Merge pull request ceph#61225 from rhcs-dashboard/rgw-ratelimit-integration1

mgr/dashboard: Rgw ratelimit feature for user and bucket

Reviewed-by: Aashish Sharma <[email protected]>
Reviewed-by: Ankush Behl <[email protected]>
Reviewed-by: Mark Nelson <[email protected]>
Reviewed-by: Nizamudeen A <[email protected]>
Reviewed-by: Naman Munet <[email protected]>

Author: nizamial09

src/pybind/mgr/dashboard/controllers/rgw.py

@@ -15,7 +15,7 @@
 from ..services.auth import AuthManager, JwtManager
 from ..services.ceph_service import CephService
 from ..services.rgw_client import _SYNC_GROUP_ID, NoRgwDaemonsException, \
-    RgwClient, RgwMultisite, RgwMultisiteAutomation
+    RgwClient, RgwMultisite, RgwMultisiteAutomation, RgwRateLimit
 from ..services.rgw_iam import RgwAccounts
 from ..services.service import RgwServiceManager, wait_for_daemon_to_start
 from ..tools import json_str_to_object, str_to_bool
@@ -722,6 +722,31 @@ def set_lifecycle_policy(self, bucket_name: str = '', lifecycle: str = '', daemo
     def get_lifecycle_policy(self, bucket_name: str = '', daemon_name=None, owner=None):
         return self._get_lifecycle(bucket_name, daemon_name, owner)
 
+    @Endpoint(method='GET', path='/ratelimit')
+    @EndpointDoc("Get the bucket global rate limit")
+    @ReadPermission
+    def get_global_rate_limit(self):
+        rgwBucketRateLimit_instance = RgwRateLimit()
+        return rgwBucketRateLimit_instance.get_global_rateLimit()
+
+    @Endpoint(method='GET', path='{uid}/ratelimit')
+    @EndpointDoc("Get the bucket rate limit")
+    @ReadPermission
+    def get_rate_limit(self, uid: str):
+        rgwBucketRateLimit_instance = RgwRateLimit()
+        return rgwBucketRateLimit_instance.get_rateLimit('bucket', uid)
+
+    @Endpoint(method='PUT', path='{uid}/ratelimit')
+    @UpdatePermission
+    @allow_empty_body
+    @EndpointDoc("Update the bucket rate limit")
+    def set_rate_limit(self, enabled: bool, uid: str, max_read_ops: int,
+                       max_write_ops: int, max_read_bytes: int, max_write_bytes: int):
+        rgwBucketRateLimit_instance = RgwRateLimit()
+        return rgwBucketRateLimit_instance.set_rateLimit('bucket', enabled, uid,
+                                                         max_read_ops, max_write_ops,
+                                                         max_read_bytes, max_write_bytes)
+
 
 @UIRouter('/rgw/bucket', Scope.RGW)
 class RgwBucketUi(RgwBucket):
@@ -964,6 +989,31 @@ def delete_subuser(self, uid, subuser, purge_keys='true', daemon_name=None):
             'purge-keys': purge_keys
         }, json_response=False)
 
+    @Endpoint(method='GET', path='/ratelimit')
+    @EndpointDoc("Get the user global rate limit")
+    @ReadPermission
+    def get_global_rate_limit(self):
+        rgwUserRateLimit_instance = RgwRateLimit()
+        return rgwUserRateLimit_instance.get_global_rateLimit()
+
+    @Endpoint(method='GET', path='{uid}/ratelimit')
+    @EndpointDoc("Get the user rate limit")
+    @ReadPermission
+    def get_rate_limit(self, uid: str):
+        rgwUserRateLimit_instance = RgwRateLimit()
+        return rgwUserRateLimit_instance.get_rateLimit('user', uid)
+
+    @Endpoint(method='PUT', path='{uid}/ratelimit')
+    @UpdatePermission
+    @allow_empty_body
+    @EndpointDoc("Update the user rate limit")
+    def set_rate_limit(self, uid: str, enabled: bool = False, max_read_ops: int = 0,
+                       max_write_ops: int = 0, max_read_bytes: int = 0, max_write_bytes: int = 0):
+        rgwUserRateLimit_instance = RgwRateLimit()
+        return rgwUserRateLimit_instance.set_rateLimit('user', enabled,
+                                                       uid, max_read_ops, max_write_ops,
+                                                       max_read_bytes, max_write_bytes)
+
 
 class RGWRoleEndpoints:
     @staticmethod

src/pybind/mgr/dashboard/frontend/src/app/ceph/rgw/models/rgw-rate-limit.ts

@@ -0,0 +1,31 @@
+export interface RgwRateLimitConfig {
+  enabled: boolean;
+  name?: string;
+  max_read_ops: number;
+  max_write_ops: number;
+  max_read_bytes: number;
+  max_write_bytes: number;
+}
+export interface GlobalRateLimitConfig {
+  bucket_ratelimit: {
+    max_read_ops: number;
+    max_write_ops: number;
+    max_read_bytes: number;
+    max_write_bytes: number;
+    enabled: boolean;
+  };
+  user_ratelimit: {
+    max_read_ops: 1024;
+    max_write_ops: number;
+    max_read_bytes: number;
+    max_write_bytes: number;
+    enabled: boolean;
+  };
+  anonymous_ratelimit: {
+    max_read_ops: number;
+    max_write_ops: number;
+    max_read_bytes: number;
+    max_write_bytes: number;
+    enabled: boolean;
+  };
+}

src/pybind/mgr/dashboard/frontend/src/app/ceph/rgw/rgw-bucket-details/rgw-bucket-details.component.html

@@ -109,20 +109,26 @@
           </tbody>
         </table>
 
-      <!-- Tags -->
-      <ng-container *ngIf="(selection.tagset | keyvalue)?.length">
-        <legend i18n>Tags</legend>
-        <table class="cds--data-table--sort cds--data-table--no-border cds--data-table cds--data-table--md">
-          <tbody>
-            <tr *ngFor="let tag of selection.tagset | keyvalue">
-              <td i18n
-                  class="bold w-25">{{tag.key}}</td>
-              <td class="w-75">{{ tag.value }}</td>
-            </tr>
-          </tbody>
-        </table>
-      </ng-container>
+        <!-- Tags -->
+        <ng-container *ngIf="(selection.tagset | keyvalue)?.length">
+          <legend i18n>Tags</legend>
+          <table class="cds--data-table--sort cds--data-table--no-border cds--data-table cds--data-table--md">
+            <tbody>
+              <tr *ngFor="let tag of selection.tagset | keyvalue">
+                <td i18n
+                    class="bold w-25">{{tag.key}}</td>
+                <td class="w-75">{{ tag.value }}</td>
+              </tr>
+            </tbody>
+          </table>
+        </ng-container>
+
 
+        <!-- Bucket Rate Limit -->
+        <ng-container *ngIf="!!bucketRateLimit">
+          <cd-rgw-rate-limit-details [rateLimitConfig]="bucketRateLimit"
+                                     [type]="'bucket'"></cd-rgw-rate-limit-details>
+        </ng-container>
       </ng-template>
     </ng-container>
 

src/pybind/mgr/dashboard/frontend/src/app/ceph/rgw/rgw-bucket-details/rgw-bucket-details.component.spec.ts

@@ -41,4 +41,126 @@ describe('RgwBucketDetailsComponent', () => {
     component.ngOnChanges();
     expect(rgwBucketServiceGetSpy).toHaveBeenCalled();
   });
+  it('should retrieve bucket details and set selection when selection is provided', () => {
+    const bucket = { bid: 'bucket', acl: '<xml></xml>', owner: 'owner' };
+    rgwBucketServiceGetSpy.and.returnValue(of(bucket));
+    component.selection = { bid: 'bucket' };
+    component.ngOnChanges();
+    expect(rgwBucketServiceGetSpy).toHaveBeenCalledWith('bucket');
+    expect(component.selection).toEqual(jasmine.objectContaining(bucket));
+  });
+
+  it('should set default lifecycle when lifecycleFormat is json and lifecycle is not provided', () => {
+    const bucket = { bid: 'bucket', acl: '<xml></xml>', owner: 'owner' };
+    rgwBucketServiceGetSpy.and.returnValue(of(bucket));
+    component.selection = { bid: 'bucket' };
+    component.lifecycleFormat = 'json';
+    component.ngOnChanges();
+    expect(component.selection.lifecycle).toEqual({});
+  });
+
+  it('should parse ACL and set aclPermissions', () => {
+    const bucket = { bid: 'bucket', acl: '<xml></xml>', owner: 'owner' };
+    rgwBucketServiceGetSpy.and.returnValue(of(bucket));
+    spyOn(component, 'parseXmlAcl').and.returnValue({ Owner: ['READ'] });
+    component.selection = { bid: 'bucket' };
+    component.ngOnChanges();
+    expect(component.aclPermissions).toEqual({ Owner: ['READ'] });
+  });
+
+  it('should set replicationStatus when replication status is provided', () => {
+    const bucket = {
+      bid: 'bucket',
+      acl: '<xml></xml>',
+      owner: 'owner',
+      replication: { Rule: { Status: 'Enabled' } }
+    };
+    rgwBucketServiceGetSpy.and.returnValue(of(bucket));
+    component.selection = { bid: 'bucket' };
+    component.ngOnChanges();
+    expect(component.replicationStatus).toBe('Disabled');
+  });
+
+  it('should set bucketRateLimit when getBucketRateLimit is called', () => {
+    const rateLimit = { bucket_ratelimit: { max_size: 1000 } };
+    spyOn(rgwBucketService, 'getBucketRateLimit').and.returnValue(of(rateLimit));
+    component.selection = { bid: 'bucket' };
+    component.ngOnChanges();
+    expect(component.bucketRateLimit).toEqual(rateLimit.bucket_ratelimit);
+  });
+
+  it('should return default permissions when ACL is empty', () => {
+    const xml = `
+    <AccessControlPolicy>
+      <AccessControlList>
+        <Grant>
+        </Grant>
+      </AccessControlList>
+    </AccessControlPolicy>
+  `;
+    const result = component.parseXmlAcl(xml, 'owner');
+    expect(result).toEqual({
+      Owner: ['-'],
+      AllUsers: ['-'],
+      AuthenticatedUsers: ['-']
+    });
+  });
+
+  it('should return owner permissions when ACL contains owner ID', () => {
+    const xml = `
+    <AccessControlPolicy>
+      <AccessControlList>
+        <Grant>
+          <Grantee>
+            <ID>owner</ID>
+          </Grantee>
+          <Permission>FULL_CONTROL</Permission>
+        </Grant>
+      </AccessControlList>
+    </AccessControlPolicy>
+  `;
+    const result = component.parseXmlAcl(xml, 'owner');
+    expect(result.Owner).toEqual('FULL_CONTROL');
+  });
+
+  it('should return group permissions when ACL contains group URI', () => {
+    const xml = `
+    <AccessControlPolicy>
+      <AccessControlList>
+        <Grant>
+          <Grantee>
+            <URI>http://acs.amazonaws.com/groups/global/AllUsers</URI>
+          </Grantee>
+          <Permission>READ</Permission>
+        </Grant>
+      </AccessControlList>
+    </AccessControlPolicy>
+  `;
+    const result = component.parseXmlAcl(xml, 'owner');
+    expect(result.AllUsers).toEqual(['-']);
+  });
+
+  it('should handle multiple grants correctly', () => {
+    const xml = `
+    <AccessControlPolicy>
+      <AccessControlList>
+        <Grant>
+          <Grantee>
+            <URI>http://acs.amazonaws.com/groups/global/AllUsers</URI>
+          </Grantee>
+          <Permission>READ</Permission>
+        </Grant>
+        <Grant>
+          <Grantee>
+            <URI>http://acs.amazonaws.com/groups/global/AuthenticatedUsers</URI>
+          </Grantee>
+          <Permission>WRITE</Permission>
+        </Grant>
+      </AccessControlList>
+    </AccessControlPolicy>
+  `;
+    const result = component.parseXmlAcl(xml, 'owner');
+    expect(result.AllUsers).toEqual(['READ']);
+    expect(result.AuthenticatedUsers).toEqual(['WRITE']);
+  });
 });

src/pybind/mgr/dashboard/frontend/src/app/ceph/rgw/rgw-bucket-details/rgw-bucket-details.component.ts

@@ -3,6 +3,7 @@ import { Component, Input, OnChanges } from '@angular/core';
 import { RgwBucketService } from '~/app/shared/api/rgw-bucket.service';
 
 import * as xml2js from 'xml2js';
+import { RgwRateLimitConfig } from '../models/rgw-rate-limit';
 
 @Component({
   selector: 'cd-rgw-bucket-details',
@@ -21,6 +22,7 @@ export class RgwBucketDetailsComponent implements OnChanges {
   lifecycleFormat: 'json' | 'xml' = 'json';
   aclPermissions: Record<string, string[]> = {};
   replicationStatus = $localize`Disabled`;
+  bucketRateLimit: RgwRateLimitConfig;
 
   constructor(private rgwBucketService: RgwBucketService) {}
 
@@ -46,6 +48,11 @@ export class RgwBucketDetailsComponent implements OnChanges {
           );
         }
       });
+      this.rgwBucketService.getBucketRateLimit(this.selection.bid).subscribe((resp: any) => {
+        if (resp && resp.bucket_ratelimit !== undefined) {
+          this.bucketRateLimit = resp.bucket_ratelimit;
+        }
+      });
     }
   }