diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 18:24:20 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 18:24:20 +0000 |
commit | 483eb2f56657e8e7f419ab1a4fab8dce9ade8609 (patch) | |
tree | e5d88d25d870d5dedacb6bbdbe2a966086a0a5cf /src/rgw/rgw_rest_iam.cc | |
parent | Initial commit. (diff) | |
download | ceph-483eb2f56657e8e7f419ab1a4fab8dce9ade8609.tar.xz ceph-483eb2f56657e8e7f419ab1a4fab8dce9ade8609.zip |
Adding upstream version 14.2.21.upstream/14.2.21upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'src/rgw/rgw_rest_iam.cc')
-rw-r--r-- | src/rgw/rgw_rest_iam.cc | 147 |
1 files changed, 147 insertions, 0 deletions
diff --git a/src/rgw/rgw_rest_iam.cc b/src/rgw/rgw_rest_iam.cc new file mode 100644 index 00000000..ef0e958d --- /dev/null +++ b/src/rgw/rgw_rest_iam.cc @@ -0,0 +1,147 @@ +// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*- +// vim: ts=8 sw=2 smarttab + +#include <boost/tokenizer.hpp> + +#include "rgw_rest.h" +#include "rgw_rest_iam.h" + +#include "rgw_request.h" +#include "rgw_process.h" + +#include "rgw_rest_role.h" +#include "rgw_rest_user_policy.h" + +#define dout_context g_ceph_context +#define dout_subsys ceph_subsys_rgw + +void RGWHandler_REST_IAM::rgw_iam_parse_input() +{ + if (post_body.size() > 0) { + ldout(s->cct, 10) << "Content of POST: " << post_body << dendl; + + if (post_body.find("Action") != string::npos) { + boost::char_separator<char> sep("&"); + boost::tokenizer<boost::char_separator<char>> tokens(post_body, sep); + for (const auto& t : tokens) { + auto pos = t.find("="); + if (pos != string::npos) { + std::string key = t.substr(0, pos); + std::string value = t.substr(pos + 1, t.size() - 1); + if (key == "AssumeRolePolicyDocument" || key == "Path" || key == "PolicyDocument") { + value = url_decode(value); + } + s->info.args.append(key, value); + } + } + } + } + auto payload_hash = rgw::auth::s3::calc_v4_payload_hash(post_body); + s->info.args.append("PayloadHash", payload_hash); +} + +RGWOp *RGWHandler_REST_IAM::op_post() +{ + rgw_iam_parse_input(); + + if (s->info.args.exists("Action")) { + string action = s->info.args.get("Action"); + if (action.compare("CreateRole") == 0) + return new RGWCreateRole; + if (action.compare("DeleteRole") == 0) + return new RGWDeleteRole; + if (action.compare("GetRole") == 0) + return new RGWGetRole; + if (action.compare("UpdateAssumeRolePolicy") == 0) + return new RGWModifyRole; + if (action.compare("ListRoles") == 0) + return new RGWListRoles; + if (action.compare("PutRolePolicy") == 0) + return new RGWPutRolePolicy; + if (action.compare("GetRolePolicy") == 0) + return new RGWGetRolePolicy; + if (action.compare("ListRolePolicies") == 0) + return new RGWListRolePolicies; + if (action.compare("DeleteRolePolicy") == 0) + return new RGWDeleteRolePolicy; + if (action.compare("PutUserPolicy") == 0) + return new RGWPutUserPolicy; + if (action.compare("GetUserPolicy") == 0) + return new RGWGetUserPolicy; + if (action.compare("ListUserPolicies") == 0) + return new RGWListUserPolicies; + if (action.compare("DeleteUserPolicy") == 0) + return new RGWDeleteUserPolicy; + } + + return nullptr; +} + +int RGWHandler_REST_IAM::init(RGWRados *store, + struct req_state *s, + rgw::io::BasicClient *cio) +{ + s->dialect = "iam"; + + if (int ret = RGWHandler_REST_IAM::init_from_header(s, RGW_FORMAT_XML, true); ret < 0) { + ldout(s->cct, 10) << "init_from_header returned err=" << ret << dendl; + return ret; + } + + return RGWHandler_REST::init(store, s, cio); +} + +int RGWHandler_REST_IAM::authorize(const DoutPrefixProvider* dpp) +{ + return RGW_Auth_S3::authorize(dpp, store, auth_registry, s); +} + +int RGWHandler_REST_IAM::init_from_header(struct req_state* s, + int default_formatter, + bool configurable_format) +{ + string req; + string first; + + s->prot_flags = RGW_REST_IAM; + + const char *p, *req_name; + if (req_name = s->relative_uri.c_str(); *req_name == '?') { + p = req_name; + } else { + p = s->info.request_params.c_str(); + } + + s->info.args.set(p); + s->info.args.parse(); + + /* must be called after the args parsing */ + if (int ret = allocate_formatter(s, default_formatter, configurable_format); ret < 0) + return ret; + + if (*req_name != '/') + return 0; + + req_name++; + + if (!*req_name) + return 0; + + req = req_name; + int pos = req.find('/'); + if (pos >= 0) { + first = req.substr(0, pos); + } else { + first = req; + } + + return 0; +} + +RGWHandler_REST* +RGWRESTMgr_IAM::get_handler(struct req_state* const s, + const rgw::auth::StrategyRegistry& auth_registry, + const std::string& frontend_prefix) +{ + return new RGWHandler_REST_IAM(auth_registry); +} |