1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
// vim: ts=8 sw=2 smarttab ft=cpp
#pragma once
#include <string>
#include "rgw_sal_fwd.h"
#include "rgw_user_types.h"
class DoutPrefixProvider;
class RGWAccessControlPolicy;
namespace rgw::swift {
/// Create a policy based on swift container acl headers
/// X-Container-Read/X-Container-Write.
int create_container_policy(const DoutPrefixProvider *dpp,
rgw::sal::Driver* driver,
const rgw_user& id,
const std::string& name,
const char* read_list,
const char* write_list,
uint32_t& rw_mask,
RGWAccessControlPolicy& policy);
/// Copy grants matching the permission mask (SWIFT_PERM_READ/WRITE) from
/// one policy to another.
void merge_policy(uint32_t rw_mask, const RGWAccessControlPolicy& src,
RGWAccessControlPolicy& dest);
/// Format the policy in terms of X-Container-Read/X-Container-Write strings.
void format_container_acls(const RGWAccessControlPolicy& policy,
std::string& read, std::string& write);
/// Create a policy based on swift account acl header X-Account-Access-Control.
int create_account_policy(const DoutPrefixProvider* dpp,
rgw::sal::Driver* driver,
const rgw_user& id,
const std::string& name,
const std::string& acl_str,
RGWAccessControlPolicy& policy);
/// Format the policy in terms of the X-Account-Access-Control string. Returns
/// std::nullopt if there are no admin/read-write/read-only entries.
auto format_account_acl(const RGWAccessControlPolicy& policy)
-> std::optional<std::string>;
} // namespace rgw::swift
|
