diff options
author | Yehuda Sadeh <yehuda@inktank.com> | 2013-05-22 11:08:33 -0700 |
---|---|---|
committer | Yehuda Sadeh <yehuda@inktank.com> | 2013-05-22 11:08:33 -0700 |
commit | 903d4a04ba4186f1fb398dd6fade846d48e20823 (patch) | |
tree | 6292f564978d8a78ba3e17563600df75a473e73a | |
parent | b35fafb6492fb63680de2c5f9f76c7a3e519dc25 (diff) | |
download | ceph-903d4a04ba4186f1fb398dd6fade846d48e20823.tar.gz |
rgw: add system users
Signed-off-by: Yehuda Sadeh <yehuda@inktank.com>
-rw-r--r-- | src/rgw/rgw_admin.cc | 7 | ||||
-rw-r--r-- | src/rgw/rgw_common.h | 8 | ||||
-rw-r--r-- | src/rgw/rgw_json_enc.cc | 6 | ||||
-rw-r--r-- | src/rgw/rgw_rest_user.cc | 23 | ||||
-rw-r--r-- | src/rgw/rgw_user.cc | 4 | ||||
-rw-r--r-- | src/rgw/rgw_user.h | 6 |
6 files changed, 53 insertions, 1 deletions
diff --git a/src/rgw/rgw_admin.cc b/src/rgw/rgw_admin.cc index 344cbdbdc69..12f08aadd91 100644 --- a/src/rgw/rgw_admin.cc +++ b/src/rgw/rgw_admin.cc @@ -642,6 +642,8 @@ int main(int argc, char **argv) string start_marker; string end_marker; int max_entries = -1; + int system = false; + bool system_specified = false; std::string val; std::ostringstream errs; @@ -690,6 +692,8 @@ int main(int argc, char **argv) // do nothing } else if (ceph_argparse_binary_flag(args, i, &skip_zero_entries, NULL, "--skip_zero_entries", (char*)NULL)) { // do nothing + } else if (ceph_argparse_binary_flag(args, i, &system, NULL, "--system", (char*)NULL)) { + system_specified = true; } else if (ceph_argparse_withlonglong(args, i, &tmp, &errs, "-a", "--auth-uid", (char*)NULL)) { if (!errs.str().empty()) { cerr << errs.str() << std::endl; @@ -1070,6 +1074,9 @@ int main(int argc, char **argv) if (max_buckets >= 0) user_op.set_max_buckets(max_buckets); + if (system_specified) + user_op.set_system(system); + if (set_perm) user_op.set_perm(perm_mask); diff --git a/src/rgw/rgw_common.h b/src/rgw/rgw_common.h index 82d1689a6fd..c74ff9cfe27 100644 --- a/src/rgw/rgw_common.h +++ b/src/rgw/rgw_common.h @@ -388,11 +388,12 @@ struct RGWUserInfo __u8 suspended; uint32_t max_buckets; RGWUserCaps caps; + __u8 system; RGWUserInfo() : auid(0), suspended(0), max_buckets(RGW_DEFAULT_MAX_BUCKETS) {} void encode(bufferlist& bl) const { - ENCODE_START(11, 9, bl); + ENCODE_START(12, 9, bl); ::encode(auid, bl); string access_key; string secret_key; @@ -423,6 +424,7 @@ struct RGWUserInfo ::encode(swift_keys, bl); ::encode(max_buckets, bl); ::encode(caps, bl); + ::encode(system, bl); ENCODE_FINISH(bl); } void decode(bufferlist::iterator& bl) { @@ -468,6 +470,10 @@ struct RGWUserInfo if (struct_v >= 11) { ::decode(caps, bl); } + system = 0; + if (struct_v >= 12) { + ::decode(system, bl); + } DECODE_FINISH(bl); } void dump(Formatter *f) const; diff --git a/src/rgw/rgw_json_enc.cc b/src/rgw/rgw_json_enc.cc index 74042116967..7b72e3c5ac5 100644 --- a/src/rgw/rgw_json_enc.cc +++ b/src/rgw/rgw_json_enc.cc @@ -353,6 +353,9 @@ void RGWUserInfo::dump(Formatter *f) const encode_json_map("swift_keys", NULL, "key", NULL, user_info_dump_swift_key,(void *)this, swift_keys, f); encode_json("caps", caps, f); + if (system) { /* no need to show it for every user */ + encode_json("system", (bool)system, f); + } } @@ -393,6 +396,9 @@ void RGWUserInfo::decode_json(JSONObj *obj) JSONDecoder::decode_json("subusers", subusers, decode_subusers, obj); JSONDecoder::decode_json("caps", caps, obj); + bool sys; + JSONDecoder::decode_json("system", sys, obj); + system = (__u8)sys; } void rgw_bucket::dump(Formatter *f) const diff --git a/src/rgw/rgw_rest_user.cc b/src/rgw/rgw_rest_user.cc index bdcce87bc95..daf674be7fe 100644 --- a/src/rgw/rgw_rest_user.cc +++ b/src/rgw/rgw_rest_user.cc @@ -59,6 +59,7 @@ void RGWOp_User_Create::execute() bool gen_key; bool suspended; + bool system; uint32_t max_buckets; int32_t key_type = KEY_TYPE_UNDEFINED; @@ -75,6 +76,13 @@ void RGWOp_User_Create::execute() RESTArgs::get_bool(s, "generate-key", true, &gen_key); RESTArgs::get_bool(s, "suspended", false, &suspended); RESTArgs::get_uint32(s, "max-buckets", RGW_DEFAULT_MAX_BUCKETS, &max_buckets); + RESTArgs::get_bool(s, "system", false, &system); + + if (!s->user.system && system) { + ldout(s->cct, 0) << "cannot set system flag by non-system user" << dendl; + http_ret = -EINVAL; + return; + } // FIXME: don't do double argument checking if (!uid.empty()) @@ -110,6 +118,9 @@ void RGWOp_User_Create::execute() if (s->args.exists("suspended")) op_state.set_suspension(suspended); + if (s->args.exists("system")) + op_state.set_system(system); + if (gen_key) op_state.set_generate_key(); @@ -142,6 +153,7 @@ void RGWOp_User_Modify::execute() bool gen_key; bool suspended; + bool system; uint32_t max_buckets; int32_t key_type = KEY_TYPE_UNDEFINED; @@ -159,6 +171,14 @@ void RGWOp_User_Modify::execute() RESTArgs::get_uint32(s, "max-buckets", RGW_DEFAULT_MAX_BUCKETS, &max_buckets); RESTArgs::get_string(s, "key-type", key_type_str, &key_type_str); + RESTArgs::get_bool(s, "system", false, &system); + + if (!s->user.system && system) { + ldout(s->cct, 0) << "cannot set system flag by non-system user" << dendl; + http_ret = -EINVAL; + return; + } + if (!uid.empty()) op_state.set_user_id(uid); @@ -195,6 +215,9 @@ void RGWOp_User_Modify::execute() if (s->args.exists("suspended")) op_state.set_suspension(suspended); + if (s->args.exists("system")) + op_state.set_system(system); + http_ret = RGWUserAdminOp_User::modify(store, op_state, flusher); } diff --git a/src/rgw/rgw_user.cc b/src/rgw/rgw_user.cc index 219c8f96ba4..3b46cd4a14a 100644 --- a/src/rgw/rgw_user.cc +++ b/src/rgw/rgw_user.cc @@ -1654,6 +1654,7 @@ int RGWUser::execute_add(RGWUserAdminOpState& op_state, std::string *err_msg) user_info.max_buckets = op_state.get_max_buckets(); user_info.suspended = op_state.get_suspension_status(); + user_info.system = op_state.system; // update the request op_state.set_user_info(user_info); @@ -1853,6 +1854,9 @@ int RGWUser::execute_modify(RGWUserAdminOpState& op_state, std::string *err_msg) if (op_state.max_buckets_specified) user_info.max_buckets = max_buckets; + if (op_state.system_specified) + user_info.system = op_state.system; + if (op_state.has_suspension_op()) { __u8 suspended = op_state.get_suspension_status(); user_info.suspended = suspended; diff --git a/src/rgw/rgw_user.h b/src/rgw/rgw_user.h index 3fe632599b5..42f8b3e6988 100644 --- a/src/rgw/rgw_user.h +++ b/src/rgw/rgw_user.h @@ -122,6 +122,7 @@ struct RGWUserAdminOpState { std::string display_name; uint32_t max_buckets; __u8 suspended; + __u8 system; std::string caps; RGWObjVersionTracker objv; @@ -154,6 +155,7 @@ struct RGWUserAdminOpState { bool perm_specified; bool caps_specified; bool suspension_op; + bool system_specified; bool key_op; // req parameters @@ -236,6 +238,10 @@ struct RGWUserAdminOpState { suspended = is_suspended; suspension_op = true; } + void set_system(__u8 is_system) { + system = is_system; + system_specified = true; + } void set_user_info(RGWUserInfo& user_info) { user_id = user_info.user_id; info = user_info; |