBucket::execute() rgw_bucket bucket; bucket.tenant = s->bucket_tenant; bucket.name = s->bucket_name; - op_ret = store->svc()->zone->select_bucket_placement(*(s->user), zonegroup_id, + op_ret = store->svc()->zone->select_bucket_placement(s->user->get_info(), + zonegroup_id, placement_rule, &selected_placement_rule, nullptr); if (selected_placement_rule != s->bucket_info.placement_rule) { @@ -3249,7 +3248,7 @@ void RGWCreateBucket::execute() } - op_ret = store->getRados()->create_bucket(*(s->user), s->bucket, zonegroup_id, + op_ret = store->getRados()->create_bucket(s->user->get_info(), s->bucket, zonegroup_id, placement_rule, s->bucket_info.swift_ver_location, pquota_info, attrs, info, pobjv, &ep_objv, creation_time, @@ -3270,18 +3269,18 @@ void RGWCreateBucket::execute() * If all is ok then update the user's list of buckets. * Otherwise inform client about a name conflict. */ - if (info.owner.compare(s->user->user_id) != 0) { + if (info.owner.compare(s->user->get_id()) != 0) { op_ret = -EEXIST; return; } s->bucket = info.bucket; } - op_ret = store->ctl()->bucket->link_bucket(s->user->user_id, s->bucket, + op_ret = store->ctl()->bucket->link_bucket(s->user->get_id(), s->bucket, info.creation_time, s->yield, false); if (op_ret && !existed && op_ret != -EEXIST) { /* if it exists (or previously existed), don't remove it! */ - op_ret = store->ctl()->bucket->unlink_bucket(s->user->user_id, s->bucket, s->yield); + op_ret = store->ctl()->bucket->unlink_bucket(s->user->get_id(), s->bucket, s->yield); if (op_ret < 0) { ldpp_dout(this, 0) << "WARNING: failed to unlink bucket: ret=" << op_ret << dendl; @@ -3304,7 +3303,7 @@ void RGWCreateBucket::execute() binfo, nullptr, s->yield, &battrs); if (op_ret < 0) { return; - } else if (binfo.owner.compare(s->user->user_id) != 0) { + } else if (binfo.owner.compare(s->user->get_id()) != 0) { /* New bucket doesn't belong to the account we're operating on. */ op_ret = -EEXIST; return; @@ -3395,7 +3394,7 @@ void RGWDeleteBucket::execute() } } - op_ret = store->ctl()->bucket->sync_user_stats(s->user->user_id, s->bucket_info); + op_ret = store->ctl()->bucket->sync_user_stats(s->user->get_id(), s->bucket_info); if ( op_ret < 0) { ldpp_dout(this, 1) << "WARNING: failed to sync user stats before bucket delete: op_ret= " << op_ret << dendl; } @@ -4344,7 +4343,7 @@ int RGWPutMetadataAccount::init_processing() return op_ret; } - op_ret = store->ctl()->user->get_attrs_by_uid(s->user->user_id, &orig_attrs, + op_ret = store->ctl()->user->get_attrs_by_uid(s->user->get_id(), &orig_attrs, s->yield, &acct_op_tracker); if (op_ret < 0) { @@ -4407,7 +4406,7 @@ void RGWPutMetadataAccount::execute() { /* Params have been extracted earlier. See init_processing(). */ RGWUserInfo new_uinfo; - op_ret = store->ctl()->user->get_info_by_uid(s->user->user_id, &new_uinfo, s->yield, + op_ret = store->ctl()->user->get_info_by_uid(s->user->get_id(), &new_uinfo, s->yield, RGWUserCtl::GetParams() .set_objv_tracker(&acct_op_tracker)); if (op_ret < 0) { @@ -4430,7 +4429,7 @@ void RGWPutMetadataAccount::execute() * optimize-out some operations. */ op_ret = store->ctl()->user->store_info(new_uinfo, s->yield, RGWUserCtl::PutParams() - .set_old_info(s->user) + .set_old_info(&s->user->get_info()) .set_objv_tracker(&acct_op_tracker) .set_attrs(&attrs)); } @@ -5007,7 +5006,7 @@ int RGWCopyObj::verify_permission() store->getRados()->set_atomic(s->obj_ctx, dest_obj); /* check dest bucket permissions */ - op_ret = read_bucket_policy(store->ctl()->user, s, dest_bucket_info, dest_attrs, + op_ret = read_bucket_policy(store, s, dest_bucket_info, dest_attrs, &dest_bucket_policy, dest_bucket); if (op_ret < 0) { return op_ret; @@ -5139,32 +5138,32 @@ void RGWCopyObj::execute() } op_ret = store->getRados()->copy_obj(obj_ctx, - s->user->user_id, - &s->info, - source_zone, - dst_obj, - src_obj, - dest_bucket_info, - src_bucket_info, - s->dest_placement, - &src_mtime, - &mtime, - mod_ptr, - unmod_ptr, - high_precision_time, - if_match, - if_nomatch, - attrs_mod, - copy_if_newer, - attrs, RGWObjCategory::Main, - olh_epoch, - (delete_at ? *delete_at : real_time()), - (version_id.empty() ? NULL : &version_id), - &s->req_id, /* use req_id as tag */ - &etag, - copy_obj_progress_cb, (void *)this, - this, - s->yield); + s->user->get_id(), + &s->info, + source_zone, + dst_obj, + src_obj, + dest_bucket_info, + src_bucket_info, + s->dest_placement, + &src_mtime, + &mtime, + mod_ptr, + unmod_ptr, + high_precision_time, + if_match, + if_nomatch, + attrs_mod, + copy_if_newer, + attrs, RGWObjCategory::Main, + olh_epoch, + (delete_at ? *delete_at : real_time()), + (version_id.empty() ? NULL : &version_id), + &s->req_id, /* use req_id as tag */ + &etag, + copy_obj_progress_cb, (void *)this, + this, + s->yield); const auto ret = rgw::notify::publish(s, mtime, etag, rgw::notify::ObjectCreatedCopy, store); if (ret < 0) { @@ -6536,7 +6535,7 @@ bool RGWBulkDelete::Deleter::verify_permission(RGWBucketInfo& binfo, ACLOwner& bucket_owner /* out */) { RGWAccessControlPolicy bacl(store->ctx()); - int ret = read_bucket_policy(store->ctl()->user, s, binfo, battrs, &bacl, binfo.bucket); + int ret = read_bucket_policy(store, s, binfo, battrs, &bacl, binfo.bucket); if (ret < 0) { return false; } @@ -6560,7 +6559,7 @@ bool RGWBulkDelete::Deleter::delete_single(const acct_path_t& path) ACLOwner bowner; RGWObjVersionTracker ot; - rgw_bucket b(rgw_bucket_key(s->user->user_id.tenant, path.bucket_name)); + rgw_bucket b(rgw_bucket_key(s->user->get_tenant(), path.bucket_name)); int ret = store->ctl()->bucket->read_bucket_info(b, &binfo, s->yield, RGWBucketCtl::BucketInstance::GetParams() @@ -6714,14 +6713,14 @@ int RGWBulkUploadOp::verify_permission() return -EACCES; } - if (s->user->user_id.tenant != s->bucket_tenant) { + if (s->user->get_tenant() != s->bucket_tenant) { ldpp_dout(this, 10) << "user cannot create a bucket in a different tenant" - << " (user_id.tenant=" << s->user->user_id.tenant + << " (user_id.tenant=" << s->user->get_tenant() << " requested=" << s->bucket_tenant << ")" << dendl; return -EACCES; } - if (s->user->max_buckets < 0) { + if (s->user->get_max_buckets() < 0) { return -EPERM; } @@ -6784,17 +6783,17 @@ RGWBulkUploadOp::handle_upload_path(struct req_state *s) int RGWBulkUploadOp::handle_dir_verify_permission() { - if (s->user->max_buckets > 0) { + if (s->user->get_max_buckets() > 0) { rgw::sal::RGWBucketList buckets; std::string marker; - op_ret = rgw_read_user_buckets(store, s->user->user_id, buckets, - marker, std::string(), s->user->max_buckets, + op_ret = rgw_read_user_buckets(store, s->user->get_user(), buckets, + marker, std::string(), s->user->get_max_buckets(), false); if (op_ret < 0) { return op_ret; } - if (buckets.count() >= static_cast<size_t>(s->user->max_buckets)) { + if (buckets.count() >= static_cast<size_t>(s->user->get_max_buckets())) { return -ERR_TOO_MANY_BUCKETS; } } @@ -6853,10 +6852,10 @@ int RGWBulkUploadOp::handle_dir(const boost::string_ref path) if (bucket_exists) { RGWAccessControlPolicy old_policy(s->cct); - int r = rgw_op_get_bucket_policy_from_attr(s->cct, store->ctl()->user, binfo, + int r = rgw_op_get_bucket_policy_from_attr(s->cct, store, binfo, battrs, &old_policy); if (r >= 0) { - if (old_policy.get_owner().get_id().compare(s->user->user_id) != 0) { + if (old_policy.get_owner().get_id().compare(s->user->get_user()) != 0) { op_ret = -EEXIST; return op_ret; } @@ -6902,7 +6901,7 @@ int RGWBulkUploadOp::handle_dir(const boost::string_ref path) rgw_bucket bucket; bucket.tenant = s->bucket_tenant; bucket.name = s->bucket_name; - op_ret = store->svc()->zone->select_bucket_placement(*(s->user), + op_ret = store->svc()->zone->select_bucket_placement(s->user->get_info(), store->svc()->zone->get_zonegroup().get_id(), placement_rule, &selected_placement_rule, @@ -6917,7 +6916,7 @@ int RGWBulkUploadOp::handle_dir(const boost::string_ref path) /* Create metadata: ACLs. */ std::map<std::string, ceph::bufferlist> attrs; RGWAccessControlPolicy policy; - policy.create_default(s->user->user_id, s->user->display_name); + policy.create_default(s->user->get_id(), s->user->get_display_name()); ceph::bufferlist aclbl; policy.encode(aclbl); attrs.emplace(RGW_ATTR_ACL, std::move(aclbl)); @@ -6931,7 +6930,7 @@ int RGWBulkUploadOp::handle_dir(const boost::string_ref path) RGWBucketInfo out_info; - op_ret = store->getRados()->create_bucket(*(s->user), + op_ret = store->getRados()->create_bucket(s->user->get_info(), bucket, store->svc()->zone->get_zonegroup().get_id(), placement_rule, binfo.swift_ver_location, @@ -6955,7 +6954,7 @@ int RGWBulkUploadOp::handle_dir(const boost::string_ref path) * If all is ok then update the user's list of buckets. * Otherwise inform client about a name conflict. */ - if (out_info.owner.compare(s->user->user_id) != 0) { + if (out_info.owner.compare(s->user->get_id()) != 0) { op_ret = -EEXIST; ldpp_dout(this, 20) << "conflicting bucket name" << dendl; return op_ret; @@ -6963,12 +6962,12 @@ int RGWBulkUploadOp::handle_dir(const boost::string_ref path) bucket = out_info.bucket; } - op_ret = store->ctl()->bucket->link_bucket(s->user->user_id, bucket, + op_ret = store->ctl()->bucket->link_bucket(s->user->get_id(), bucket, out_info.creation_time, s->yield, false); if (op_ret && !existed && op_ret != -EEXIST) { /* if it exists (or previously existed), don't remove it! */ - op_ret = store->ctl()->bucket->unlink_bucket(s->user->user_id, bucket, s->yield); + op_ret = store->ctl()->bucket->unlink_bucket(s->user->get_id(), bucket, s->yield); if (op_ret < 0) { ldpp_dout(this, 0) << "WARNING: failed to unlink bucket: ret=" << op_ret << dendl; } @@ -6987,7 +6986,7 @@ bool RGWBulkUploadOp::handle_file_verify_permission(RGWBucketInfo& binfo, ACLOwner& bucket_owner /* out */) { RGWAccessControlPolicy bacl(store->ctx()); - op_ret = read_bucket_policy(store->ctl()->user, s, binfo, battrs, &bacl, binfo.bucket); + op_ret = read_bucket_policy(store, s, binfo, battrs, &bacl, binfo.bucket); if (op_ret < 0) { ldpp_dout(this, 20) << "cannot read_policy() for bucket" << dendl; return false; @@ -7038,7 +7037,7 @@ int RGWBulkUploadOp::handle_file(const boost::string_ref path, RGWBucketInfo binfo; std::map<std::string, ceph::bufferlist> battrs; ACLOwner bowner; - op_ret = store->getRados()->get_bucket_info(store->svc(), s->user->user_id.tenant, + op_ret = store->getRados()->get_bucket_info(store->svc(), s->user->get_tenant(), bucket_name, binfo, nullptr, s->yield, &battrs); if (op_ret == -ENOENT) { ldpp_dout(this, 20) << "non existent directory=" << bucket_name << dendl; @@ -7157,7 +7156,7 @@ int RGWBulkUploadOp::handle_file(const boost::string_ref path, /* Create metadata: ACLs. */ RGWAccessControlPolicy policy; - policy.create_default(s->user->user_id, s->user->display_name); + policy.create_default(s->user->get_id(), s->user->get_display_name()); ceph::bufferlist aclbl; policy.encode(aclbl); attrs.emplace(RGW_ATTR_ACL, std::move(aclbl)); diff --git a/src/rgw/rgw_op.h b/src/rgw/rgw_op.h index 44c75a30df2..06caad7651c 100644 --- a/src/rgw/rgw_op.h +++ b/src/rgw/rgw_op.h @@ -42,6 +42,7 @@ #include "rgw_quota.h" #include "rgw_putobj.h" #include "rgw_multi.h" +#include "rgw_sal.h" #include "rgw_lc.h" #include "rgw_torrent.h" @@ -73,7 +74,7 @@ class StrategyRegistry; } int rgw_op_get_bucket_policy_from_attr(CephContext *cct, - RGWUserCtl *user_ctl, + rgw::sal::RGWRadosStore *store, RGWBucketInfo& bucket_info, map<string, bufferlist>& bucket_attrs, RGWAccessControlPolicy *policy); @@ -813,8 +814,7 @@ public: void init(rgw::sal::RGWRadosStore *store, struct req_state *s, RGWHandler *h) override { RGWOp::init(store, s, h); - rgw::sal::RGWRadosUser user(store, s->user->user_id); - bucket = new rgw::sal::RGWRadosBucket(store, user, s->bucket); + bucket = new rgw::sal::RGWRadosBucket(store, *s->user, s->bucket); } virtual int get_params() = 0; void send_response() override = 0; @@ -2133,7 +2133,7 @@ public: return caps.check_cap("admin", RGW_CAP_READ); } int verify_permission() override { - return check_caps(s->user->caps); + return check_caps(s->user->get_info().caps); } void pre_exec() override; void execute() override; diff --git a/src/rgw/rgw_opa.cc b/src/rgw/rgw_opa.cc index 4fb18b5e5db..79ba8784d04 100644 --- a/src/rgw/rgw_opa.cc +++ b/src/rgw/rgw_opa.cc @@ -45,7 +45,7 @@ int rgw_opa_authorize(RGWOp *& op, jf.dump_string("params", s->info.request_params.c_str()); jf.dump_string("request_uri_aws4", s->info.request_uri_aws4.c_str()); jf.dump_string("object_name", s->object.name.c_str()); - jf.dump_object("user_info", *s->user); + jf.dump_object("user_info", s->user->get_info()); jf.dump_object("bucket_info", s->bucket_info); jf.close_section(); jf.close_section(); diff --git a/src/rgw/rgw_process.cc b/src/rgw/rgw_process.cc index 9812c1f1fdd..e314e8b2fb9 100644 --- a/src/rgw/rgw_process.cc +++ b/src/rgw/rgw_process.cc @@ -141,7 +141,7 @@ int rgw_process_authenticated(RGWHandler_REST * const handler, if (ret < 0) { if (s->system_request) { dout(2) << "overriding permissions due to system operation" << dendl; - } else if (s->auth.identity->is_admin_of(s->user->user_id)) { + } else if (s->auth.identity->is_admin_of(s->user->get_id())) { dout(2) << "overriding permissions due to admin operation" << dendl; } else { return ret; @@ -185,9 +185,9 @@ int process_request(rgw::sal::RGWRadosStore* const store, RGWEnv& rgw_env = client_io->get_env(); - RGWUserInfo userinfo; + rgw::sal::RGWRadosUser user; - struct req_state rstate(g_ceph_context, &rgw_env, &userinfo, req->id); + struct req_state rstate(g_ceph_context, &rgw_env, &user, req->id); struct req_state *s = &rstate; RGWObjectCtx rados_ctx(store, s); @@ -227,7 +227,7 @@ int process_request(rgw::sal::RGWRadosStore* const store, should_log = mgr->get_logging(); ldpp_dout(s, 2) << "getting op " << s->op << dendl; - op = handler->get_op(store); + op = handler->get_op(); if (!op) { abort_early(s, NULL, -ERR_METHOD_NOT_ALLOWED, handler); goto done; @@ -269,8 +269,8 @@ int process_request(rgw::sal::RGWRadosStore* const store, goto done; } - if (s->user->suspended) { - dout(10) << "user is suspended, uid=" << s->user->user_id << dendl; + if (s->user->get_info().suspended) { + dout(10) << "user is suspended, uid=" << s->user->get_id() << dendl; abort_early(s, op, -ERR_USER_SUSPENDED, handler); goto done; } diff --git a/src/rgw/rgw_rest.cc b/src/rgw/rgw_rest.cc index e5477000e08..e85a0119561 100644 --- a/src/rgw/rgw_rest.cc +++ b/src/rgw/rgw_rest.cc @@ -567,7 +567,7 @@ void end_header(struct req_state* s, RGWOp* op, const char *content_type, dump_trans_id(s); if ((!s->is_err()) && - (s->bucket_info.owner != s->user->user_id) && + (s->bucket_info.owner != s->user->get_id()) && (s->bucket_info.requester_pays)) { dump_header(s, "x-amz-request-charged", "requester"); } @@ -1646,10 +1646,10 @@ void RGWRESTOp::send_response() int RGWRESTOp::verify_permission() { - return check_caps(s->user->caps); + return check_caps(s->user->get_info().caps); } -RGWOp* RGWHandler_REST::get_op(rgw::sal::RGWRadosStore* store) +RGWOp* RGWHandler_REST::get_op(void) { RGWOp *op; switch (s->op) { @@ -1846,16 +1846,16 @@ int RGWHandler_REST::init_permissions(RGWOp* op) { if (op->get_type() == RGW_OP_CREATE_BUCKET) { // We don't need user policies in case of STS token returned by AssumeRole, hence the check for user type - if (! s->user->user_id.empty() && s->auth.identity->get_identity_type() != TYPE_ROLE) { + if (! s->user->get_id().empty() && s->auth.identity->get_identity_type() != TYPE_ROLE) { try { map<string, bufferlist> uattrs; - if (auto ret = store->ctl()->user->get_attrs_by_uid(s->user->user_id, &uattrs, null_yield); ! ret) { + if (auto ret = store->ctl()->user->get_attrs_by_uid(s->user->get_id(), &uattrs, null_yield); ! ret) { if (s->iam_user_policies.empty()) { - s->iam_user_policies = get_iam_user_policy_from_attr(s->cct, store, uattrs, s->user->user_id.tenant); + s->iam_user_policies = get_iam_user_policy_from_attr(s->cct, store, uattrs, s->user->get_tenant()); } else { // This scenario can happen when a STS token has a policy, then we need to append other user policies // to the existing ones. (e.g. token returned by GetSessionToken) - auto user_policies = get_iam_user_policy_from_attr(s->cct, store, uattrs, s->user->user_id.tenant); + auto user_policies = get_iam_user_policy_from_attr(s->cct, store, uattrs, s->user->get_tenant()); s->iam_user_policies.insert(s->iam_user_policies.end(), user_policies.begin(), user_policies.end()); } } diff --git a/src/rgw/rgw_rest.h b/src/rgw/rgw_rest.h index 455c4100ac4..f5dc175e134 100644 --- a/src/rgw/rgw_rest.h +++ b/src/rgw/rgw_rest.h @@ -534,7 +534,7 @@ public: flusher.init(s, this); } void send_response() override; - virtual int check_caps(RGWUserCaps& caps) + virtual int check_caps(const RGWUserCaps& caps) { return -EPERM; } /* should to be implemented! */ int verify_permission() override; dmc::client_id dmclock_client() override { return dmc::client_id::admin; } @@ -569,7 +569,7 @@ public: int init_permissions(RGWOp* op) override; int read_permissions(RGWOp* op) override; - virtual RGWOp* get_op(rgw::sal::RGWRadosStore* store); + virtual RGWOp* get_op(void); virtual void put_op(RGWOp* op); }; diff --git a/src/rgw/rgw_rest_bucket.cc b/src/rgw/rgw_rest_bucket.cc index 71e5655ff5a..994f5660ed1 100644 --- a/src/rgw/rgw_rest_bucket.cc +++ b/src/rgw/rgw_rest_bucket.cc @@ -18,7 +18,7 @@ class RGWOp_Bucket_Info : public RGWRESTOp { public: RGWOp_Bucket_Info() {} - int check_caps(RGWUserCaps& caps) override { + int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("buckets", RGW_CAP_READ); } @@ -55,7 +55,7 @@ class RGWOp_Get_Policy : public RGWRESTOp { public: RGWOp_Get_Policy() {} - int check_caps(RGWUserCaps& caps) override { + int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("buckets", RGW_CAP_READ); } @@ -85,7 +85,7 @@ class RGWOp_Check_Bucket_Index : public RGWRESTOp { public: RGWOp_Check_Bucket_Index() {} - int check_caps(RGWUserCaps& caps) override { + int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("buckets", RGW_CAP_WRITE); } @@ -119,7 +119,7 @@ class RGWOp_Bucket_Link : public RGWRESTOp { public: RGWOp_Bucket_Link() {} - int check_caps(RGWUserCaps& caps) override { + int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("buckets", RGW_CAP_WRITE); } @@ -164,7 +164,7 @@ class RGWOp_Bucket_Unlink : public RGWRESTOp { public: RGWOp_Bucket_Unlink() {} - int check_caps(RGWUserCaps& caps) override { + int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("buckets", RGW_CAP_WRITE); } @@ -204,7 +204,7 @@ class RGWOp_Bucket_Remove : public RGWRESTOp { public: RGWOp_Bucket_Remove() {} - int check_caps(RGWUserCaps& caps) override { + int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("buckets", RGW_CAP_WRITE); } @@ -242,7 +242,7 @@ class RGWOp_Set_Bucket_Quota : public RGWRESTOp { public: RGWOp_Set_Bucket_Quota() {} - int check_caps(RGWUserCaps& caps) override { + int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("buckets", RGW_CAP_WRITE); } @@ -319,7 +319,7 @@ class RGWOp_Sync_Bucket : public RGWRESTOp { public: RGWOp_Sync_Bucket() {} - int check_caps(RGWUserCaps& caps) override { + int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("buckets", RGW_CAP_WRITE); } @@ -351,7 +351,7 @@ class RGWOp_Object_Remove: public RGWRESTOp { public: RGWOp_Object_Remove() {} - int check_caps(RGWUserCaps& caps) override { + int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("buckets", RGW_CAP_WRITE); } diff --git a/src/rgw/rgw_rest_config.h b/src/rgw/rgw_rest_config.h index b2ce58d7e41..99c77364696 100644 --- a/src/rgw/rgw_rest_config.h +++ b/src/rgw/rgw_rest_config.h @@ -24,11 +24,11 @@ public: explicit RGWOp_ZoneGroupMap_Get(bool _old_format):old_format(_old_format) {} ~RGWOp_ZoneGroupMap_Get() override {} - int check_caps(RGWUserCaps& caps) override { + int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("zone", RGW_CAP_READ); } int verify_permission() override { - return check_caps(s->user->caps); + return check_caps(s->user->get_caps()); } void execute() override; void send_response() override; @@ -46,11 +46,11 @@ class RGWOp_ZoneConfig_Get : public RGWRESTOp { public: RGWOp_ZoneConfig_Get() {} - int check_caps(RGWUserCaps& caps) override { + int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("zone", RGW_CAP_READ); } int verify_permission() override { - return check_caps(s->user->caps); + return check_caps(s->user->get_caps()); } void execute() override {} /* store already has the info we need, just need to send response */ void send_response() override ; diff --git a/src/rgw/rgw_rest_log.cc b/src/rgw/rgw_rest_log.cc index f8891402a8a..f74663876b8 100644 --- a/src/rgw/rgw_rest_log.cc +++ b/src/rgw/rgw_rest_log.cc @@ -781,11 +781,11 @@ void RGWOp_DATALog_Delete::execute() { class RGWOp_MDLog_Status : public RGWRESTOp { rgw_meta_sync_status status; public: - int check_caps(RGWUserCaps& caps) override { + int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("mdlog", RGW_CAP_READ); } int verify_permission() override { - return check_caps(s->user->caps); + return check_caps(s->user->get_caps()); } void execute() override; void send_response() override; @@ -819,11 +819,11 @@ void RGWOp_MDLog_Status::send_response() class RGWOp_BILog_Status : public RGWRESTOp { std::vector<rgw_bucket_shard_sync_info> status; public: - int check_caps(RGWUserCaps& caps) override { + int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("bilog", RGW_CAP_READ); } int verify_permission() override { - return check_caps(s->user->caps); + return check_caps(s->user->get_caps()); } void execute() override; void send_response() override; @@ -876,11 +876,11 @@ void RGWOp_BILog_Status::send_response() class RGWOp_DATALog_Status : public RGWRESTOp { rgw_data_sync_status status; public: - int check_caps(RGWUserCaps& caps) override { + int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("datalog", RGW_CAP_READ); } int verify_permission() override { - return check_caps(s->user->caps); + return check_caps(s->user->get_caps()); } void execute() override ; void send_response() override; diff --git a/src/rgw/rgw_rest_log.h b/src/rgw/rgw_rest_log.h index 9e11b603121..fa2897802bc 100644 --- a/src/rgw/rgw_rest_log.h +++ b/src/rgw/rgw_rest_log.h @@ -24,11 +24,11 @@ public: RGWOp_BILog_List() : sent_header(false) {} ~RGWOp_BILog_List() override {} - int check_caps(RGWUserCaps& caps) override { + int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("bilog", RGW_CAP_READ); } int verify_permission() override { - return check_caps(s->user->caps); + return check_caps(s->user->get_caps()); } void send_response() override; virtual void send_response(list<rgw_bi_log_entry>& entries, string& marker); @@ -48,11 +48,11 @@ public: RGWOp_BILog_Info() : bucket_ver(), master_ver(), syncstopped(false) {} ~RGWOp_BILog_Info() override {} - int check_caps(RGWUserCaps& caps) override { + int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("bilog", RGW_CAP_READ); } int verify_permission() override { - return check_caps(s->user->caps); + return check_caps(s->user->get_caps()); } void send_response() override; void execute() override; @@ -66,7 +66,7 @@ public: RGWOp_BILog_Delete() {} ~RGWOp_BILog_Delete() override {} - int check_caps(RGWUserCaps& caps) override { + int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("bilog", RGW_CAP_WRITE); } void execute() override; @@ -83,11 +83,11 @@ public: RGWOp_MDLog_List() : truncated(false) {} ~RGWOp_MDLog_List() override {} - int check_caps(RGWUserCaps& caps) override { + int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("mdlog", RGW_CAP_READ); } int verify_permission() override { - return check_caps(s->user->caps); + return check_caps(s->user->get_caps()); } void execute() override; void send_response() override; @@ -103,11 +103,11 @@ public: RGWOp_MDLog_Info() : num_objects(0) {} ~RGWOp_MDLog_Info() override {} - int check_caps(RGWUserCaps& caps) override { + int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("mdlog", RGW_CAP_READ); } int verify_permission() override { - return check_caps(s->user->caps); + return check_caps(s->user->get_caps()); } void execute() override; void send_response() override; @@ -122,11 +122,11 @@ public: RGWOp_MDLog_ShardInfo() {} ~RGWOp_MDLog_ShardInfo() override {} - int check_caps(RGWUserCaps& caps) override { + int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("mdlog", RGW_CAP_READ); } int verify_permission() override { - return check_caps(s->user->caps); + return check_caps(s->user->get_caps()); } void execute() override; void send_response() override; @@ -140,7 +140,7 @@ public: RGWOp_MDLog_Lock() {} ~RGWOp_MDLog_Lock() override {} - int check_caps(RGWUserCaps& caps) override { + int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("mdlog", RGW_CAP_WRITE); } void execute() override; @@ -154,7 +154,7 @@ public: RGWOp_MDLog_Unlock() {} ~RGWOp_MDLog_Unlock() override {} - int check_caps(RGWUserCaps& caps) override { + int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("mdlog", RGW_CAP_WRITE); } void execute() override; @@ -168,7 +168,7 @@ public: RGWOp_MDLog_Notify() {} ~RGWOp_MDLog_Notify() override {} - int check_caps(RGWUserCaps& caps) override { + int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("mdlog", RGW_CAP_WRITE); } void execute() override; @@ -182,7 +182,7 @@ public: RGWOp_MDLog_Delete() {} ~RGWOp_MDLog_Delete() override {} - int check_caps(RGWUserCaps& caps) override { + int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("mdlog", RGW_CAP_WRITE); } void execute() override; @@ -200,11 +200,11 @@ public: RGWOp_DATALog_List() : truncated(false), extra_info(false) {} ~RGWOp_DATALog_List() override {} - int check_caps(RGWUserCaps& caps) override { + int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("datalog", RGW_CAP_READ); } int verify_permission() override { - return check_caps(s->user->caps); + return check_caps(s->user->get_caps()); } void execute() override; void send_response() override; @@ -219,11 +219,11 @@ public: RGWOp_DATALog_Info() : num_objects(0) {} ~RGWOp_DATALog_Info() override {} - int check_caps(RGWUserCaps& caps) override { + int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("datalog", RGW_CAP_READ); } int verify_permission() override { - return check_caps(s->user->caps); + return check_caps(s->user->get_caps()); } void execute() override; void send_response() override; @@ -238,11 +238,11 @@ public: RGWOp_DATALog_ShardInfo() {} ~RGWOp_DATALog_ShardInfo() override {} - int check_caps(RGWUserCaps& caps) override { + int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("datalog", RGW_CAP_READ); } int verify_permission() override { - return check_caps(s->user->caps); + return check_caps(s->user->get_caps()); } void execute() override; void send_response() override; @@ -256,7 +256,7 @@ public: RGWOp_DATALog_Notify() {} ~RGWOp_DATALog_Notify() override {} - int check_caps(RGWUserCaps& caps) override { + int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("datalog", RGW_CAP_WRITE); } void execute() override; @@ -270,7 +270,7 @@ public: RGWOp_DATALog_Delete() {} ~RGWOp_DATALog_Delete() override {} - int check_caps(RGWUserCaps& caps) override { + int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("datalog", RGW_CAP_WRITE); } void execute() override; diff --git a/src/rgw/rgw_rest_metadata.h b/src/rgw/rgw_rest_metadata.h index 2e958e92af2..faabe288e59 100644 --- a/src/rgw/rgw_rest_metadata.h +++ b/src/rgw/rgw_rest_metadata.h @@ -20,7 +20,7 @@ public: RGWOp_Metadata_List() {} ~RGWOp_Metadata_List() override {} - int check_caps(RGWUserCaps& caps) override { + int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("metadata", RGW_CAP_READ); } void execute() override; @@ -32,7 +32,7 @@ public: RGWOp_Metadata_Get() {} ~RGWOp_Metadata_Get() override {} - int check_caps(RGWUserCaps& caps) override { + int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("metadata", RGW_CAP_READ); } void execute() override; @@ -55,7 +55,7 @@ public: RGWOp_Metadata_Put() {} ~RGWOp_Metadata_Put() override {} - int check_caps(RGWUserCaps& caps) override { + int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("metadata", RGW_CAP_WRITE); } void execute() override; @@ -69,7 +69,7 @@ public: RGWOp_Metadata_Delete() {} ~RGWOp_Metadata_Delete() override {} - int check_caps(RGWUserCaps& caps) override { + int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("metadata", RGW_CAP_WRITE); } void execute() override; diff --git a/src/rgw/rgw_rest_pubsub.cc b/src/rgw/rgw_rest_pubsub.cc index 1f7bce65adf..94f295ba558 100644 --- a/src/rgw/rgw_rest_pubsub.cc +++ b/src/rgw/rgw_rest_pubsub.cc @@ -57,7 +57,7 @@ public: // the topic ARN will be sent in the reply const rgw::ARN arn(rgw::Partition::aws, rgw::Service::sns, store->svc()->zone->get_zonegroup().get_name(), - s->user->user_id.tenant, topic_name); + s->user->get_tenant(), topic_name); topic_arn = arn.to_string(); return 0; } diff --git a/src/rgw/rgw_rest_realm.cc b/src/rgw/rgw_rest_realm.cc index 42f622d25b9..423f9cbf488 100644 --- a/src/rgw/rgw_rest_realm.cc +++ b/src/rgw/rgw_rest_realm.cc @@ -51,11 +51,11 @@ void RGWOp_Period_Base::send_response() class RGWOp_Period_Get : public RGWOp_Period_Base { public: void execute() override; - int check_caps(RGWUserCaps& caps) override { + int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("zone", RGW_CAP_READ); } int verify_permission() override { - return check_caps(s->user->caps); + return check_caps(s->user->get_caps()); } const char* name() const override { return "get_period"; } }; @@ -81,11 +81,11 @@ void RGWOp_Period_Get::execute() class RGWOp_Period_Post : public RGWOp_Period_Base { public: void execute() override; - int check_caps(RGWUserCaps& caps) override { + int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("zone", RGW_CAP_WRITE); } int verify_permission() override { - return check_caps(s->user->caps); + return check_caps(s->user->get_caps()); } const char* name() const override { return "post_period"; } }; @@ -258,11 +258,11 @@ class RGWRESTMgr_Period : public RGWRESTMgr { class RGWOp_Realm_Get : public RGWRESTOp { std::unique_ptr<RGWRealm> realm; public: - int check_caps(RGWUserCaps& caps) override { + int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("zone", RGW_CAP_READ); } int verify_permission() override { - return check_caps(s->user->caps); + return check_caps(s->user->get_caps()); } void execute() override; void send_response() override; @@ -304,11 +304,11 @@ class RGWOp_Realm_List : public RGWRESTOp { std::string default_id; std::list<std::string> realms; public: - int check_caps(RGWUserCaps& caps) override { + int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("zone", RGW_CAP_READ); } int verify_permission() override { - return check_caps(s->user->caps); + return check_caps(s->user->get_caps()); } void execute() override; void send_response() override; diff --git a/src/rgw/rgw_rest_role.cc b/src/rgw/rgw_rest_role.cc index fe037b9768b..17c8e2b5d66 100644 --- a/src/rgw/rgw_rest_role.cc +++ b/src/rgw/rgw_rest_role.cc @@ -25,7 +25,7 @@ int RGWRestRole::verify_permission() } string role_name = s->info.args.get("RoleName"); - RGWRole role(s->cct, store->getRados()->pctl, role_name, s->user->user_id.tenant); + RGWRole role(s->cct, store->getRados()->pctl, role_name, s->user->get_tenant()); if (op_ret = role.get(); op_ret < 0) { if (op_ret == -ENOENT) { op_ret = -ERR_NO_ROLE_FOUND; @@ -33,7 +33,7 @@ int RGWRestRole::verify_permission() return op_ret; } - if (int ret = check_caps(s->user->caps); ret == 0) { + if (int ret = check_caps(s->user->get_caps()); ret == 0) { _role = std::move(role); return ret; } @@ -44,7 +44,7 @@ int RGWRestRole::verify_permission() s, rgw::ARN(resource_name, "role", - s->user->user_id.tenant, true), + s->user->get_tenant(), true), op)) { return -EACCES; } @@ -63,12 +63,12 @@ void RGWRestRole::send_response() end_header(s, this); } -int RGWRoleRead::check_caps(RGWUserCaps& caps) +int RGWRoleRead::check_caps(const RGWUserCaps& caps) { return caps.check_cap("roles", RGW_CAP_READ); } -int RGWRoleWrite::check_caps(RGWUserCaps& caps) +int RGWRoleWrite::check_caps(const RGWUserCaps& caps) { return caps.check_cap("roles", RGW_CAP_WRITE); } @@ -79,7 +79,7 @@ int RGWCreateRole::verify_permission() return -EACCES; } - if (int ret = check_caps(s->user->caps); ret == 0) { + if (int ret = check_caps(s->user->get_caps()); ret == 0) { return ret; } @@ -91,7 +91,7 @@ int RGWCreateRole::verify_permission() s, rgw::ARN(resource_name, "role", - s->user->user_id.tenant, true), + s->user->get_tenant(), true), get_op())) { return -EACCES; } @@ -113,7 +113,7 @@ int RGWCreateRole::get_params() bufferlist bl = bufferlist::static_from_string(trust_policy); try { - const rgw::IAM::Policy p(s->cct, s->user->user_id.tenant, bl); + const rgw::IAM::Policy p(s->cct, s->user->get_tenant(), bl); } catch (rgw::IAM::PolicyParseException& e) { ldout(s->cct, 20) << "failed to parse policy: " << e.what() << dendl; @@ -130,7 +130,7 @@ void RGWCreateRole::execute() return; } RGWRole role(s->cct, store->getRados()->pctl, role_name, role_path, trust_policy, - s->user->user_id.tenant, max_session_duration); + s->user->get_tenant(), max_session_duration); op_ret = role.create(true); if (op_ret == -EEXIST) { @@ -194,7 +194,7 @@ int RGWGetRole::_verify_permission(const RGWRole& role) return -EACCES; } - if (int ret = check_caps(s->user->caps); ret == 0) { + if (int ret = check_caps(s->user->get_caps()); ret == 0) { return ret; } @@ -203,7 +203,7 @@ int RGWGetRole::_verify_permission(const RGWRole& role) s, rgw::ARN(resource_name, "role", - s->user->user_id.tenant, true), + s->user->get_tenant(), true), get_op())) { return -EACCES; } @@ -228,7 +228,7 @@ void RGWGetRole::execute() if (op_ret < 0) { return; } - RGWRole role(s->cct, store->getRados()->pctl, role_name, s->user->user_id.tenant); + RGWRole role(s->cct, store->getRados()->pctl, role_name, s->user->get_tenant()); op_ret = role.get(); if (op_ret == -ENOENT) { @@ -293,7 +293,7 @@ int RGWListRoles::verify_permission() return -EACCES; } - if (int ret = check_caps(s->user->caps); ret == 0) { + if (int ret = check_caps(s->user->get_caps()); ret == 0) { return ret; } @@ -321,7 +321,7 @@ void RGWListRoles::execute() return; } vector<RGWRole> result; - op_ret = RGWRole::get_roles_by_path_prefix(store->getRados(), s->cct, path_prefix, s->user->user_id.tenant, result); + op_ret = RGWRole::get_roles_by_path_prefix(store->getRados(), s->cct, path_prefix, s->user->get_tenant(), result); if (op_ret == 0) { s->formatter->open_array_section("ListRolesResponse"); @@ -353,7 +353,7 @@ int RGWPutRolePolicy::get_params() } bufferlist bl = bufferlist::static_from_string(perm_policy); try { - const rgw::IAM::Policy p(s->cct, s->user->user_id.tenant, bl); + const rgw::IAM::Policy p(s->cct, s->user->get_tenant(), bl); } catch (rgw::IAM::PolicyParseException& e) { ldout(s->cct, 20) << "failed to parse policy: " << e.what() << dendl; diff --git a/src/rgw/rgw_rest_role.h b/src/rgw/rgw_rest_role.h index 17fe72a7ea5..ff2069fa152 100644 --- a/src/rgw/rgw_rest_role.h +++ b/src/rgw/rgw_rest_role.h @@ -24,13 +24,13 @@ public: class RGWRoleRead : public RGWRestRole { public: RGWRoleRead() = default; - int check_caps(RGWUserCaps& caps) override; + int check_caps(const RGWUserCaps& caps) override; }; class RGWRoleWrite : public RGWRestRole { public: RGWRoleWrite() = default; - int check_caps(RGWUserCaps& caps) override; + int check_caps(const RGWUserCaps& caps) override; }; class RGWCreateRole : public RGWRoleWrite { diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc index de885d66b82..6330ad57114 100644 --- a/src/rgw/rgw_rest_s3.cc +++ b/src/rgw/rgw_rest_s3.cc @@ -613,7 +613,7 @@ void RGWListBuckets_ObjStore_S3::send_response_begin(bool has_buckets) if (! op_ret) { list_all_buckets_start(s); - dump_owner(s, s->user->user_id, s->user->display_name); + dump_owner(s, s->user->get_id(), s->user->get_display_name()); s->formatter->open_array_section("Buckets"); sent_data = true; } @@ -1109,7 +1109,7 @@ void RGWListBucket_ObjStore_S3v2::send_versioned_response() s->formatter->dump_string("StorageClass", storage_class.c_str()); } if (fetchOwner == true) { - dump_owner(s, s->user->user_id, s->user->display_name); + dump_owner(s, s->user->get_id(), s->user->get_display_name()); } s->formatter->close_section(); } @@ -1188,7 +1188,7 @@ void RGWListBucket_ObjStore_S3v2::send_response() auto& storage_class = rgw_placement_rule::get_canonical_storage_class(iter->meta.storage_class); s->formatter->dump_string("StorageClass", storage_class.c_str()); if (fetchOwner == true) { - dump_owner(s, s->user->user_id, s->user->display_name); + dump_owner(s, s->user->get_id(), s->user->get_display_name()); } if (s->system_request) { s->formatter->dump_string("RgwxTag", iter->tag); @@ -2318,8 +2318,8 @@ int RGWPostObj_ObjStore_S3::get_policy() return -EACCES; } else { /* Populate the owner info. */ - s->owner.set_id(s->user->user_id); - s->owner.set_name(s->user->display_name); + s->owner.set_id(s->user->get_id()); + s->owner.set_name(s->user->get_display_name()); ldpp_dout(this, 20) << "Successful Signature Verification!" << dendl; } @@ -3244,8 +3244,8 @@ void RGWListBucketMultiparts_ObjStore_S3::send_response() s->formatter->dump_string("Key", mp.get_key()); } s->formatter->dump_string("UploadId", mp.get_upload_id()); - dump_owner(s, s->user->user_id, s->user->display_name, "Initiator"); - dump_owner(s, s->user->user_id, s->user->display_name); + dump_owner(s, s->user->get_id(), s->user->get_display_name(), "Initiator"); + dump_owner(s, s->user->get_id(), s->user->get_display_name()); s->formatter->dump_string("StorageClass", "STANDARD"); dump_time(s, "Initiated", &iter->obj.meta.mtime); s->formatter->close_section(); @@ -3612,7 +3612,7 @@ RGWOp *RGWHandler_REST_Service_S3::op_post() if (isSTSEnabled) { RGWHandler_REST_STS sts_handler(auth_registry, post_body); sts_handler.init(store, s, s->cio); - auto op = sts_handler.get_op(store); + auto op = sts_handler.get_op(); if (op) { return op; } @@ -3621,7 +3621,7 @@ RGWOp *RGWHandler_REST_Service_S3::op_post() if (isIAMEnabled) { RGWHandler_REST_IAM iam_handler(auth_registry, post_body); iam_handler.init(store, s, s->cio); - auto op = iam_handler.get_op(store); + auto op = iam_handler.get_op(); if (op) { return op; } @@ -3630,7 +3630,7 @@ RGWOp *RGWHandler_REST_Service_S3::op_post() if (isPSEnabled) { RGWHandler_REST_PSTopic_AWS topic_handler(auth_registry, post_body); topic_handler.init(store, s, s->cio); - auto op = topic_handler.get_op(store); + auto op = topic_handler.get_op(); if (op) { return op; } @@ -3971,7 +3971,7 @@ int RGWHandler_REST_S3::postauth_init() { struct req_init_state *t = &s->init_state; - rgw_parse_url_bucket(t->url_bucket, s->user->user_id.tenant, + rgw_parse_url_bucket(t->url_bucket, s->user->get_tenant(), s->bucket_tenant, s->bucket_name); dout(10) << "s->object=" << (!s->object.empty() ? s->object : rgw_obj_key("<NULL>")) @@ -3988,7 +3988,7 @@ int RGWHandler_REST_S3::postauth_init() } if (!t->src_bucket.empty()) { - rgw_parse_url_bucket(t->src_bucket, s->user->user_id.tenant, + rgw_parse_url_bucket(t->src_bucket, s->user->get_tenant(), s->src_tenant_name, s->src_bucket_name); ret = rgw_validate_tenant_name(s->src_tenant_name); if (ret) @@ -3997,7 +3997,7 @@ int RGWHandler_REST_S3::postauth_init() const char *mfa = s->info.env->get("HTTP_X_AMZ_MFA"); if (mfa) { - ret = verify_mfa(store, s->user, string(mfa), &s->mfa_verified, s); + ret = verify_mfa(store, &s->user->get_info(), string(mfa), &s->mfa_verified, s); } return 0; @@ -4126,8 +4126,8 @@ int RGW_Auth_S3::authorize(const DoutPrefixProvider *dpp, const auto ret = rgw::auth::Strategy::apply(dpp, auth_registry.get_s3_main(), s); if (ret == 0) { /* Populate the owner info. */ - s->owner.set_id(s->user->user_id); - s->owner.set_name(s->user->display_name); + s->owner.set_id(s->user->get_id()); + s->owner.set_name(s->user->get_display_name()); } return ret; } diff --git a/src/rgw/rgw_rest_sts.cc b/src/rgw/rgw_rest_sts.cc index 8be8669074b..3be9c156d1e 100644 --- a/src/rgw/rgw_rest_sts.cc +++ b/src/rgw/rgw_rest_sts.cc @@ -120,7 +120,7 @@ WebTokenEngine::authenticate( const DoutPrefixProvider* dpp, int RGWREST_STS::verify_permission() { - STS::STSService _sts(s->cct, store, s->user->user_id, s->auth.identity.get()); + STS::STSService _sts(s->cct, store, s->user->get_id(), s->auth.identity.get()); sts = std::move(_sts); string rArn = s->info.args.get("RoleArn"); @@ -134,7 +134,7 @@ int RGWREST_STS::verify_permission() //Parse the policy //TODO - This step should be part of Role Creation try { - const rgw::IAM::Policy p(s->cct, s->user->user_id.tenant, bl); + const rgw::IAM::Policy p(s->cct, s->user->get_tenant(), bl); //Check if the input role arn is there as one of the Principals in the policy, // If yes, then return 0, else -EPERM auto p_res = p.eval_principal(s->env, *s->auth.identity); @@ -168,7 +168,7 @@ int RGWSTSGetSessionToken::verify_permission() rgw::Service service = rgw::Service::s3; if (!verify_user_permission(this, s, - rgw::ARN(partition, service, "", s->user->user_id.tenant, ""), + rgw::ARN(partition, service, "", s->user->get_tenant(), ""), rgw::IAM::stsGetSessionToken)) { return -EACCES; } @@ -198,7 +198,7 @@ void RGWSTSGetSessionToken::execute() return; } - STS::STSService sts(s->cct, store, s->user->user_id, s->auth.identity.get()); + STS::STSService sts(s->cct, store, s->user->get_id(), s->auth.identity.get()); STS::GetSessionTokenRequest req(duration, serialNumber, tokenCode); const auto& [ret, creds] = sts.getSessionToken(req); @@ -234,7 +234,7 @@ int RGWSTSAssumeRoleWithWebIdentity::get_params() if (! policy.empty()) { bufferlist bl = bufferlist::static_from_string(policy); try { - const rgw::IAM::Policy p(s->cct, s->user->user_id.tenant, bl); + const rgw::IAM::Policy p(s->cct, s->user->get_tenant(), bl); } catch (rgw::IAM::PolicyParseException& e) { ldout(s->cct, 20) << "failed to parse policy: " << e.what() << "policy" << policy << dendl; @@ -293,7 +293,7 @@ int RGWSTSAssumeRole::get_params() if (! policy.empty()) { bufferlist bl = bufferlist::static_from_string(policy); try { - const rgw::IAM::Policy p(s->cct, s->user->user_id.tenant, bl); + const rgw::IAM::Policy p(s->cct, s->user->get_tenant(), bl); } catch (rgw::IAM::PolicyParseException& e) { ldout(s->cct, 20) << "failed to parse policy: " << e.what() << "policy" << policy << dendl; diff --git a/src/rgw/rgw_rest_swift.cc b/src/rgw/rgw_rest_swift.cc index 7d245b96a33..fb392828a42 100644 --- a/src/rgw/rgw_rest_swift.cc +++ b/src/rgw/rgw_rest_swift.cc @@ -114,13 +114,13 @@ static void dump_account_metadata(struct req_state * const s, /* Dump TempURL-related stuff */ if (s->perm_mask == RGW_PERM_FULL_CONTROL) { - auto iter = s->user->temp_url_keys.find(0); - if (iter != std::end(s->user->temp_url_keys) && ! iter->second.empty()) { + auto iter = s->user->get_info().temp_url_keys.find(0); + if (iter != std::end(s->user->get_info().temp_url_keys) && ! iter->second.empty()) { dump_header(s, "X-Account-Meta-Temp-Url-Key", iter->second); } - iter = s->user->temp_url_keys.find(1); - if (iter != std::end(s->user->temp_url_keys) && ! iter->second.empty()) { + iter = s->user->get_info().temp_url_keys.find(1); + if (iter != std::end(s->user->get_info().temp_url_keys) && ! iter->second.empty()) { dump_header(s, "X-Account-Meta-Temp-Url-Key-2", iter->second); } } @@ -186,7 +186,7 @@ void RGWListBuckets_ObjStore_SWIFT::send_response_begin(bool has_buckets) if (! op_ret) { dump_start(s); s->formatter->open_array_section_with_attrs("account", - FormatterAttrs("name", s->user->display_name.c_str(), NULL)); + FormatterAttrs("name", s->user->get_display_name().c_str(), NULL)); sent_data = true; } @@ -545,7 +545,7 @@ static void dump_container_metadata(struct req_state *s, void RGWStatAccount_ObjStore_SWIFT::execute() { RGWStatAccount_ObjStore::execute(); - op_ret = store->ctl()->user->get_attrs_by_uid(s->user->user_id, &attrs, s->yield); + op_ret = store->ctl()->user->get_attrs_by_uid(s->user->get_id(), &attrs, s->yield); } void RGWStatAccount_ObjStore_SWIFT::send_response() @@ -599,8 +599,8 @@ static int get_swift_container_settings(req_state * const s, if (read_list || write_list) { RGWAccessControlPolicy_SWIFT swift_policy(s->cct); const auto r = swift_policy.create(store->ctl()->user, - s->user->user_id, - s->user->display_name, + s->user->get_id(), + s->user->get_display_name(), read_list, write_list, *rw_mask); @@ -708,7 +708,7 @@ int RGWCreateBucket_ObjStore_SWIFT::get_params() } if (!has_policy) { - policy.create_default(s->user->user_id, s->user->display_name); + policy.create_default(s->user->get_id(), s->user->get_display_name()); } location_constraint = store->svc()->zone->get_zonegroup().api_name; @@ -849,7 +849,7 @@ int RGWPutObj_ObjStore_SWIFT::update_slo_segment_size(rgw_slo_entry& entry) { if (bucket_name.compare(s->bucket.name) != 0) { RGWBucketInfo bucket_info; map<string, bufferlist> bucket_attrs; - r = store->getRados()->get_bucket_info(store->svc(), s->user->user_id.tenant, + r = store->getRados()->get_bucket_info(store->svc(), s->user->get_id().tenant, bucket_name, bucket_info, nullptr, s->yield, &bucket_attrs); if (r < 0) { @@ -943,7 +943,7 @@ int RGWPutObj_ObjStore_SWIFT::get_params() } } - policy.create_default(s->user->user_id, s->user->display_name); + policy.create_default(s->user->get_id(), s->user->get_display_name()); int r = get_delete_at_param(s, delete_at); if (r < 0) { @@ -1061,8 +1061,8 @@ static int get_swift_account_settings(req_state * const s, if (acl_attr) { RGWAccessControlPolicy_SWIFTAcct swift_acct_policy(s->cct); const bool r = swift_acct_policy.create(store->ctl()->user, - s->user->user_id, - s->user->display_name, + s->user->get_id(), + s->user->get_display_name(), string(acl_attr)); if (r != true) { return -EINVAL; @@ -1376,7 +1376,7 @@ static void dump_object_metadata(const DoutPrefixProvider* dpp, struct req_state int RGWCopyObj_ObjStore_SWIFT::init_dest_policy() { - dest_policy.create_default(s->user->user_id, s->user->display_name); + dest_policy.create_default(s->user->get_id(), s->user->get_display_name()); return 0; } @@ -1441,7 +1441,7 @@ void RGWCopyObj_ObjStore_SWIFT::dump_copy_info() /* Dump X-Copied-From-Account. */ /* XXX tenant */ - dump_header(s, "X-Copied-From-Account", url_encode(s->user->user_id.id)); + dump_header(s, "X-Copied-From-Account", url_encode(s->user->get_id().id)); /* Dump X-Copied-From-Last-Modified. */ dump_time_header(s, "X-Copied-From-Last-Modified", src_mtime); @@ -2031,14 +2031,14 @@ bool RGWFormPost::is_integral() const std::string form_signature = get_part_str(ctrl_parts, "signature"); try { - get_owner_info(s, *s->user); + get_owner_info(s, s->user->get_info()); s->auth.identity = rgw::auth::transform_old_authinfo(s); } catch (...) { ldpp_dout(this, 5) << "cannot get user_info of account's owner" << dendl; return false; } - for (const auto& kv : s->user->temp_url_keys) { + for (const auto& kv : s->user->get_info().temp_url_keys) { const int temp_url_key_num = kv.first; const string& temp_url_key = kv.second; @@ -2132,7 +2132,7 @@ int RGWFormPost::get_params() return ret; } - policy.create_default(s->user->user_id, s->user->display_name); + policy.create_default(s->user->get_id(), s->user->get_display_name()); /* Let's start parsing the HTTP body by parsing each form part step- * by-step till encountering the first part with file data. */ @@ -2794,7 +2794,7 @@ int RGWHandler_REST_SWIFT::postauth_init() struct req_init_state* t = &s->init_state; /* XXX Stub this until Swift Auth sets account into URL. */ - s->bucket_tenant = s->user->user_id.tenant; + s->bucket_tenant = s->user->get_tenant(); s->bucket_name = t->url_bucket; dout(10) << "s->object=" << @@ -2819,7 +2819,7 @@ int RGWHandler_REST_SWIFT::postauth_init() * We don't allow cross-tenant copy at present. It requires account * names in the URL for Swift. */ - s->src_tenant_name = s->user->user_id.tenant; + s->src_tenant_name = s->user->get_tenant(); s->src_bucket_name = t->src_bucket; ret = validate_bucket_name(s->src_bucket_name); diff --git a/src/rgw/rgw_rest_usage.cc b/src/rgw/rgw_rest_usage.cc index d1afe67e92f..d3c722623fb 100644 --- a/src/rgw/rgw_rest_usage.cc +++ b/src/rgw/rgw_rest_usage.cc @@ -14,7 +14,7 @@ class RGWOp_Usage_Get : public RGWRESTOp { public: RGWOp_Usage_Get() {} - int check_caps(RGWUserCaps& caps) override { + int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("usage", RGW_CAP_READ); } void execute() override; @@ -60,7 +60,7 @@ class RGWOp_Usage_Delete : public RGWRESTOp { public: RGWOp_Usage_Delete() {} - int check_caps(RGWUserCaps& caps) override { + int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("usage", RGW_CAP_WRITE); } void execute() override; diff --git a/src/rgw/rgw_rest_user.cc b/src/rgw/rgw_rest_user.cc index c768789934d..71c4ce7e45e 100644 --- a/src/rgw/rgw_rest_user.cc +++ b/src/rgw/rgw_rest_user.cc @@ -20,7 +20,7 @@ class RGWOp_User_List : public RGWRESTOp { public: RGWOp_User_List() {} - int check_caps(RGWUserCaps& caps) override { + int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("users", RGW_CAP_READ); } @@ -48,7 +48,7 @@ class RGWOp_User_Info : public RGWRESTOp { public: RGWOp_User_Info() {} - int check_caps(RGWUserCaps& caps) override { + int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("users", RGW_CAP_READ); } @@ -95,7 +95,7 @@ class RGWOp_User_Create : public RGWRESTOp { public: RGWOp_User_Create() {} - int check_caps(RGWUserCaps& caps) override { + int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("users", RGW_CAP_WRITE); } @@ -143,7 +143,7 @@ void RGWOp_User_Create::execute() RESTArgs::get_bool(s, "exclusive", false, &exclusive); RESTArgs::get_string(s, "op-mask", op_mask_str, &op_mask_str); - if (!s->user->system && system) { + if (!s->user->get_info().system && system) { ldout(s->cct, 0) << "cannot set system flag by non-system user" << dendl; http_ret = -EINVAL; return; @@ -213,7 +213,7 @@ class RGWOp_User_Modify : public RGWRESTOp { public: RGWOp_User_Modify() {} - int check_caps(RGWUserCaps& caps) override { + int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("users", RGW_CAP_WRITE); } @@ -258,7 +258,7 @@ void RGWOp_User_Modify::execute() RESTArgs::get_bool(s, "system", false, &system); RESTArgs::get_string(s, "op-mask", op_mask_str, &op_mask_str); - if (!s->user->system && system) { + if (!s->user->get_info().system && system) { ldout(s->cct, 0) << "cannot set system flag by non-system user" << dendl; http_ret = -EINVAL; return; @@ -333,7 +333,7 @@ class RGWOp_User_Remove : public RGWRESTOp { public: RGWOp_User_Remove() {} - int check_caps(RGWUserCaps& caps) override { + int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("users", RGW_CAP_WRITE); } @@ -376,7 +376,7 @@ class RGWOp_Subuser_Create : public RGWRESTOp { public: RGWOp_Subuser_Create() {} - int check_caps(RGWUserCaps& caps) override { + int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("users", RGW_CAP_WRITE); } @@ -454,7 +454,7 @@ class RGWOp_Subuser_Modify : public RGWRESTOp { public: RGWOp_Subuser_Modify() {} - int check_caps(RGWUserCaps& caps) override { + int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("users", RGW_CAP_WRITE); } @@ -523,7 +523,7 @@ class RGWOp_Subuser_Remove : public RGWRESTOp { public: RGWOp_Subuser_Remove() {} - int check_caps(RGWUserCaps& caps) override { + int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("users", RGW_CAP_WRITE); } @@ -568,7 +568,7 @@ class RGWOp_Key_Create : public RGWRESTOp { public: RGWOp_Key_Create() {} - int check_caps(RGWUserCaps& caps) override { + int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("users", RGW_CAP_WRITE); } @@ -624,7 +624,7 @@ class RGWOp_Key_Remove : public RGWRESTOp { public: RGWOp_Key_Remove() {} - int check_caps(RGWUserCaps& caps) override { + int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("users", RGW_CAP_WRITE); } @@ -671,7 +671,7 @@ class RGWOp_Caps_Add : public RGWRESTOp { public: RGWOp_Caps_Add() {} - int check_caps(RGWUserCaps& caps) override { + int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("users", RGW_CAP_WRITE); } @@ -711,7 +711,7 @@ class RGWOp_Caps_Remove : public RGWRESTOp { public: RGWOp_Caps_Remove() {} - int check_caps(RGWUserCaps& caps) override { + int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("users", RGW_CAP_WRITE); } @@ -770,7 +770,7 @@ class RGWOp_Quota_Info : public RGWRESTOp { public: RGWOp_Quota_Info() {} - int check_caps(RGWUserCaps& caps) override { + int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("users", RGW_CAP_READ); } @@ -842,7 +842,7 @@ class RGWOp_Quota_Set : public RGWRESTOp { public: RGWOp_Quota_Set() {} - int check_caps(RGWUserCaps& caps) override { + int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("users", RGW_CAP_WRITE); } diff --git a/src/rgw/rgw_rest_user_policy.cc b/src/rgw/rgw_rest_user_policy.cc index d534cb5f26a..aed374fbfa7 100644 --- a/src/rgw/rgw_rest_user_policy.cc +++ b/src/rgw/rgw_rest_user_policy.cc @@ -42,7 +42,7 @@ int RGWRestUserPolicy::verify_permission() return -EACCES; } - if(int ret = check_caps(s->user->caps); ret == 0) { + if(int ret = check_caps(s->user->get_caps()); ret == 0) { return ret; } @@ -73,12 +73,12 @@ bool RGWRestUserPolicy::validate_input() return true; } -int RGWUserPolicyRead::check_caps(RGWUserCaps& caps) +int RGWUserPolicyRead::check_caps(const RGWUserCaps& caps) { return caps.check_cap("user-policy", RGW_CAP_READ); } -int RGWUserPolicyWrite::check_caps(RGWUserCaps& caps) +int RGWUserPolicyWrite::check_caps(const RGWUserCaps& caps) { return caps.check_cap("user-policy", RGW_CAP_WRITE); } @@ -132,7 +132,7 @@ void RGWPutUserPolicy::execute() } try { - const Policy p(s->cct, s->user->user_id.tenant, bl); + const Policy p(s->cct, s->user->get_tenant(), bl); map<string, string> policies; if (auto it = uattrs.find(RGW_ATTR_USER_POLICY); it != uattrs.end()) { bufferlist out_bl = uattrs[RGW_ATTR_USER_POLICY]; diff --git a/src/rgw/rgw_rest_user_policy.h b/src/rgw/rgw_rest_user_policy.h index d9b46b4810e..bdc8d24b33c 100644 --- a/src/rgw/rgw_rest_user_policy.h +++ b/src/rgw/rgw_rest_user_policy.h @@ -22,13 +22,13 @@ public: class RGWUserPolicyRead : public RGWRestUserPolicy { public: RGWUserPolicyRead() = default; - int check_caps(RGWUserCaps& caps) override; + int check_caps(const RGWUserCaps& caps) override; }; class RGWUserPolicyWrite : public RGWRestUserPolicy { public: RGWUserPolicyWrite() = default; - int check_caps(RGWUserCaps& caps) override; + int check_caps(const RGWUserCaps& caps) override; }; class RGWPutUserPolicy : public RGWUserPolicyWrite { diff --git a/src/rgw/rgw_sal.cc b/src/rgw/rgw_sal.cc index 1de0642c852..22cb33fa216 100644 --- a/src/rgw/rgw_sal.cc +++ b/src/rgw/rgw_sal.cc @@ -36,8 +36,8 @@ int RGWRadosUser::list_buckets(const string& marker, const string& end_marker, bool is_truncated = false; int ret; - ret = store->ctl()->user->list_buckets(user, marker, end_marker, max, need_stats, &ulist, - &is_truncated); + ret = store->ctl()->user->list_buckets(info.user_id, marker, end_marker, max, + need_stats, &ulist, &is_truncated); if (ret < 0) return ret; @@ -64,9 +64,10 @@ RGWBucket* RGWRadosUser::add_bucket(rgw_bucket& bucket, return NULL; } -std::string& RGWRadosUser::get_display_name() +int RGWRadosUser::get_by_id(rgw_user id, optional_yield y) + { - return info.display_name; + return store->ctl()->user->get_info_by_uid(id, &info, y); } RGWObject *RGWRadosBucket::create_object(const rgw_obj_key &key) @@ -176,7 +177,7 @@ int RGWRadosBucket::read_bucket_stats(optional_yield y) int RGWRadosBucket::sync_user_stats() { - return store->ctl()->bucket->sync_user_stats(user.user, info, &ent); + return store->ctl()->bucket->sync_user_stats(user.info.user_id, info, &ent); } int RGWRadosBucket::update_container_stats(void) diff --git a/src/rgw/rgw_sal.h b/src/rgw/rgw_sal.h index 7d8523fb503..356cbefebb6 100644 --- a/src/rgw/rgw_sal.h +++ b/src/rgw/rgw_sal.h @@ -46,26 +46,30 @@ class RGWStore { class RGWUser { protected: - rgw_user user; RGWUserInfo info; public: - RGWUser() : user() {} - RGWUser(const rgw_user& _u) : user(_u) {} - RGWUser(const RGWUserInfo& _i) : user(_i.user_id), info(_i) {} + RGWUser() : info() {} + RGWUser(const rgw_user& _u) : info() { info.user_id = _u; } + RGWUser(const RGWUserInfo& _i) : info(_i) {} virtual ~RGWUser() = default; virtual int list_buckets(const string& marker, const string& end_marker, uint64_t max, bool need_stats, RGWBucketList& buckets) = 0; virtual RGWBucket* add_bucket(rgw_bucket& bucket, ceph::real_time creation_time) = 0; friend class RGWBucket; - virtual std::string& get_display_name() = 0; + virtual std::string& get_display_name() { return info.display_name; } - std::string& get_tenant() { return user.tenant; } + std::string& get_tenant() { return info.user_id.tenant; } + const rgw_user& get_id() const { return info.user_id; } + uint32_t get_type() const { return info.type; } + int32_t get_max_buckets() const { return info.max_buckets; } + const RGWUserCaps& get_caps() const { return info.caps; } /* xxx dang temporary; will be removed when User is complete */ - rgw_user& get_user() { return user; } + rgw_user& get_user() { return info.user_id; } + RGWUserInfo& get_info() { return info; } }; class RGWBucket { @@ -181,12 +185,15 @@ class RGWRadosUser : public RGWUser { public: RGWRadosUser(RGWRadosStore *_st, const rgw_user& _u) : RGWUser(_u), store(_st) { } RGWRadosUser(RGWRadosStore *_st, const RGWUserInfo& _i) : RGWUser(_i), store(_st) { } + RGWRadosUser(RGWRadosStore *_st) : store(_st) { } RGWRadosUser() {} int list_buckets(const string& marker, const string& end_marker, uint64_t max, bool need_stats, RGWBucketList& buckets); RGWBucket* add_bucket(rgw_bucket& bucket, ceph::real_time creation_time); - virtual std::string& get_display_name() override; + + /* Placeholders */ + int get_by_id(rgw_user id, optional_yield y); friend class RGWRadosBucket; }; diff --git a/src/rgw/rgw_sync_module_es_rest.cc b/src/rgw/rgw_sync_module_es_rest.cc index 3d6ad926c1c..1abeaeb83d5 100644 --- a/src/rgw/rgw_sync_module_es_rest.cc +++ b/src/rgw/rgw_sync_module_es_rest.cc @@ -165,8 +165,8 @@ void RGWMetadataSearchOp::execute() list<pair<string, string> > conds; - if (!s->user->system) { - conds.push_back(make_pair("permissions", s->user->user_id.to_str())); + if (!s->user->get_info().system) { + conds.push_back(make_pair("permissions", s->user->get_id().to_str())); } if (!s->bucket_name.empty()) { diff --git a/src/rgw/rgw_sync_module_pubsub_rest.cc b/src/rgw/rgw_sync_module_pubsub_rest.cc index d95b264ea6a..c9ac49766e8 100644 --- a/src/rgw/rgw_sync_module_pubsub_rest.cc +++ b/src/rgw/rgw_sync_module_pubsub_rest.cc @@ -39,7 +39,7 @@ public: // the topic ARN will be sent in the reply const rgw::ARN arn(rgw::Partition::aws, rgw::Service::sns, store->svc()->zone->get_zonegroup().get_name(), - s->user->user_id.tenant, topic_name); + s->user->get_tenant(), topic_name); topic_arn = arn.to_string(); return 0; } diff --git a/src/test/librgw_file_nfsns.cc b/src/test/librgw_file_nfsns.cc index fca3940d768..92153fbdbbd 100644 --- a/src/test/librgw_file_nfsns.cc +++ b/src/test/librgw_file_nfsns.cc @@ -241,7 +241,8 @@ TEST(LibRGW, SETUP_HIER1) std::cout << "creating: " << bucket_name << ":" << obj_name << std::endl; } - RGWPutObjRequest req(cct, fs_private->get_user(), bucket_name, obj_name, + rgw::sal::RGWRadosUser ruser(rgwlib.get_store(), *fs_private->get_user()); + RGWPutObjRequest req(cct, &ruser, bucket_name, obj_name, bl); int rc = rgwlib.get_fe()->execute_req(&req); int rc2 = req.get_ret(); diff --git a/src/test/rgw/test_rgw_iam_policy.cc b/src/test/rgw/test_rgw_iam_policy.cc index ca8c3d921c6..6e5597f9bf9 100644 --- a/src/test/rgw/test_rgw_iam_policy.cc +++ b/src/test/rgw/test_rgw_iam_policy.cc @@ -819,8 +819,8 @@ TEST_F(IPPolicyTest, asNetworkInvalid) { TEST_F(IPPolicyTest, IPEnvironment) { // Unfortunately RGWCivetWeb is too tightly tied to civetweb to test RGWCivetWeb::init_env. RGWEnv rgw_env; - RGWUserInfo user; rgw::sal::RGWRadosStore store; + rgw::sal::RGWRadosUser user(&store); rgw_env.set("REMOTE_ADDR", "192.168.1.1"); rgw_env.set("HTTP_HOST", "1.2.3.4"); req_state rgw_req_state(cct.get(), &rgw_env, &user, 0); |