X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;f=src%2Fceph%2Fsrc%2Frgw%2Frgw_rest_role.cc;fp=src%2Fceph%2Fsrc%2Frgw%2Frgw_rest_role.cc;h=0000000000000000000000000000000000000000;hb=7da45d65be36d36b880cc55c5036e96c24b53f00;hp=40473fba67f49f94b14f7548ea0d24f11c8d066e;hpb=691462d09d0987b47e112d6ee8740375df3c51b2;p=stor4nfv.git diff --git a/src/ceph/src/rgw/rgw_rest_role.cc b/src/ceph/src/rgw/rgw_rest_role.cc deleted file mode 100644 index 40473fb..0000000 --- a/src/ceph/src/rgw/rgw_rest_role.cc +++ /dev/null @@ -1,360 +0,0 @@ -// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*- -// vim: ts=8 sw=2 smarttab -#include - -#include "common/errno.h" -#include "common/Formatter.h" -#include "common/ceph_json.h" - -#include "include/types.h" -#include "rgw_string.h" - -#include "rgw_common.h" -#include "rgw_op.h" -#include "rgw_rest.h" -#include "rgw_role.h" -#include "rgw_rest_role.h" - -#define dout_subsys ceph_subsys_rgw - -void RGWRestRole::send_response() -{ - if (op_ret) { - set_req_state_err(s, op_ret); - } - dump_errno(s); - end_header(s); -} - -int RGWRoleRead::verify_permission() -{ - if (s->auth.identity->is_anonymous()) { - return -EACCES; - } - - if (!verify_user_permission(s, RGW_PERM_READ)) { - return -EACCES; - } - - return 0; -} - -int RGWRoleWrite::verify_permission() -{ - if (s->auth.identity->is_anonymous()) { - return -EACCES; - } - - if (!verify_user_permission(s, RGW_PERM_WRITE)) { - return -EACCES; - } - - return 0; -} - -int RGWCreateRole::get_params() -{ - role_name = s->info.args.get("RoleName"); - role_path = s->info.args.get("Path"); - trust_policy = s->info.args.get("AssumeRolePolicyDocument"); - - if (role_name.empty() || trust_policy.empty()) { - ldout(s->cct, 20) << "ERROR: one of role name or assume role policy document is empty" - << dendl; - return -EINVAL; - } - JSONParser p; - if (!p.parse(trust_policy.c_str(), trust_policy.length())) { - ldout(s->cct, 20) << "ERROR: failed to parse assume role policy doc" << dendl; - return -ERR_MALFORMED_DOC; - } - return 0; -} - -void RGWCreateRole::execute() -{ - op_ret = get_params(); - if (op_ret < 0) { - return; - } - RGWRole role(s->cct, store, role_name, role_path, trust_policy, s->user->user_id.tenant); - op_ret = role.create(true); - - if (op_ret == -EEXIST) { - op_ret = -ERR_ROLE_EXISTS; - } - - if (op_ret == 0) { - s->formatter->open_object_section("role"); - role.dump(s->formatter); - s->formatter->close_section(); - } -} - -int RGWDeleteRole::get_params() -{ - role_name = s->info.args.get("RoleName"); - - if (role_name.empty()) { - ldout(s->cct, 20) << "ERROR: Role name is empty"<< dendl; - return -EINVAL; - } - - return 0; -} - -void RGWDeleteRole::execute() -{ - op_ret = get_params(); - if (op_ret < 0) { - return; - } - RGWRole role(s->cct, store, role_name, s->user->user_id.tenant); - op_ret = role.delete_obj(); - - if (op_ret == -ENOENT) { - op_ret = -ERR_NO_ROLE_FOUND; - } -} - -int RGWGetRole::get_params() -{ - role_name = s->info.args.get("RoleName"); - - if (role_name.empty()) { - ldout(s->cct, 20) << "ERROR: Role name is empty"<< dendl; - return -EINVAL; - } - - return 0; -} - -void RGWGetRole::execute() -{ - op_ret = get_params(); - if (op_ret < 0) { - return; - } - RGWRole role(s->cct, store, role_name, s->user->user_id.tenant); - op_ret = role.get(); - - if (op_ret == -ENOENT) { - op_ret = -ERR_NO_ROLE_FOUND; - } - - if (op_ret == 0) { - s->formatter->open_object_section("role"); - role.dump(s->formatter); - s->formatter->close_section(); - } -} - -int RGWModifyRole::get_params() -{ - role_name = s->info.args.get("RoleName"); - trust_policy = s->info.args.get("PolicyDocument"); - - if (role_name.empty() || trust_policy.empty()) { - ldout(s->cct, 20) << "ERROR: One of role name or trust policy is empty"<< dendl; - return -EINVAL; - } - JSONParser p; - if (!p.parse(trust_policy.c_str(), trust_policy.length())) { - ldout(s->cct, 20) << "ERROR: failed to parse assume role policy doc" << dendl; - return -ERR_MALFORMED_DOC; - } - - return 0; -} - -void RGWModifyRole::execute() -{ - op_ret = get_params(); - if (op_ret < 0) { - return; - } - RGWRole role(s->cct, store, role_name, s->user->user_id.tenant); - op_ret = role.get(); - if (op_ret == -ENOENT) { - op_ret = -ERR_NO_ROLE_FOUND; - } - - if (op_ret == 0) { - role.update_trust_policy(trust_policy); - op_ret = role.update(); - } -} - -int RGWListRoles::get_params() -{ - path_prefix = s->info.args.get("PathPrefix"); - - return 0; -} - -void RGWListRoles::execute() -{ - op_ret = get_params(); - if (op_ret < 0) { - return; - } - vector result; - op_ret = RGWRole::get_roles_by_path_prefix(store, s->cct, path_prefix, s->user->user_id.tenant, result); - - if (op_ret == 0) { - s->formatter->open_array_section("Roles"); - for (const auto& it : result) { - s->formatter->open_object_section("role"); - it.dump(s->formatter); - s->formatter->close_section(); - } - s->formatter->close_section(); - } -} - -int RGWPutRolePolicy::get_params() -{ - role_name = s->info.args.get("RoleName"); - policy_name = s->info.args.get("PolicyName"); - perm_policy = s->info.args.get("PolicyDocument"); - - if (role_name.empty() || policy_name.empty() || perm_policy.empty()) { - ldout(s->cct, 20) << "ERROR: One of role name, policy name or perm policy is empty"<< dendl; - return -EINVAL; - } - JSONParser p; - if (!p.parse(perm_policy.c_str(), perm_policy.length())) { - ldout(s->cct, 20) << "ERROR: failed to parse perm role policy doc" << dendl; - return -ERR_MALFORMED_DOC; - } - - return 0; -} - -void RGWPutRolePolicy::execute() -{ - op_ret = get_params(); - if (op_ret < 0) { - return; - } - - RGWRole role(s->cct, store, role_name, s->user->user_id.tenant); - op_ret = role.get(); - if (op_ret == 0) { - role.set_perm_policy(policy_name, perm_policy); - op_ret = role.update(); - } -} - -int RGWGetRolePolicy::get_params() -{ - role_name = s->info.args.get("RoleName"); - policy_name = s->info.args.get("PolicyName"); - - if (role_name.empty() || policy_name.empty()) { - ldout(s->cct, 20) << "ERROR: One of role name or policy name is empty"<< dendl; - return -EINVAL; - } - return 0; -} - -void RGWGetRolePolicy::execute() -{ - op_ret = get_params(); - if (op_ret < 0) { - return; - } - - RGWRole role(g_ceph_context, store, role_name, s->user->user_id.tenant); - op_ret = role.get(); - - if (op_ret == -ENOENT) { - op_ret = -ERR_NO_ROLE_FOUND; - } - - if (op_ret == 0) { - string perm_policy; - op_ret = role.get_role_policy(policy_name, perm_policy); - - if (op_ret == 0) { - s->formatter->open_object_section("GetRolePolicyResult"); - s->formatter->dump_string("PolicyName", policy_name); - s->formatter->dump_string("RoleName", role_name); - s->formatter->dump_string("Permission policy", perm_policy); - s->formatter->close_section(); - } - } -} - -int RGWListRolePolicies::get_params() -{ - role_name = s->info.args.get("RoleName"); - - if (role_name.empty()) { - ldout(s->cct, 20) << "ERROR: Role name is empty"<< dendl; - return -EINVAL; - } - return 0; -} - -void RGWListRolePolicies::execute() -{ - op_ret = get_params(); - if (op_ret < 0) { - return; - } - - RGWRole role(g_ceph_context, store, role_name, s->user->user_id.tenant); - op_ret = role.get(); - - if (op_ret == -ENOENT) { - op_ret = -ERR_NO_ROLE_FOUND; - } - - if (op_ret == 0) { - std::vector policy_names = role.get_role_policy_names(); - s->formatter->open_array_section("PolicyNames"); - for (const auto& it : policy_names) { - s->formatter->dump_string("member", it); - } - s->formatter->close_section(); - } -} - -int RGWDeleteRolePolicy::get_params() -{ - role_name = s->info.args.get("RoleName"); - policy_name = s->info.args.get("PolicyName"); - - if (role_name.empty() || policy_name.empty()) { - ldout(s->cct, 20) << "ERROR: One of role name or policy name is empty"<< dendl; - return -EINVAL; - } - return 0; -} - -void RGWDeleteRolePolicy::execute() -{ - op_ret = get_params(); - if (op_ret < 0) { - return; - } - - RGWRole role(g_ceph_context, store, role_name, s->user->user_id.tenant); - op_ret = role.get(); - - if (op_ret == -ENOENT) { - op_ret = -ERR_NO_ROLE_FOUND; - } - - if (op_ret == 0) { - op_ret = role.delete_policy(policy_name); - if (op_ret == -ENOENT) { - op_ret = -ERR_NO_ROLE_FOUND; - } - - if (op_ret == 0) { - op_ret = role.update(); - } - } -}