1313
1414#include " rgw_common.h"
1515#include " rgw_op.h"
16+ #include " rgw_process_env.h"
1617#include " rgw_rest.h"
17- #include " rgw_role .h"
18+ #include " rgw_rest_conn .h"
1819#include " rgw_rest_role.h"
20+ #include " rgw_role.h"
1921#include " rgw_sal.h"
2022
2123#define dout_subsys ceph_subsys_rgw
2224
2325using namespace std ;
2426
27+ int forward_iam_request_to_master (const DoutPrefixProvider* dpp,
28+ const rgw::SiteConfig& site,
29+ const RGWUserInfo& user,
30+ bufferlist& indata,
31+ RGWXMLDecoder::XMLParser& parser,
32+ req_info& req, optional_yield y)
33+ {
34+ const auto & period = site.get_period ();
35+ if (!period) {
36+ return 0 ; // not multisite
37+ }
38+ if (site.is_meta_master ()) {
39+ return 0 ; // don't need to forward metadata requests
40+ }
41+ const auto & pmap = period->period_map ;
42+ auto zg = pmap.zonegroups .find (pmap.master_zonegroup );
43+ if (zg == pmap.zonegroups .end ()) {
44+ return -EINVAL;
45+ }
46+ auto z = zg->second .zones .find (zg->second .master_zone );
47+ if (z == zg->second .zones .end ()) {
48+ return -EINVAL;
49+ }
50+
51+ RGWAccessKey creds;
52+ if (auto i = user.access_keys .begin (); i != user.access_keys .end ()) {
53+ creds.id = i->first ;
54+ creds.key = i->second .key ;
55+ }
56+
57+ // use the master zone's endpoints
58+ auto conn = RGWRESTConn{dpp->get_cct (), z->second .id , z->second .endpoints ,
59+ std::move (creds), zg->second .id , zg->second .api_name };
60+ bufferlist outdata;
61+ constexpr size_t max_response_size = 128 * 1024 ; // we expect a very small response
62+ int ret = conn.forward_iam_request (dpp, creds, req, nullptr , max_response_size,
63+ &indata, &outdata, y);
64+ if (ret < 0 ) {
65+ return ret;
66+ }
67+
68+ std::string r = outdata.to_str ();
69+ boost::replace_all (r, " "" " \" "
70+
71+ if (!parser.parse (r.c_str (), r.length (), 1 )) {
72+ ldpp_dout (dpp, 0 ) << " ERROR: failed to parse response from master zonegroup"
73+ return -EIO;
74+ }
75+ return 0 ;
76+ }
77+
2578int RGWRestRole::verify_permission (optional_yield y)
2679{
2780 if (s->auth .identity ->is_anonymous ()) {
@@ -209,7 +262,8 @@ void RGWCreateRole::execute(optional_yield y)
209262
210263 std::string role_id;
211264
212- if (!driver->is_meta_master ()) {
265+ const rgw::SiteConfig& site = *s->penv .site ;
266+ if (!site.is_meta_master ()) {
213267 RGWXMLDecoder::XMLParser parser;
214268 if (!parser.init ()) {
215269 ldpp_dout (this , 0 ) << " ERROR: failed to initialize xml parser"
@@ -231,15 +285,8 @@ void RGWCreateRole::execute(optional_yield y)
231285 }
232286 }
233287
234- RGWUserInfo info = s->user ->get_info ();
235- const auto & it = info.access_keys .begin ();
236- RGWAccessKey key;
237- if (it != info.access_keys .end ()) {
238- key.id = it->first ;
239- RGWAccessKey cred = it->second ;
240- key.key = cred.key ;
241- }
242- op_ret = driver->forward_iam_request_to_master (s, key, nullptr , bl_post_body, &parser, s->info , y);
288+ op_ret = forward_iam_request_to_master (this , site, s->user ->get_info (),
289+ bl_post_body, parser, s->info , y);
243290 if (op_ret < 0 ) {
244291 ldpp_dout (this , 20 ) << " ERROR: forward_iam_request_to_master failed with error code: "
245292 return ;
@@ -316,13 +363,13 @@ int RGWDeleteRole::get_params()
316363void RGWDeleteRole::execute (optional_yield y)
317364{
318365 bool is_master = true ;
319- int master_op_ret = 0 ;
320366 op_ret = get_params ();
321367 if (op_ret < 0 ) {
322368 return ;
323369 }
324370
325- if (!driver->is_meta_master ()) {
371+ const rgw::SiteConfig& site = *s->penv .site ;
372+ if (!site.is_meta_master ()) {
326373 is_master = false ;
327374 RGWXMLDecoder::XMLParser parser;
328375 if (!parser.init ()) {
@@ -335,17 +382,9 @@ void RGWDeleteRole::execute(optional_yield y)
335382 s->info .args .remove (" Action"
336383 s->info .args .remove (" Version"
337384
338- RGWUserInfo info = s->user ->get_info ();
339- const auto & it = info.access_keys .begin ();
340- RGWAccessKey key;
341- if (it != info.access_keys .end ()) {
342- key.id = it->first ;
343- RGWAccessKey cred = it->second ;
344- key.key = cred.key ;
345- }
346- master_op_ret = driver->forward_iam_request_to_master (s, key, nullptr , bl_post_body, &parser, s->info , y);
347- if (master_op_ret < 0 ) {
348- op_ret = master_op_ret;
385+ op_ret = forward_iam_request_to_master (this , site, s->user ->get_info (),
386+ bl_post_body, parser, s->info , y);
387+ if (op_ret < 0 ) {
349388 ldpp_dout (this , 0 ) << " forward_iam_request_to_master returned ret="
350389 return ;
351390 }
@@ -355,7 +394,7 @@ void RGWDeleteRole::execute(optional_yield y)
355394
356395 if (op_ret == -ENOENT) {
357396 // Role has been deleted since metadata from master has synced up
358- if (!is_master && master_op_ret == 0 ) {
397+ if (!is_master) {
359398 op_ret = 0 ;
360399 } else {
361400 op_ret = -ERR_NO_ROLE_FOUND;
@@ -466,7 +505,8 @@ void RGWModifyRoleTrustPolicy::execute(optional_yield y)
466505 return ;
467506 }
468507
469- if (!driver->is_meta_master ()) {
508+ const rgw::SiteConfig& site = *s->penv .site ;
509+ if (!site.is_meta_master ()) {
470510 RGWXMLDecoder::XMLParser parser;
471511 if (!parser.init ()) {
472512 ldpp_dout (this , 0 ) << " ERROR: failed to initialize xml parser"
@@ -480,15 +520,8 @@ void RGWModifyRoleTrustPolicy::execute(optional_yield y)
480520 s->info .args .remove (" Action"
481521 s->info .args .remove (" Version"
482522
483- RGWUserInfo info = s->user ->get_info ();
484- const auto & it = info.access_keys .begin ();
485- RGWAccessKey key;
486- if (it != info.access_keys .end ()) {
487- key.id = it->first ;
488- RGWAccessKey cred = it->second ;
489- key.key = cred.key ;
490- }
491- op_ret = driver->forward_iam_request_to_master (s, key, nullptr , bl_post_body, &parser, s->info , y);
523+ op_ret = forward_iam_request_to_master (this , site, s->user ->get_info (),
524+ bl_post_body, parser, s->info , y);
492525 if (op_ret < 0 ) {
493526 ldpp_dout (this , 20 ) << " ERROR: forward_iam_request_to_master failed with error code: "
494527 return ;
@@ -590,7 +623,8 @@ void RGWPutRolePolicy::execute(optional_yield y)
590623 return ;
591624 }
592625
593- if (!driver->is_meta_master ()) {
626+ const rgw::SiteConfig& site = *s->penv .site ;
627+ if (!site.is_meta_master ()) {
594628 RGWXMLDecoder::XMLParser parser;
595629 if (!parser.init ()) {
596630 ldpp_dout (this , 0 ) << " ERROR: failed to initialize xml parser"
@@ -605,15 +639,8 @@ void RGWPutRolePolicy::execute(optional_yield y)
605639 s->info .args .remove (" Action"
606640 s->info .args .remove (" Version"
607641
608- RGWUserInfo info = s->user ->get_info ();
609- const auto & it = info.access_keys .begin ();
610- RGWAccessKey key;
611- if (it != info.access_keys .end ()) {
612- key.id = it->first ;
613- RGWAccessKey cred = it->second ;
614- key.key = cred.key ;
615- }
616- op_ret = driver->forward_iam_request_to_master (s, key, nullptr , bl_post_body, &parser, s->info , y);
642+ op_ret = forward_iam_request_to_master (this , site, s->user ->get_info (),
643+ bl_post_body, parser, s->info , y);
617644 if (op_ret < 0 ) {
618645 ldpp_dout (this , 20 ) << " ERROR: forward_iam_request_to_master failed with error code: "
619646 return ;
@@ -723,7 +750,8 @@ void RGWDeleteRolePolicy::execute(optional_yield y)
723750 return ;
724751 }
725752
726- if (!driver->is_meta_master ()) {
753+ const rgw::SiteConfig& site = *s->penv .site ;
754+ if (!site.is_meta_master ()) {
727755 RGWXMLDecoder::XMLParser parser;
728756 if (!parser.init ()) {
729757 ldpp_dout (this , 0 ) << " ERROR: failed to initialize xml parser"
@@ -737,15 +765,8 @@ void RGWDeleteRolePolicy::execute(optional_yield y)
737765 s->info .args .remove (" Action"
738766 s->info .args .remove (" Version"
739767
740- RGWUserInfo info = s->user ->get_info ();
741- const auto & it = info.access_keys .begin ();
742- RGWAccessKey key;
743- if (it != info.access_keys .end ()) {
744- key.id = it->first ;
745- RGWAccessKey cred = it->second ;
746- key.key = cred.key ;
747- }
748- op_ret = driver->forward_iam_request_to_master (s, key, nullptr , bl_post_body, &parser, s->info , y);
768+ op_ret = forward_iam_request_to_master (this , site, s->user ->get_info (),
769+ bl_post_body, parser, s->info , y);
749770 if (op_ret < 0 ) {
750771 ldpp_dout (this , 20 ) << " ERROR: forward_iam_request_to_master failed with error code: "
751772 return ;
@@ -792,7 +813,8 @@ void RGWTagRole::execute(optional_yield y)
792813 return ;
793814 }
794815
795- if (!driver->is_meta_master ()) {
816+ const rgw::SiteConfig& site = *s->penv .site ;
817+ if (!site.is_meta_master ()) {
796818 RGWXMLDecoder::XMLParser parser;
797819 if (!parser.init ()) {
798820 ldpp_dout (this , 0 ) << " ERROR: failed to initialize xml parser"
@@ -811,15 +833,8 @@ void RGWTagRole::execute(optional_yield y)
811833 }
812834 }
813835
814- RGWUserInfo info = s->user ->get_info ();
815- const auto & it = info.access_keys .begin ();
816- RGWAccessKey key;
817- if (it != info.access_keys .end ()) {
818- key.id = it->first ;
819- RGWAccessKey cred = it->second ;
820- key.key = cred.key ;
821- }
822- op_ret = driver->forward_iam_request_to_master (s, key, nullptr , bl_post_body, &parser, s->info , y);
836+ op_ret = forward_iam_request_to_master (this , site, s->user ->get_info (),
837+ bl_post_body, parser, s->info , y);
823838 if (op_ret < 0 ) {
824839 ldpp_dout (this , 20 ) << " ERROR: forward_iam_request_to_master failed with error code: "
825840 return ;
@@ -906,7 +921,8 @@ void RGWUntagRole::execute(optional_yield y)
906921 return ;
907922 }
908923
909- if (!driver->is_meta_master ()) {
924+ const rgw::SiteConfig& site = *s->penv .site ;
925+ if (!site.is_meta_master ()) {
910926 RGWXMLDecoder::XMLParser parser;
911927 if (!parser.init ()) {
912928 ldpp_dout (this , 0 ) << " ERROR: failed to initialize xml parser"
@@ -929,15 +945,8 @@ void RGWUntagRole::execute(optional_yield y)
929945 for (auto & it : iters) {
930946 val_map.erase (it);
931947 }
932- RGWUserInfo info = s->user ->get_info ();
933- const auto & it = info.access_keys .begin ();
934- RGWAccessKey key;
935- if (it != info.access_keys .end ()) {
936- key.id = it->first ;
937- RGWAccessKey cred = it->second ;
938- key.key = cred.key ;
939- }
940- op_ret = driver->forward_iam_request_to_master (s, key, nullptr , bl_post_body, &parser, s->info , y);
948+ op_ret = forward_iam_request_to_master (this , site, s->user ->get_info (),
949+ bl_post_body, parser, s->info , y);
941950 if (op_ret < 0 ) {
942951 ldpp_dout (this , 20 ) << " ERROR: forward_iam_request_to_master failed with error code: "
943952 return ;
@@ -976,7 +985,8 @@ void RGWUpdateRole::execute(optional_yield y)
976985 return ;
977986 }
978987
979- if (!driver->is_meta_master ()) {
988+ const rgw::SiteConfig& site = *s->penv .site ;
989+ if (!site.is_meta_master ()) {
980990 RGWXMLDecoder::XMLParser parser;
981991 if (!parser.init ()) {
982992 ldpp_dout (this , 0 ) << " ERROR: failed to initialize xml parser"
@@ -990,15 +1000,8 @@ void RGWUpdateRole::execute(optional_yield y)
9901000 s->info .args .remove (" Action"
9911001 s->info .args .remove (" Version"
9921002
993- RGWUserInfo info = s->user ->get_info ();
994- const auto & it = info.access_keys .begin ();
995- RGWAccessKey key;
996- if (it != info.access_keys .end ()) {
997- key.id = it->first ;
998- RGWAccessKey cred = it->second ;
999- key.key = cred.key ;
1000- }
1001- op_ret = driver->forward_iam_request_to_master (s, key, nullptr , bl_post_body, &parser, s->info , y);
1003+ op_ret = forward_iam_request_to_master (this , site, s->user ->get_info (),
1004+ bl_post_body, parser, s->info , y);
10021005 if (op_ret < 0 ) {
10031006 ldpp_dout (this , 20 ) << " ERROR: forward_iam_request_to_master failed with error code: "
10041007 return ;
0 commit comments