1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
|
// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
// vim: ts=8 sw=2 smarttab ft=cpp
#pragma once
#include <boost/optional.hpp>
#include "common/async/yield_context.h"
#include "rgw_arn.h"
#include "rgw_role.h"
#include "rgw_rest.h"
class RGWRestRole : public RGWRESTOp {
const uint64_t action;
const uint32_t perm;
protected:
rgw_account_id account_id;
rgw::ARN resource; // must be initialized before verify_permission()
int check_caps(const RGWUserCaps& caps) override;
RGWRestRole(uint64_t action, uint32_t perm) : action(action), perm(perm) {}
public:
int verify_permission(optional_yield y) override;
};
class RGWCreateRole : public RGWRestRole {
bufferlist bl_post_body;
std::string role_name;
std::string role_path;
std::string trust_policy;
std::string description;
std::string max_session_duration;
std::multimap<std::string, std::string> tags;
public:
explicit RGWCreateRole(const bufferlist& bl_post_body)
: RGWRestRole(rgw::IAM::iamCreateRole, RGW_CAP_WRITE),
bl_post_body(bl_post_body) {}
int init_processing(optional_yield y) override;
void execute(optional_yield y) override;
const char* name() const override { return "create_role"; }
RGWOpType get_type() override { return RGW_OP_CREATE_ROLE; }
};
class RGWDeleteRole : public RGWRestRole {
bufferlist bl_post_body;
std::string role_name;
std::unique_ptr<rgw::sal::RGWRole> role;
public:
explicit RGWDeleteRole(const bufferlist& bl_post_body)
: RGWRestRole(rgw::IAM::iamDeleteRole, RGW_CAP_WRITE),
bl_post_body(bl_post_body) {}
int init_processing(optional_yield y) override;
void execute(optional_yield y) override;
const char* name() const override { return "delete_role"; }
RGWOpType get_type() override { return RGW_OP_DELETE_ROLE; }
};
class RGWGetRole : public RGWRestRole {
std::string role_name;
std::unique_ptr<rgw::sal::RGWRole> role;
public:
RGWGetRole() : RGWRestRole(rgw::IAM::iamGetRole, RGW_CAP_READ) {}
int init_processing(optional_yield y) override;
void execute(optional_yield y) override;
const char* name() const override { return "get_role"; }
RGWOpType get_type() override { return RGW_OP_GET_ROLE; }
};
class RGWModifyRoleTrustPolicy : public RGWRestRole {
bufferlist bl_post_body;
std::string role_name;
std::string trust_policy;
std::unique_ptr<rgw::sal::RGWRole> role;
public:
explicit RGWModifyRoleTrustPolicy(const bufferlist& bl_post_body)
: RGWRestRole(rgw::IAM::iamModifyRoleTrustPolicy, RGW_CAP_WRITE),
bl_post_body(bl_post_body) {}
int init_processing(optional_yield y) override;
void execute(optional_yield y) override;
const char* name() const override { return "modify_role_trust_policy"; }
RGWOpType get_type() override { return RGW_OP_MODIFY_ROLE_TRUST_POLICY; }
};
class RGWListRoles : public RGWRestRole {
std::string path_prefix;
std::string marker;
int max_items = 100;
public:
RGWListRoles() : RGWRestRole(rgw::IAM::iamListRoles, RGW_CAP_READ) {}
int init_processing(optional_yield y) override;
void execute(optional_yield y) override;
const char* name() const override { return "list_roles"; }
RGWOpType get_type() override { return RGW_OP_LIST_ROLES; }
};
class RGWPutRolePolicy : public RGWRestRole {
bufferlist bl_post_body;
std::string role_name;
std::string policy_name;
std::string perm_policy;
std::unique_ptr<rgw::sal::RGWRole> role;
public:
explicit RGWPutRolePolicy(const bufferlist& bl_post_body)
: RGWRestRole(rgw::IAM::iamPutRolePolicy, RGW_CAP_WRITE),
bl_post_body(bl_post_body) {}
int init_processing(optional_yield y) override;
void execute(optional_yield y) override;
const char* name() const override { return "put_role_policy"; }
RGWOpType get_type() override { return RGW_OP_PUT_ROLE_POLICY; }
};
class RGWGetRolePolicy : public RGWRestRole {
std::string role_name;
std::string policy_name;
std::string perm_policy;
std::unique_ptr<rgw::sal::RGWRole> role;
public:
RGWGetRolePolicy() : RGWRestRole(rgw::IAM::iamGetRolePolicy, RGW_CAP_READ) {}
int init_processing(optional_yield y) override;
void execute(optional_yield y) override;
const char* name() const override { return "get_role_policy"; }
RGWOpType get_type() override { return RGW_OP_GET_ROLE_POLICY; }
};
class RGWListRolePolicies : public RGWRestRole {
std::string role_name;
std::unique_ptr<rgw::sal::RGWRole> role;
public:
RGWListRolePolicies() : RGWRestRole(rgw::IAM::iamListRolePolicies, RGW_CAP_READ) {}
int init_processing(optional_yield y) override;
void execute(optional_yield y) override;
const char* name() const override { return "list_role_policies"; }
RGWOpType get_type() override { return RGW_OP_LIST_ROLE_POLICIES; }
};
class RGWDeleteRolePolicy : public RGWRestRole {
bufferlist bl_post_body;
std::string role_name;
std::string policy_name;
std::unique_ptr<rgw::sal::RGWRole> role;
public:
explicit RGWDeleteRolePolicy(const bufferlist& bl_post_body)
: RGWRestRole(rgw::IAM::iamDeleteRolePolicy, RGW_CAP_WRITE),
bl_post_body(bl_post_body) {}
int init_processing(optional_yield y) override;
void execute(optional_yield y) override;
const char* name() const override { return "delete_role_policy"; }
RGWOpType get_type() override { return RGW_OP_DELETE_ROLE_POLICY; }
};
class RGWTagRole : public RGWRestRole {
bufferlist bl_post_body;
std::string role_name;
std::multimap<std::string, std::string> tags;
std::unique_ptr<rgw::sal::RGWRole> role;
public:
explicit RGWTagRole(const bufferlist& bl_post_body)
: RGWRestRole(rgw::IAM::iamTagRole, RGW_CAP_WRITE),
bl_post_body(bl_post_body) {}
int init_processing(optional_yield y) override;
void execute(optional_yield y) override;
const char* name() const override { return "tag_role"; }
RGWOpType get_type() override { return RGW_OP_TAG_ROLE; }
};
class RGWListRoleTags : public RGWRestRole {
std::string role_name;
std::multimap<std::string, std::string> tags;
std::unique_ptr<rgw::sal::RGWRole> role;
public:
RGWListRoleTags() : RGWRestRole(rgw::IAM::iamListRoleTags, RGW_CAP_READ) {}
int init_processing(optional_yield y) override;
void execute(optional_yield y) override;
const char* name() const override { return "list_role_tags"; }
RGWOpType get_type() override { return RGW_OP_LIST_ROLE_TAGS; }
};
class RGWUntagRole : public RGWRestRole {
bufferlist bl_post_body;
std::string role_name;
std::vector<std::string> untag;
std::unique_ptr<rgw::sal::RGWRole> role;
public:
explicit RGWUntagRole(const bufferlist& bl_post_body)
: RGWRestRole(rgw::IAM::iamUntagRole, RGW_CAP_WRITE),
bl_post_body(bl_post_body) {}
int init_processing(optional_yield y) override;
void execute(optional_yield y) override;
const char* name() const override { return "untag_role"; }
RGWOpType get_type() override { return RGW_OP_UNTAG_ROLE; }
};
class RGWUpdateRole : public RGWRestRole {
bufferlist bl_post_body;
std::string role_name;
boost::optional<std::string> description;
std::string max_session_duration;
std::unique_ptr<rgw::sal::RGWRole> role;
public:
explicit RGWUpdateRole(const bufferlist& bl_post_body)
: RGWRestRole(rgw::IAM::iamUpdateRole, RGW_CAP_WRITE),
bl_post_body(bl_post_body) {}
int init_processing(optional_yield y) override;
void execute(optional_yield y) override;
const char* name() const override { return "update_role"; }
RGWOpType get_type() override { return RGW_OP_UPDATE_ROLE; }
};
RGWOp* make_iam_attach_role_policy_op(const ceph::bufferlist& post_body);
RGWOp* make_iam_detach_role_policy_op(const ceph::bufferlist& post_body);
RGWOp* make_iam_list_attached_role_policies_op(const ceph::bufferlist& unused);
|
