1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
|
// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
// vim: ts=8 sw=2 smarttab ft=cpp
#pragma once
#include <string>
#include "common/async/yield_context.h"
#include "common/ceph_json.h"
#include "common/ceph_context.h"
#include "rgw_rados.h"
#include "rgw_metadata.h"
#include "rgw_iam_managed_policy.h"
class RGWRados;
namespace rgw { namespace sal {
struct RGWRoleInfo
{
std::string id;
std::string name;
std::string path;
std::string arn;
std::string creation_date;
std::string trust_policy;
// map from PolicyName to an inline policy document from PutRolePolicy
std::map<std::string, std::string> perm_policy_map;
// set of managed policy arns from AttachRolePolicy
rgw::IAM::ManagedPolicies managed_policies;
std::string tenant;
std::string description;
uint64_t max_session_duration = 0;
std::multimap<std::string,std::string> tags;
std::map<std::string, bufferlist> attrs;
RGWObjVersionTracker objv_tracker;
real_time mtime;
rgw_account_id account_id;
RGWRoleInfo() = default;
~RGWRoleInfo() = default;
void encode(bufferlist& bl) const {
ENCODE_START(4, 1, bl);
encode(id, bl);
encode(name, bl);
encode(path, bl);
encode(arn, bl);
encode(creation_date, bl);
encode(trust_policy, bl);
encode(perm_policy_map, bl);
encode(tenant, bl);
encode(max_session_duration, bl);
encode(account_id, bl);
encode(description, bl);
encode(managed_policies, bl);
ENCODE_FINISH(bl);
}
void decode(bufferlist::const_iterator& bl) {
DECODE_START(4, bl);
decode(id, bl);
decode(name, bl);
decode(path, bl);
decode(arn, bl);
decode(creation_date, bl);
decode(trust_policy, bl);
decode(perm_policy_map, bl);
if (struct_v >= 2) {
decode(tenant, bl);
}
if (struct_v >= 3) {
decode(max_session_duration, bl);
}
if (struct_v >= 4) {
decode(account_id, bl);
decode(description, bl);
decode(managed_policies, bl);
}
DECODE_FINISH(bl);
}
void dump(Formatter *f) const;
void decode_json(JSONObj *obj);
};
WRITE_CLASS_ENCODER(RGWRoleInfo)
class RGWRole
{
public:
static const std::string role_name_oid_prefix;
static const std::string role_oid_prefix;
static const std::string role_path_oid_prefix;
static const std::string role_arn_prefix;
static constexpr int MAX_ROLE_NAME_LEN = 64;
static constexpr int MAX_PATH_NAME_LEN = 512;
static constexpr uint64_t SESSION_DURATION_MIN = 3600; // in seconds
static constexpr uint64_t SESSION_DURATION_MAX = 43200; // in seconds
protected:
RGWRoleInfo info;
public:
virtual int store_info(const DoutPrefixProvider *dpp, bool exclusive, optional_yield y) = 0;
virtual int store_name(const DoutPrefixProvider *dpp, bool exclusive, optional_yield y) = 0;
virtual int store_path(const DoutPrefixProvider *dpp, bool exclusive, optional_yield y) = 0;
virtual int read_id(const DoutPrefixProvider *dpp, const std::string& role_name, const std::string& tenant, std::string& role_id, optional_yield y) = 0;
virtual int read_name(const DoutPrefixProvider *dpp, optional_yield y) = 0;
virtual int read_info(const DoutPrefixProvider *dpp, optional_yield y) = 0;
bool validate_max_session_duration(const DoutPrefixProvider* dpp);
bool validate_input(const DoutPrefixProvider* dpp);
void extract_name_tenant(const std::string& str);
RGWRole(std::string name,
std::string tenant,
rgw_account_id account_id,
std::string path="",
std::string trust_policy="",
std::string description="",
std::string max_session_duration_str="",
std::multimap<std::string,std::string> tags={});
explicit RGWRole(std::string id);
explicit RGWRole(const RGWRoleInfo& info) : info(info) {}
RGWRole() = default;
virtual ~RGWRole() = default;
const std::string& get_id() const { return info.id; }
const std::string& get_name() const { return info.name; }
const std::string& get_tenant() const { return info.tenant; }
const rgw_account_id& get_account_id() const { return info.account_id; }
const std::string& get_path() const { return info.path; }
const std::string& get_create_date() const { return info.creation_date; }
const std::string& get_assume_role_policy() const { return info.trust_policy;}
const uint64_t& get_max_session_duration() const { return info.max_session_duration; }
RGWObjVersionTracker& get_objv_tracker() { return info.objv_tracker; }
const RGWObjVersionTracker& get_objv_tracker() const { return info.objv_tracker; }
const real_time& get_mtime() const { return info.mtime; }
std::map<std::string, bufferlist>& get_attrs() { return info.attrs; }
RGWRoleInfo& get_info() { return info; }
void set_id(const std::string& id) { this->info.id = id; }
void set_mtime(const real_time& mtime) { this->info.mtime = mtime; }
virtual int create(const DoutPrefixProvider *dpp, bool exclusive, const std::string &role_id, optional_yield y) = 0;
virtual int delete_obj(const DoutPrefixProvider *dpp, optional_yield y) = 0;
int get(const DoutPrefixProvider *dpp, optional_yield y);
int get_by_id(const DoutPrefixProvider *dpp, optional_yield y);
int update(const DoutPrefixProvider *dpp, optional_yield y);
void update_trust_policy(std::string& trust_policy);
void set_perm_policy(const std::string& policy_name, const std::string& perm_policy);
std::vector<std::string> get_role_policy_names();
int get_role_policy(const DoutPrefixProvider* dpp, const std::string& policy_name, std::string& perm_policy);
int delete_policy(const DoutPrefixProvider* dpp, const std::string& policy_name);
int set_tags(const DoutPrefixProvider* dpp, const std::multimap<std::string,std::string>& tags_map);
boost::optional<std::multimap<std::string,std::string>> get_tags();
void erase_tags(const std::vector<std::string>& tagKeys);
void update_max_session_duration(const std::string& max_session_duration_str);
static const std::string& get_names_oid_prefix();
static const std::string& get_info_oid_prefix();
static const std::string& get_path_oid_prefix();
};
class RGWRoleMetadataObject: public RGWMetadataObject {
RGWRoleInfo info;
Driver* driver;
public:
RGWRoleMetadataObject() = default;
RGWRoleMetadataObject(RGWRoleInfo& info,
const obj_version& v,
real_time m,
Driver* driver) : RGWMetadataObject(v,m), info(info), driver(driver) {}
void dump(Formatter *f) const override {
info.dump(f);
}
RGWRoleInfo& get_role_info() {
return info;
}
Driver* get_driver() {
return driver;
}
};
class RGWRoleMetadataHandler: public RGWMetadataHandler_GenericMetaBE
{
public:
RGWRoleMetadataHandler(Driver* driver, RGWSI_Role_RADOS *role_svc);
std::string get_type() final { return "roles"; }
RGWMetadataObject *get_meta_obj(JSONObj *jo,
const obj_version& objv,
const ceph::real_time& mtime);
int do_get(RGWSI_MetaBackend_Handler::Op *op,
std::string& entry,
RGWMetadataObject **obj,
optional_yield y,
const DoutPrefixProvider *dpp) final;
int do_remove(RGWSI_MetaBackend_Handler::Op *op,
std::string& entry,
RGWObjVersionTracker& objv_tracker,
optional_yield y,
const DoutPrefixProvider *dpp) final;
int do_put(RGWSI_MetaBackend_Handler::Op *op,
std::string& entr,
RGWMetadataObject *obj,
RGWObjVersionTracker& objv_tracker,
optional_yield y,
const DoutPrefixProvider *dpp,
RGWMDLogSyncType type,
bool from_remote_zone) override;
private:
Driver* driver;
};
} } // namespace rgw::sal
|