Merge pull request ceph#54295 from rhcs-dashboard/edit-bucket-acl-tags

mgr/dashboard: add ACLs

Reviewed-by: afreen23 <NOT@FOUND>
Reviewed-by: Ankush Behl <[email protected]>
Reviewed-by: Nizamudeen A <[email protected]>

Author: nizamial09

src/pybind/mgr/dashboard/controllers/rgw.py

@@ -304,6 +304,14 @@ def _set_tags(self, bucket_name, tags, daemon_name, owner):
         rgw_client = RgwClient.instance(owner, daemon_name)
         return rgw_client.set_tags(bucket_name, tags)
 
+    def _get_acl(self, bucket_name, daemon_name, owner):
+        rgw_client = RgwClient.instance(owner, daemon_name)
+        return str(rgw_client.get_acl(bucket_name))
+
+    def _set_acl(self, bucket_name: str, acl: str, owner, daemon_name):
+        rgw_client = RgwClient.instance(owner, daemon_name)
+        return rgw_client.set_acl(bucket_name, acl)
+
     @staticmethod
     def strip_tenant_from_bucket_name(bucket_name):
         # type (str) -> str
@@ -357,6 +365,7 @@ def get(self, bucket, daemon_name=None):
         result['versioning'] = versioning['Status']
         result['mfa_delete'] = versioning['MfaDelete']
         result['bucket_policy'] = self._get_policy(bucket_name)
+        result['acl'] = self._get_acl(bucket_name, daemon_name, result['owner'])
 
         # Append the locking configuration.
         locking = self._get_locking(result['owner'], daemon_name, bucket_name)
@@ -370,7 +379,7 @@ def create(self, bucket, uid, zonegroup=None, placement_target=None,
                lock_retention_period_days=None,
                lock_retention_period_years=None, encryption_state='false',
                encryption_type=None, key_id=None, tags=None,
-               bucket_policy=None, daemon_name=None):
+               bucket_policy=None, canned_acl=None, daemon_name=None):
         lock_enabled = str_to_bool(lock_enabled)
         encryption_state = str_to_bool(encryption_state)
         try:
@@ -392,6 +401,9 @@ def create(self, bucket, uid, zonegroup=None, placement_target=None,
             if bucket_policy:
                 self._set_policy(bucket, bucket_policy, daemon_name, uid)
 
+            if canned_acl:
+                self._set_acl(bucket, canned_acl, uid, daemon_name)
+
             return result
         except RequestException as e:  # pragma: no cover - handling is too obvious
             raise DashboardException(e, http_status_code=500, component='rgw')
@@ -401,7 +413,8 @@ def set(self, bucket, bucket_id, uid, versioning_state=None,
             encryption_state='false', encryption_type=None, key_id=None,
             mfa_delete=None, mfa_token_serial=None, mfa_token_pin=None,
             lock_mode=None, lock_retention_period_days=None,
-            lock_retention_period_years=None, tags=None, bucket_policy=None, daemon_name=None):
+            lock_retention_period_years=None, tags=None, bucket_policy=None,
+            canned_acl=None, daemon_name=None):
         encryption_state = str_to_bool(encryption_state)
         # When linking a non-tenant-user owned bucket to a tenanted user, we
         # need to prefix bucket name with '/'. e.g. photos -> /photos
@@ -444,7 +457,9 @@ def set(self, bucket, bucket_id, uid, versioning_state=None,
         if tags:
             self._set_tags(bucket_name, tags, daemon_name, uid)
         if bucket_policy:
-            self._set_policy(bucket, bucket_policy, daemon_name, uid)
+            self._set_policy(bucket_name, bucket_policy, daemon_name, uid)
+        if canned_acl:
+            self._set_acl(bucket_name, canned_acl, uid, daemon_name)
         return self._append_bid(result)
 
     def delete(self, bucket, purge_objects='true', daemon_name=None):