Merge pull request ceph#54048 from rhcs-dashboard/rgw-bucket-policy

mgr/dashboard: get object bucket policies for a bucket

Reviewed-by: Pedro Gonzalez Gomez <[email protected]>
Reviewed-by: Ankush Behl <[email protected]>

Author: nizamial09

src/pybind/mgr/dashboard/controllers/rgw.py

@@ -276,6 +276,10 @@ def _set_locking(self, owner, daemon_name, bucket_name, mode,
                                              retention_period_days,
                                              retention_period_years)
 
+    def _get_policy(self, bucket: str):
+        rgw_client = RgwClient.admin_instance()
+        return rgw_client.get_bucket_policy(bucket)
+
     @staticmethod
     def strip_tenant_from_bucket_name(bucket_name):
         # type (str) -> str
@@ -328,6 +332,7 @@ def get(self, bucket, daemon_name=None):
         result['encryption'] = encryption['Status']
         result['versioning'] = versioning['Status']
         result['mfa_delete'] = versioning['MfaDelete']
+        result['policy'] = self._get_policy(bucket_name)
 
         # Append the locking configuration.
         locking = self._get_locking(result['owner'], daemon_name, bucket_name)

src/pybind/mgr/dashboard/frontend/src/app/ceph/rgw/rgw-bucket-details/rgw-bucket-details.component.html

@@ -1,94 +1,125 @@
 <ng-container *ngIf="selection">
-  <table class="table table-striped table-bordered">
-    <tbody>
-      <tr>
-        <td i18n
-            class="bold w-25">Versioning</td>
-        <td class="w-75">{{ selection.versioning }}</td>
-      </tr>
-      <tr>
-        <td i18n
-            class="bold">Encryption</td>
-        <td>{{ selection.encryption }}</td>
-      </tr>
-      <tr>
-        <td i18n
-            class="bold">MFA Delete</td>
-        <td>{{ selection.mfa_delete }}</td>
-      </tr>
-      <tr>
-        <td i18n
-            class="bold">Index type</td>
-        <td>{{ selection.index_type }}</td>
-      </tr>
-      <tr>
-        <td i18n
-            class="bold">Placement rule</td>
-        <td>{{ selection.placement_rule }}</td>
-      </tr>
-      <tr>
-        <td i18n
-            class="bold">Last modification time</td>
-        <td>{{ selection.mtime | cdDate }}</td>
-      </tr>
-    </tbody>
-  </table>
+  <nav ngbNav
+       #nav="ngbNav"
+       class="nav-tabs"
+       cdStatefulTab="rgw-bucket-details">
+    <ng-container ngbNavItem="details">
+      <a ngbNavLink
+         i18n>Details</a>
+      <ng-template ngbNavContent>
 
-  <!-- Bucket quota -->
-  <div>
-    <legend i18n>Bucket quota</legend>
-    <table class="table table-striped table-bordered">
-      <tbody>
-        <tr>
-          <td i18n
-              class="bold w-25">Enabled</td>
-          <td class="w-75">{{ selection.bucket_quota.enabled | booleanText }}</td>
-        </tr>
-        <ng-container *ngIf="selection.bucket_quota.enabled">
-          <tr>
-            <td i18n
-                class="bold">Maximum size</td>
-            <td *ngIf="selection.bucket_quota.max_size <= -1"
-                i18n>Unlimited</td>
-            <td *ngIf="selection.bucket_quota.max_size > -1">
-              {{ selection.bucket_quota.max_size | dimless }}
-            </td>
-          </tr>
-          <tr>
-            <td i18n
-                class="bold">Maximum objects</td>
-            <td *ngIf="selection.bucket_quota.max_objects <= -1"
-                i18n>Unlimited</td>
-            <td *ngIf="selection.bucket_quota.max_objects > -1">
-              {{ selection.bucket_quota.max_objects }}
-            </td>
-          </tr>
-        </ng-container>
-      </tbody>
-    </table>
-  </div>
+        <table class="table table-striped table-bordered">
+          <tbody>
+            <tr>
+              <td i18n
+                  class="bold w-25">Versioning</td>
+              <td class="w-75">{{ selection.versioning }}</td>
+            </tr>
+            <tr>
+              <td i18n
+                  class="bold">Encryption</td>
+              <td>{{ selection.encryption }}</td>
+            </tr>
+            <tr>
+              <td i18n
+                  class="bold">MFA Delete</td>
+              <td>{{ selection.mfa_delete }}</td>
+            </tr>
+            <tr>
+              <td i18n
+                  class="bold">Index type</td>
+              <td>{{ selection.index_type }}</td>
+            </tr>
+            <tr>
+              <td i18n
+                  class="bold">Placement rule</td>
+              <td>{{ selection.placement_rule }}</td>
+            </tr>
+            <tr>
+              <td i18n
+                  class="bold">Last modification time</td>
+              <td>{{ selection.mtime | cdDate }}</td>
+            </tr>
+          </tbody>
+        </table>
 
-  <!-- Locking -->
-  <legend i18n>Locking</legend>
-  <table class="table table-striped table-bordered">
-    <tbody>
-      <tr>
-        <td i18n
-            class="bold w-25">Enabled</td>
-        <td class="w-75">{{ selection.lock_enabled | booleanText }}</td>
-      </tr>
-      <ng-container *ngIf="selection.lock_enabled">
-        <tr>
-          <td i18n
-              class="bold">Mode</td>
-          <td>{{ selection.lock_mode }}</td>
-        </tr>
-        <tr>
-          <td i18n
-              class="bold">Days</td>
-          <td>{{ selection.lock_retention_period_days }}</td>
-        </tr>
-      </ng-container>
-    </tbody>
-  </table>
+        <!-- Bucket quota -->
+        <div>
+          <legend i18n>Bucket quota</legend>
+          <table class="table table-striped table-bordered">
+            <tbody>
+              <tr>
+                <td i18n
+                    class="bold w-25">Enabled</td>
+                <td class="w-75">{{ selection.bucket_quota.enabled | booleanText }}</td>
+              </tr>
+              <ng-container *ngIf="selection.bucket_quota.enabled">
+                <tr>
+                  <td i18n
+                      class="bold">Maximum size</td>
+                  <td *ngIf="selection.bucket_quota.max_size <= -1"
+                      i18n>Unlimited</td>
+                  <td *ngIf="selection.bucket_quota.max_size > -1">
+                    {{ selection.bucket_quota.max_size | dimless }}
+                  </td>
+                </tr>
+                <tr>
+                  <td i18n
+                      class="bold">Maximum objects</td>
+                  <td *ngIf="selection.bucket_quota.max_objects <= -1"
+                      i18n>Unlimited</td>
+                  <td *ngIf="selection.bucket_quota.max_objects > -1">
+                    {{ selection.bucket_quota.max_objects }}
+                  </td>
+                </tr>
+              </ng-container>
+            </tbody>
+          </table>
+        </div>
+
+        <!-- Locking -->
+        <legend i18n>Locking</legend>
+        <table class="table table-striped table-bordered">
+          <tbody>
+            <tr>
+              <td i18n
+                  class="bold w-25">Enabled</td>
+              <td class="w-75">{{ selection.lock_enabled | booleanText }}</td>
+            </tr>
+            <ng-container *ngIf="selection.lock_enabled">
+              <tr>
+                <td i18n
+                    class="bold">Mode</td>
+                <td>{{ selection.lock_mode }}</td>
+              </tr>
+              <tr>
+                <td i18n
+                    class="bold">Days</td>
+                <td>{{ selection.lock_retention_period_days }}</td>
+              </tr>
+            </ng-container>
+          </tbody>
+        </table>
+      </ng-template>
+    </ng-container>
+
+    <ng-container ngbNavItem="permissions">
+      <a ngbNavLink
+         i18n>Permissions</a>
+      <ng-template ngbNavContent>
+
+        <table class="table table-striped table-bordered">
+          <tbody>
+            <tr>
+              <td i18n
+                  class="bold w-25">Policy</td>
+              <td><pre>{{ selection.policy | json}}</pre></td>
+            </tr>
+          </tbody>
+        </table>
+      </ng-template>
+    </ng-container>
+  </nav>
+
+  <div [ngbNavOutlet]="nav"></div>
 </ng-container>

src/pybind/mgr/dashboard/frontend/src/app/ceph/rgw/rgw-bucket-details/rgw-bucket-details.component.spec.ts

@@ -8,6 +8,7 @@ import { CdTableSelection } from '~/app/shared/models/cd-table-selection';
 import { SharedModule } from '~/app/shared/shared.module';
 import { configureTestBed } from '~/testing/unit-test-helper';
 import { RgwBucketDetailsComponent } from './rgw-bucket-details.component';
+import { NgbNavModule } from '@ng-bootstrap/ng-bootstrap';
 
 describe('RgwBucketDetailsComponent', () => {
   let component: RgwBucketDetailsComponent;
@@ -17,7 +18,7 @@ describe('RgwBucketDetailsComponent', () => {
 
   configureTestBed({
     declarations: [RgwBucketDetailsComponent],
-    imports: [SharedModule, HttpClientTestingModule]
+    imports: [SharedModule, HttpClientTestingModule, NgbNavModule]
   });
 
   beforeEach(() => {

src/pybind/mgr/dashboard/frontend/src/app/ceph/rgw/rgw-bucket-details/rgw-bucket-details.component.ts

@@ -18,6 +18,7 @@ export class RgwBucketDetailsComponent implements OnChanges {
       this.rgwBucketService.get(this.selection.bid).subscribe((bucket: object) => {
         bucket['lock_retention_period_days'] = this.rgwBucketService.getLockDays(bucket);
         this.selection = bucket;
+        this.selection.policy = JSON.parse(this.selection.policy) || {};
       });
     }
   }

src/pybind/mgr/dashboard/services/rgw_client.py

@@ -852,6 +852,27 @@ def create_role(self, role_name: str, role_path: str, role_assume_policy_doc: st
                    f' For more information about the format look at {link}')
             raise DashboardException(msg=msg, component='rgw')
 
+    @RestClient.api_get('/{bucket_name}?policy')
+    def get_bucket_policy(self, bucket_name: str, request=None):
+        """
+        Gets the bucket policy for a bucket.
+        :param bucket_name: The name of the bucket.
+        :type bucket_name: str
+        :rtype: None
+        """
+        # pylint: disable=unused-argument
+
+        try:
+            request = request()
+            return request
+        except RequestException as e:
+            if e.content:
+                content = json_str_to_object(e.content)
+                if content.get(
+                        'Code') == 'NoSuchBucketPolicy':
+                    return None
+            raise e
+
     def perform_validations(self, retention_period_days, retention_period_years, mode):
         try:
             retention_period_days = int(retention_period_days) if retention_period_days else 0