rgw/admin : add account support in go-ceph

Signed-off-by: Jiffin Tony Thottan <[email protected]>

Author: thotz

micro-osd.sh

@@ -166,7 +166,7 @@ launch_radosgw() {
     # not going to try to make shellcheck happy with this line at this time
     # shellcheck disable=SC2016
     timeout 60 sh -c 'until [ $(ceph -s | grep -c "rgw:") -eq 1 ]; do echo "waiting for rgw to show up" && sleep 1; done'
-    radosgw-admin user create --uid admin --display-name "Admin User" --caps "buckets=*;users=*;usage=read;metadata=read" --access-key="$S3_ACCESS_KEY" --secret-key="$S3_SECRET_KEY"
+    radosgw-admin user create --uid admin --display-name "Admin User" --caps "buckets=*;users=*;usage=read;metadata=read;accounts=*" --access-key="$S3_ACCESS_KEY" --secret-key="$S3_SECRET_KEY"
 }
 
 launch_radosgw2() {

rgw/admin/account.go

@@ -0,0 +1,96 @@
+//go:build ceph_preview && !squid
+
+package admin
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"net/http"
+)
+
+// Account represents an RGW account
+type Account struct {
+	ID            string    `json:"id" url:"id"`
+	Name          string    `json:"name" url:"name"`
+	Email         string    `json:"email" url:"email"`
+	Tenant        string    `json:"tenant" url:"tenant"`
+	MaxUsers      *int64    `json:"max_users" url:"max-users"`
+	MaxRoles      *int64    `json:"max_roles" url:"max-roles"`
+	MaxGroups     *int64    `json:"max_groups" url:"max-groups"`
+	MaxAccessKeys *int64    `json:"max_access_keys" url:"max-access-keys"`
+	MaxBuckets    *int64    `json:"max_buckets" url:"max-buckets"`
+	Quota         QuotaSpec `json:"quota"`
+	BucketQuota   QuotaSpec `json:"bucket_quota"`
+}
+
+// CreateAccount will create a new RGW account
+func (api *API) CreateAccount(ctx context.Context, account Account) (Account, error) {
+
+	body, err := api.call(ctx, http.MethodPost, "/account", valueToURLParams(account, []string{"id", "name", "email", "tenant", "max-users", "max-roles", "max-groups", "max-access-keys", "max-buckets"}))
+	if err != nil {
+		return Account{}, err
+	}
+
+	a := Account{}
+	err = json.Unmarshal(body, &a)
+	if err != nil {
+		return Account{}, fmt.Errorf("%s. %s. %w", unmarshalError, string(body), err)
+	}
+
+	return a, nil
+}
+
+// GetAccount will return the RGW account details
+func (api *API) GetAccount(ctx context.Context, accountID string) (Account, error) {
+	if accountID == "" {
+		return Account{}, ErrInvalidArgument
+	}
+
+	body, err := api.call(ctx, http.MethodGet, "/account", valueToURLParams(Account{ID: accountID}, []string{"id"}))
+	if err != nil {
+		return Account{}, err
+	}
+
+	a := Account{}
+	err = json.Unmarshal(body, &a)
+	if err != nil {
+		return Account{}, fmt.Errorf("%s. %s. %w", unmarshalError, string(body), err)
+	}
+
+	return a, nil
+}
+
+// DeleteAccount will delete the RGW account
+func (api *API) DeleteAccount(ctx context.Context, accountID string) error {
+	if accountID == "" {
+		return ErrInvalidArgument
+	}
+
+	_, err := api.call(ctx, http.MethodDelete, "/account", valueToURLParams(Account{ID: accountID}, []string{"id"}))
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// ModifyAccount will modify the RGW account
+func (api *API) ModifyAccount(ctx context.Context, account Account) (Account, error) {
+	if account.ID == "" {
+		return Account{}, ErrInvalidArgument
+	}
+
+	body, err := api.call(ctx, http.MethodPut, "/account", valueToURLParams(account, []string{"id", "name", "email", "tenant", "max-users", "max-roles", "max-groups", "max-access-keys", "max-buckets"}))
+	if err != nil {
+		return Account{}, err
+	}
+
+	a := Account{}
+	err = json.Unmarshal(body, &a)
+	if err != nil {
+		return Account{}, fmt.Errorf("%s. %s. %w", unmarshalError, string(body), err)
+	}
+
+	return a, nil
+}

rgw/admin/account_test.go

@@ -0,0 +1,58 @@
+//go:build ceph_preview && !squid
+
+package admin
+
+import (
+	"context"
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func (suite *RadosGWTestSuite) TestAccount() {
+	suite.SetupConnection()
+	co, err := New(suite.endpoint, suite.accessKey, suite.secretKey, newDebugHTTPClient(http.DefaultClient))
+	assert.NoError(suite.T(), err)
+
+	suite.T().Run("successfully create account", func(_ *testing.T) {
+		account, err := co.CreateAccount(context.Background(), Account{ID: "RGW12345678901234567", Name: "test-account"})
+		assert.NoError(suite.T(), err)
+		assert.Equal(suite.T(), "RGW12345678901234567", account.ID)
+		assert.Equal(suite.T(), "test-account", account.Name)
+	})
+
+	suite.T().Run("fail to get account since no ID provided", func(_ *testing.T) {
+		_, err := co.GetAccount(context.Background(), "")
+		assert.ErrorIs(suite.T(), err, ErrInvalidArgument)
+	})
+
+	suite.T().Run("successfully get account", func(_ *testing.T) {
+		account, err := co.GetAccount(context.Background(), "RGW12345678901234567")
+		assert.NoError(suite.T(), err)
+		assert.Equal(suite.T(), "RGW12345678901234567", account.ID)
+		assert.Equal(suite.T(), "test-account", account.Name)
+	})
+
+	suite.T().Run("fail to modify account since no ID provided", func(_ *testing.T) {
+		_, err := co.ModifyAccount(context.Background(), Account{Name: "modified-account"})
+		assert.ErrorIs(suite.T(), err, ErrInvalidArgument)
+	})
+
+	suite.T().Run("successfully modify account", func(_ *testing.T) {
+		account, err := co.ModifyAccount(context.Background(), Account{ID: "RGW12345678901234567", Name: "modified-account"})
+		assert.NoError(suite.T(), err)
+		assert.Equal(suite.T(), "RGW12345678901234567", account.ID)
+		assert.Equal(suite.T(), "modified-account", account.Name)
+	})
+
+	suite.T().Run("fail to delete account since no ID provided", func(_ *testing.T) {
+		err := co.DeleteAccount(context.Background(), "")
+		assert.ErrorIs(suite.T(), err, ErrInvalidArgument)
+	})
+
+	suite.T().Run("successfully delete account", func(_ *testing.T) {
+		err := co.DeleteAccount(context.Background(), "RGW12345678901234567")
+		assert.NoError(suite.T(), err)
+	})
+}

rgw/admin/errors.go

@@ -85,6 +85,9 @@ const (
 	// ErrSignatureDoesNotMatch - the query to the API has invalid parameters
 	ErrSignatureDoesNotMatch errorReason = "SignatureDoesNotMatch"
 
+	// ErrAccountAlreadyExists indicates that the account already exists
+	ErrAccountAlreadyExists errorReason = "AccountAlreadyExists"
+
 	unmarshalError = "failed to unmarshal radosgw http response"
 )
 

rgw/admin/user.go

@@ -34,6 +34,8 @@ type User struct {
 	GenerateStat        *bool          `url:"stats"`
 	Stat                UserStat       `json:"stats"`
 	UserCaps            string         `url:"user-caps"`
+	AccountID           string         `json:"account_id" url:"account-id"`
+	AccountRoot         *bool          `url:"account-root"`
 }
 
 // SubuserSpec represents a subusers of a ceph-rgw user
@@ -160,7 +162,7 @@ func (api *API) CreateUser(ctx context.Context, user User) (User, error) {
 	}
 
 	// valid parameters not supported by go-ceph: system, exclusive, placement-tags
-	body, err := api.call(ctx, http.MethodPut, "/user", valueToURLParams(user, []string{"uid", "display-name", "default-placement", "email", "key-type", "access-key", "secret-key", "user-caps", "tenant", "generate-key", "max-buckets", "suspended", "op-mask"}))
+	body, err := api.call(ctx, http.MethodPut, "/user", valueToURLParams(user, []string{"uid", "display-name", "default-placement", "email", "key-type", "access-key", "secret-key", "user-caps", "tenant", "generate-key", "max-buckets", "suspended", "op-mask", "account-id", "account-root"}))
 	if err != nil {
 		return User{}, err
 	}
@@ -196,7 +198,7 @@ func (api *API) ModifyUser(ctx context.Context, user User) (User, error) {
 	}
 
 	// valid parameters not supported by go-ceph: system, placement-tags
-	body, err := api.call(ctx, http.MethodPost, "/user", valueToURLParams(user, []string{"uid", "display-name", "default-placement", "email", "generate-key", "access-key", "secret-key", "key-type", "max-buckets", "suspended", "op-mask"}))
+	body, err := api.call(ctx, http.MethodPost, "/user", valueToURLParams(user, []string{"uid", "display-name", "default-placement", "email", "generate-key", "access-key", "secret-key", "key-type", "max-buckets", "suspended", "op-mask", "account-id", "account-root"}))
 	if err != nil {
 		return User{}, err
 	}