1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
|
// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
// vim: ts=8 sw=2 smarttab ft=cpp
#ifndef CEPH_RGW_ROLE_H
#define CEPH_RGW_ROLE_H
#include <string>
#include "common/async/yield_context.h"
#include "common/ceph_json.h"
#include "common/ceph_context.h"
#include "rgw/rgw_rados.h"
struct RGWCtl;
class RGWRole
{
using string = std::string;
static const string role_name_oid_prefix;
static const string role_oid_prefix;
static const string role_path_oid_prefix;
static const string role_arn_prefix;
static constexpr int MAX_ROLE_NAME_LEN = 64;
static constexpr int MAX_PATH_NAME_LEN = 512;
static constexpr uint64_t SESSION_DURATION_MIN = 3600; // in seconds
static constexpr uint64_t SESSION_DURATION_MAX = 43200; // in seconds
CephContext *cct;
RGWCtl *ctl;
string id;
string name;
string path;
string arn;
string creation_date;
string trust_policy;
map<string, string> perm_policy_map;
string tenant;
uint64_t max_session_duration;
std::multimap<std::string,std::string> tags;
int store_info(const DoutPrefixProvider *dpp, bool exclusive, optional_yield y);
int store_name(const DoutPrefixProvider *dpp, bool exclusive, optional_yield y);
int store_path(const DoutPrefixProvider *dpp, bool exclusive, optional_yield y);
int read_id(const DoutPrefixProvider *dpp, const string& role_name, const string& tenant, string& role_id, optional_yield y);
int read_name(const DoutPrefixProvider *dpp, optional_yield y);
int read_info(const DoutPrefixProvider *dpp, optional_yield y);
bool validate_input();
void extract_name_tenant(const std::string& str);
public:
RGWRole(CephContext *cct,
RGWCtl *ctl,
string name,
string path,
string trust_policy,
string tenant,
string max_session_duration_str="",
std::multimap<std::string,std::string> tags={})
: cct(cct),
ctl(ctl),
name(std::move(name)),
path(std::move(path)),
trust_policy(std::move(trust_policy)),
tenant(std::move(tenant)),
tags(std::move(tags)) {
if (this->path.empty())
this->path = "/";
extract_name_tenant(this->name);
if (max_session_duration_str.empty()) {
max_session_duration = SESSION_DURATION_MIN;
} else {
max_session_duration = std::stoull(max_session_duration_str);
}
}
RGWRole(CephContext *cct,
RGWCtl *ctl,
string name,
string tenant)
: cct(cct),
ctl(ctl),
name(std::move(name)),
tenant(std::move(tenant)) {
extract_name_tenant(this->name);
}
RGWRole(CephContext *cct,
RGWCtl *ctl,
string id)
: cct(cct),
ctl(ctl),
id(std::move(id)) {}
RGWRole(CephContext *cct,
RGWCtl *ctl)
: cct(cct),
ctl(ctl) {}
RGWRole() {}
~RGWRole() = default;
void encode(bufferlist& bl) const {
ENCODE_START(3, 1, bl);
encode(id, bl);
encode(name, bl);
encode(path, bl);
encode(arn, bl);
encode(creation_date, bl);
encode(trust_policy, bl);
encode(perm_policy_map, bl);
encode(tenant, bl);
encode(max_session_duration, bl);
ENCODE_FINISH(bl);
}
void decode(bufferlist::const_iterator& bl) {
DECODE_START(3, bl);
decode(id, bl);
decode(name, bl);
decode(path, bl);
decode(arn, bl);
decode(creation_date, bl);
decode(trust_policy, bl);
decode(perm_policy_map, bl);
if (struct_v >= 2) {
decode(tenant, bl);
}
if (struct_v >= 3) {
decode(max_session_duration, bl);
}
DECODE_FINISH(bl);
}
const string& get_id() const { return id; }
const string& get_name() const { return name; }
const string& get_tenant() const { return tenant; }
const string& get_path() const { return path; }
const string& get_create_date() const { return creation_date; }
const string& get_assume_role_policy() const { return trust_policy;}
const uint64_t& get_max_session_duration() const { return max_session_duration; }
void set_id(const string& id) { this->id = id; }
int create(const DoutPrefixProvider *dpp, bool exclusive, optional_yield y);
int delete_obj(const DoutPrefixProvider *dpp, optional_yield y);
int get(const DoutPrefixProvider *dpp, optional_yield y);
int get_by_id(const DoutPrefixProvider *dpp, optional_yield y);
int update(const DoutPrefixProvider *dpp, optional_yield y);
void update_trust_policy(string& trust_policy);
void set_perm_policy(const string& policy_name, const string& perm_policy);
vector<string> get_role_policy_names();
int get_role_policy(const string& policy_name, string& perm_policy);
int delete_policy(const string& policy_name);
int set_tags(const DoutPrefixProvider* dpp, const std::multimap<std::string,std::string>& tags_map);
boost::optional<std::multimap<std::string,std::string>> get_tags();
void erase_tags(const std::vector<std::string>& tagKeys);
void dump(Formatter *f) const;
void decode_json(JSONObj *obj);
static const string& get_names_oid_prefix();
static const string& get_info_oid_prefix();
static const string& get_path_oid_prefix();
static int get_roles_by_path_prefix(const DoutPrefixProvider *dpp,
RGWRados *store,
CephContext *cct,
const string& path_prefix,
const string& tenant,
vector<RGWRole>& roles,
optional_yield y);
};
WRITE_CLASS_ENCODER(RGWRole)
#endif /* CEPH_RGW_ROLE_H */
|
