rgw: add system users

Signed-off-by: Yehuda Sadeh <yehuda@inktank.com>
author: Yehuda Sadeh <yehuda@inktank.com> 2013-05-22 11:08:33 -0700
committer: Yehuda Sadeh <yehuda@inktank.com> 2013-05-22 11:08:33 -0700
commit: 903d4a04ba4186f1fb398dd6fade846d48e20823 (patch)
tree: 6292f564978d8a78ba3e17563600df75a473e73a
parent: b35fafb6492fb63680de2c5f9f76c7a3e519dc25 (diff)
download: ceph-903d4a04ba4186f1fb398dd6fade846d48e20823.tar.gz
6 files changed, 53 insertions, 1 deletions
diff --git a/src/rgw/rgw_admin.cc b/src/rgw/rgw_admin.cc
index 344cbdbdc69..12f08aadd91 100644
--- a/src/rgw/rgw_admin.cc
+++ b/src/rgw/rgw_admin.cc
@@ -642,6 +642,8 @@ int main(int argc, char **argv)
   string start_marker;
   string end_marker;
   int max_entries = -1;
+  int system = false;
+  bool system_specified = false;
 
   std::string val;
   std::ostringstream errs;
@@ -690,6 +692,8 @@ int main(int argc, char **argv)
       // do nothing
     } else if (ceph_argparse_binary_flag(args, i, &skip_zero_entries, NULL, "--skip_zero_entries", (char*)NULL)) {
       // do nothing
+    } else if (ceph_argparse_binary_flag(args, i, &system, NULL, "--system", (char*)NULL)) {
+      system_specified = true;
     } else if (ceph_argparse_withlonglong(args, i, &tmp, &errs, "-a", "--auth-uid", (char*)NULL)) {
       if (!errs.str().empty()) {
 	cerr << errs.str() << std::endl;
@@ -1070,6 +1074,9 @@ int main(int argc, char **argv)
   if (max_buckets >= 0)
     user_op.set_max_buckets(max_buckets);
 
+  if (system_specified)
+    user_op.set_system(system);
+
   if (set_perm)
     user_op.set_perm(perm_mask);
 
diff --git a/src/rgw/rgw_common.h b/src/rgw/rgw_common.h
index 82d1689a6fd..c74ff9cfe27 100644
--- a/src/rgw/rgw_common.h
+++ b/src/rgw/rgw_common.h
@@ -388,11 +388,12 @@ struct RGWUserInfo
   __u8 suspended;
   uint32_t max_buckets;
   RGWUserCaps caps;
+  __u8 system;
 
   RGWUserInfo() : auid(0), suspended(0), max_buckets(RGW_DEFAULT_MAX_BUCKETS) {}
 
   void encode(bufferlist& bl) const {
-     ENCODE_START(11, 9, bl);
+     ENCODE_START(12, 9, bl);
      ::encode(auid, bl);
      string access_key;
      string secret_key;
@@ -423,6 +424,7 @@ struct RGWUserInfo
      ::encode(swift_keys, bl);
      ::encode(max_buckets, bl);
      ::encode(caps, bl);
+     ::encode(system, bl);
      ENCODE_FINISH(bl);
   }
   void decode(bufferlist::iterator& bl) {
@@ -468,6 +470,10 @@ struct RGWUserInfo
     if (struct_v >= 11) {
       ::decode(caps, bl);
     }
+    system = 0;
+    if (struct_v >= 12) {
+      ::decode(system, bl);
+    }
     DECODE_FINISH(bl);
   }
   void dump(Formatter *f) const;
diff --git a/src/rgw/rgw_json_enc.cc b/src/rgw/rgw_json_enc.cc
index 74042116967..7b72e3c5ac5 100644
--- a/src/rgw/rgw_json_enc.cc
+++ b/src/rgw/rgw_json_enc.cc
@@ -353,6 +353,9 @@ void RGWUserInfo::dump(Formatter *f) const
   encode_json_map("swift_keys", NULL, "key", NULL, user_info_dump_swift_key,(void *)this, swift_keys, f);
 
   encode_json("caps", caps, f);
+  if (system) { /* no need to show it for every user */
+    encode_json("system", (bool)system, f);
+  }
 }
 
 
@@ -393,6 +396,9 @@ void RGWUserInfo::decode_json(JSONObj *obj)
   JSONDecoder::decode_json("subusers", subusers, decode_subusers, obj);
 
   JSONDecoder::decode_json("caps", caps, obj);
+  bool sys;
+  JSONDecoder::decode_json("system", sys, obj);
+  system = (__u8)sys;
 }
 
 void rgw_bucket::dump(Formatter *f) const
diff --git a/src/rgw/rgw_rest_user.cc b/src/rgw/rgw_rest_user.cc
index bdcce87bc95..daf674be7fe 100644
--- a/src/rgw/rgw_rest_user.cc
+++ b/src/rgw/rgw_rest_user.cc
@@ -59,6 +59,7 @@ void RGWOp_User_Create::execute()
 
   bool gen_key;
   bool suspended;
+  bool system;
 
   uint32_t max_buckets;
   int32_t key_type = KEY_TYPE_UNDEFINED;
@@ -75,6 +76,13 @@ void RGWOp_User_Create::execute()
   RESTArgs::get_bool(s, "generate-key", true, &gen_key);
   RESTArgs::get_bool(s, "suspended", false, &suspended);
   RESTArgs::get_uint32(s, "max-buckets", RGW_DEFAULT_MAX_BUCKETS, &max_buckets);
+  RESTArgs::get_bool(s, "system", false, &system);
+
+  if (!s->user.system && system) {
+    ldout(s->cct, 0) << "cannot set system flag by non-system user" << dendl;
+    http_ret = -EINVAL;
+    return;
+  }
 
   // FIXME: don't do double argument checking
   if (!uid.empty())
@@ -110,6 +118,9 @@ void RGWOp_User_Create::execute()
   if (s->args.exists("suspended"))
     op_state.set_suspension(suspended);
 
+  if (s->args.exists("system"))
+    op_state.set_system(system);
+
   if (gen_key)
     op_state.set_generate_key();
 
@@ -142,6 +153,7 @@ void RGWOp_User_Modify::execute()
 
   bool gen_key;
   bool suspended;
+  bool system;
 
   uint32_t max_buckets;
   int32_t key_type = KEY_TYPE_UNDEFINED;
@@ -159,6 +171,14 @@ void RGWOp_User_Modify::execute()
   RESTArgs::get_uint32(s, "max-buckets", RGW_DEFAULT_MAX_BUCKETS, &max_buckets);
   RESTArgs::get_string(s, "key-type", key_type_str, &key_type_str);
 
+  RESTArgs::get_bool(s, "system", false, &system);
+
+  if (!s->user.system && system) {
+    ldout(s->cct, 0) << "cannot set system flag by non-system user" << dendl;
+    http_ret = -EINVAL;
+    return;
+  }
+
   if (!uid.empty())
     op_state.set_user_id(uid);
 
@@ -195,6 +215,9 @@ void RGWOp_User_Modify::execute()
   if (s->args.exists("suspended"))
     op_state.set_suspension(suspended);
 
+  if (s->args.exists("system"))
+    op_state.set_system(system);
+
   http_ret = RGWUserAdminOp_User::modify(store, op_state, flusher);
 }
 
diff --git a/src/rgw/rgw_user.cc b/src/rgw/rgw_user.cc
index 219c8f96ba4..3b46cd4a14a 100644
--- a/src/rgw/rgw_user.cc
+++ b/src/rgw/rgw_user.cc
@@ -1654,6 +1654,7 @@ int RGWUser::execute_add(RGWUserAdminOpState& op_state, std::string *err_msg)
 
   user_info.max_buckets = op_state.get_max_buckets();
   user_info.suspended = op_state.get_suspension_status();
+  user_info.system = op_state.system;
 
   // update the request
   op_state.set_user_info(user_info);
@@ -1853,6 +1854,9 @@ int RGWUser::execute_modify(RGWUserAdminOpState& op_state, std::string *err_msg)
   if (op_state.max_buckets_specified)
     user_info.max_buckets = max_buckets;
 
+  if (op_state.system_specified)
+    user_info.system = op_state.system;
+
   if (op_state.has_suspension_op()) {
     __u8 suspended = op_state.get_suspension_status();
     user_info.suspended = suspended;
diff --git a/src/rgw/rgw_user.h b/src/rgw/rgw_user.h
index 3fe632599b5..42f8b3e6988 100644
--- a/src/rgw/rgw_user.h
+++ b/src/rgw/rgw_user.h
@@ -122,6 +122,7 @@ struct RGWUserAdminOpState {
   std::string display_name;
   uint32_t max_buckets;
   __u8 suspended;
+  __u8 system;
   std::string caps;
   RGWObjVersionTracker objv;
 
@@ -154,6 +155,7 @@ struct RGWUserAdminOpState {
   bool perm_specified;
   bool caps_specified;
   bool suspension_op;
+  bool system_specified;
   bool key_op;
 
   // req parameters
@@ -236,6 +238,10 @@ struct RGWUserAdminOpState {
     suspended = is_suspended;
     suspension_op = true;
   }
+  void set_system(__u8 is_system) {
+    system = is_system;
+    system_specified = true;
+  }
   void set_user_info(RGWUserInfo& user_info) {
     user_id = user_info.user_id;
     info = user_info;
author	Yehuda Sadeh <yehuda@inktank.com>	2013-05-22 11:08:33 -0700
committer	Yehuda Sadeh <yehuda@inktank.com>	2013-05-22 11:08:33 -0700
commit	903d4a04ba4186f1fb398dd6fade846d48e20823 (patch)
tree	6292f564978d8a78ba3e17563600df75a473e73a
parent	b35fafb6492fb63680de2c5f9f76c7a3e519dc25 (diff)
download	ceph-903d4a04ba4186f1fb398dd6fade846d48e20823.tar.gz