rgw/admin : add account support in go-ceph

thotz · thotz · commit 79724222a032 · 2026-01-20T18:07:35.000+05:30
Signed-off-by: Jiffin Tony Thottan &lt;thottanjiffin@gmail.com&gt;
diff --git a/docs/api-status.json b/docs/api-status.json
@@ -2123,7 +2123,32 @@
     ]
   },
   "rgw/admin": {
-    "preview_api": [],
+    "preview_api": [
+      {
+        "name": "API.CreateAccount",
+        "comment": "CreateAccount will create a new RGW account\n",
+        "added_in_version": "$NEXT_RELEASE",
+        "expected_stable_version": "$NEXT_RELEASE_STABLE"
+      },
+      {
+        "name": "API.GetAccount",
+        "comment": "GetAccount will return the RGW account details\n",
+        "added_in_version": "$NEXT_RELEASE",
+        "expected_stable_version": "$NEXT_RELEASE_STABLE"
+      },
+      {
+        "name": "API.DeleteAccount",
+        "comment": "DeleteAccount will delete the RGW account\n",
+        "added_in_version": "$NEXT_RELEASE",
+        "expected_stable_version": "$NEXT_RELEASE_STABLE"
+      },
+      {
+        "name": "API.ModifyAccount",
+        "comment": "ModifyAccount will modify the RGW account\n",
+        "added_in_version": "$NEXT_RELEASE",
+        "expected_stable_version": "$NEXT_RELEASE_STABLE"
+      }
+    ],
     "stable_api": [
       {
         "name": "API.ListBuckets",
@@ -3011,4 +3036,4 @@
       }
     ]
   }
-}
+}
diff --git a/docs/api-status.md b/docs/api-status.md
@@ -43,7 +43,14 @@ No Preview/Deprecated APIs found. All APIs are considered stable.
 
 ## Package: rgw/admin
 
-No Preview/Deprecated APIs found. All APIs are considered stable.
+### Preview APIs
+
+Name | Added in Version | Expected Stable Version | 
+---- | ---------------- | ----------------------- | 
+API.CreateAccount | $NEXT_RELEASE | $NEXT_RELEASE_STABLE | 
+API.GetAccount | $NEXT_RELEASE | $NEXT_RELEASE_STABLE | 
+API.DeleteAccount | $NEXT_RELEASE | $NEXT_RELEASE_STABLE | 
+API.ModifyAccount | $NEXT_RELEASE | $NEXT_RELEASE_STABLE | 
 
 ## Package: common/admin/manager
 
diff --git a/micro-osd.sh b/micro-osd.sh
@@ -173,6 +173,10 @@ launch_radosgw2() {
     radosgw-admin caps add --uid=admin --caps="info=read"
 }
 
+launch_radosgw3() {
+    radosgw-admin caps add --uid=admin --caps="accounts=*"
+}
+
 selftest() {
     ceph --version
     ceph status
@@ -195,9 +199,12 @@ if [ -z "$FEATURESET" ] ; then
         pacific)
             FEATURESET="mon osd mgr mds mds2 rbd-mirror cephfs-mirror rgw selftest"
         ;;
-        *)
+        quincy|reef)
             FEATURESET="mon osd mgr mds mds2 rbd-mirror cephfs-mirror rgw rgw2 selftest"
         ;;
+        *)
+            FEATURESET="mon osd mgr mds mds2 rbd-mirror cephfs-mirror rgw rgw2 rgw3 selftest"
+        ;;
     esac
 fi
 
@@ -213,6 +220,7 @@ for fname in ${FEATURESET} ; do
         cephfs-mirror) launch_cephfs_mirror ;;
         rgw|radosgw) launch_radosgw ;;
         rgw2|radosgw2) launch_radosgw2 ;;
+        rgw3|radosgw3) launch_radosgw3 ;;
         selftest) selftest ;;
         *)
             echo "Invalid feature: ${fname}"
diff --git a/rgw/admin/account.go b/rgw/admin/account.go
@@ -0,0 +1,100 @@
+//go:build !(pacific || quincy || reef) && ceph_preview
+
+package admin
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"net/http"
+)
+
+// Account represents an RGW account
+type Account struct {
+	ID            string    `json:"id" url:"id"`
+	Name          string    `json:"name" url:"name"`
+	Email         string    `json:"email" url:"email"`
+	Tenant        string    `json:"tenant" url:"tenant"`
+	MaxUsers      *int64    `json:"max_users" url:"max-users"`
+	MaxRoles      *int64    `json:"max_roles" url:"max-roles"`
+	MaxGroups     *int64    `json:"max_groups" url:"max-groups"`
+	MaxAccessKeys *int64    `json:"max_access_keys" url:"max-access-keys"`
+	MaxBuckets    *int64    `json:"max_buckets" url:"max-buckets"`
+	Quota         QuotaSpec `json:"quota"`
+	BucketQuota   QuotaSpec `json:"bucket_quota"`
+}
+
+// CreateAccount will create a new RGW account
+// https://docs.ceph.com/en/latest/radosgw/adminops/#create-account
+func (api *API) CreateAccount(ctx context.Context, account Account) (Account, error) {
+
+	body, err := api.call(ctx, http.MethodPost, "/account", valueToURLParams(account, []string{"id", "name", "email", "tenant", "max-users", "max-roles", "max-groups", "max-access-keys", "max-buckets"}))
+	if err != nil {
+		return Account{}, err
+	}
+
+	a := Account{}
+	err = json.Unmarshal(body, &a)
+	if err != nil {
+		return Account{}, fmt.Errorf("%s. %s. %w", unmarshalError, string(body), err)
+	}
+
+	return a, nil
+}
+
+// GetAccount will return the RGW account details
+// https://docs.ceph.com/en/latest/radosgw/adminops/#get-account-info
+func (api *API) GetAccount(ctx context.Context, accountID string) (Account, error) {
+	if accountID == "" {
+		return Account{}, ErrInvalidArgument
+	}
+
+	body, err := api.call(ctx, http.MethodGet, "/account", valueToURLParams(Account{ID: accountID}, []string{"id"}))
+	if err != nil {
+		return Account{}, err
+	}
+
+	a := Account{}
+	err = json.Unmarshal(body, &a)
+	if err != nil {
+		return Account{}, fmt.Errorf("%s. %s. %w", unmarshalError, string(body), err)
+	}
+
+	return a, nil
+}
+
+// DeleteAccount will delete the RGW account
+// https://docs.ceph.com/en/latest/radosgw/adminops/#remove-account
+func (api *API) DeleteAccount(ctx context.Context, accountID string) error {
+	if accountID == "" {
+		return ErrInvalidArgument
+	}
+
+	_, err := api.call(ctx, http.MethodDelete, "/account", valueToURLParams(Account{ID: accountID}, []string{"id"}))
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// ModifyAccount will modify the RGW account
+// https://docs.ceph.com/en/latest/radosgw/adminops/#modify-account
+func (api *API) ModifyAccount(ctx context.Context, account Account) (Account, error) {
+	if account.ID == "" {
+		return Account{}, ErrInvalidArgument
+	}
+
+	body, err := api.call(ctx, http.MethodPut, "/account", valueToURLParams(account, []string{"id", "name", "email", "tenant", "max-users", "max-roles", "max-groups", "max-access-keys", "max-buckets"}))
+	if err != nil {
+		return Account{}, err
+	}
+
+	a := Account{}
+	err = json.Unmarshal(body, &a)
+	if err != nil {
+		return Account{}, fmt.Errorf("%s. %s. %w", unmarshalError, string(body), err)
+	}
+
+	return a, nil
+}
diff --git a/rgw/admin/account_test.go b/rgw/admin/account_test.go
@@ -0,0 +1,70 @@
+//go:build ceph_preview && !(pacific || quincy || reef)
+
+package admin
+
+import (
+	"context"
+	"net/http"
+	"testing"
+
+	"github.com/ceph/go-ceph/internal/util"
+	"github.com/stretchr/testify/assert"
+)
+
+func (suite *RadosGWTestSuite) TestAccount() {
+	suite.SetupConnection()
+	co, err := New(suite.endpoint, suite.accessKey, suite.secretKey, newDebugHTTPClient(http.DefaultClient))
+	assert.NoError(suite.T(), err)
+
+	suite.T().Run("successfully create account", func(_ *testing.T) {
+		account, err := co.CreateAccount(context.Background(), Account{ID: "RGW12345678901234567", Name: "test-account"})
+		assert.NoError(suite.T(), err)
+		assert.Equal(suite.T(), "RGW12345678901234567", account.ID)
+		assert.Equal(suite.T(), "test-account", account.Name)
+	})
+
+	suite.T().Run("try to create account that already exists", func(_ *testing.T) {
+		_, err := co.CreateAccount(context.Background(), Account{ID: "RGW12345678901234567", Name: "test-account"})
+		assert.ErrorIs(suite.T(), err, ErrAccountAlreadyExists)
+	})
+
+	suite.T().Run("fail to get account since no ID provided", func(_ *testing.T) {
+		_, err := co.GetAccount(context.Background(), "")
+		assert.ErrorIs(suite.T(), err, ErrInvalidArgument)
+	})
+
+	suite.T().Run("successfully get account", func(t *testing.T) {
+		if util.CurrentCephVersion() <= util.CephTentacle {
+			t.Skipf("GetAccount is not yet supported on %s", util.CurrentCephVersionString())
+		}
+		account, err := co.GetAccount(context.Background(), "RGW12345678901234567")
+		assert.NoError(t, err)
+		assert.Equal(t, "RGW12345678901234567", account.ID)
+		assert.Equal(t, "test-account", account.Name)
+	})
+
+	suite.T().Run("fail to modify account since no ID provided", func(_ *testing.T) {
+		_, err := co.ModifyAccount(context.Background(), Account{Name: "modified-account"})
+		assert.ErrorIs(suite.T(), err, ErrInvalidArgument)
+	})
+
+	suite.T().Run("successfully modify account", func(_ *testing.T) {
+		account, err := co.ModifyAccount(context.Background(), Account{ID: "RGW12345678901234567", Name: "modified-account"})
+		assert.NoError(suite.T(), err)
+		assert.Equal(suite.T(), "RGW12345678901234567", account.ID)
+		assert.Equal(suite.T(), "modified-account", account.Name)
+	})
+
+	suite.T().Run("fail to delete account since no ID provided", func(_ *testing.T) {
+		err := co.DeleteAccount(context.Background(), "")
+		assert.ErrorIs(suite.T(), err, ErrInvalidArgument)
+	})
+
+	suite.T().Run("successfully delete account", func(t *testing.T) {
+		if util.CurrentCephVersion() <= util.CephTentacle {
+			t.Skipf("DeleteAccount is not yet supported on %s", util.CurrentCephVersionString())
+		}
+		err := co.DeleteAccount(context.Background(), "RGW12345678901234567")
+		assert.NoError(t, err)
+	})
+}
diff --git a/rgw/admin/errors.go b/rgw/admin/errors.go
@@ -85,6 +85,9 @@ const (
 	// ErrSignatureDoesNotMatch - the query to the API has invalid parameters
 	ErrSignatureDoesNotMatch errorReason = "SignatureDoesNotMatch"
 
+	// ErrAccountAlreadyExists indicates that the account already exists
+	ErrAccountAlreadyExists errorReason = "AccountAlreadyExists"
+
 	unmarshalError = "failed to unmarshal radosgw http response"
 )
 
diff --git a/rgw/admin/user.go b/rgw/admin/user.go
@@ -34,6 +34,8 @@ type User struct {
 	GenerateStat        *bool          `url:"stats"`
 	Stat                UserStat       `json:"stats"`
 	UserCaps            string         `url:"user-caps"`
+	AccountID           string         `json:"account_id" url:"account-id"`
+	AccountRoot         *bool          `url:"account-root"`
 }
 
 // SubuserSpec represents a subusers of a ceph-rgw user
@@ -160,7 +162,7 @@ func (api *API) CreateUser(ctx context.Context, user User) (User, error) {
 	}
 
 	// valid parameters not supported by go-ceph: system, exclusive, placement-tags
-	body, err := api.call(ctx, http.MethodPut, "/user", valueToURLParams(user, []string{"uid", "display-name", "default-placement", "email", "key-type", "access-key", "secret-key", "user-caps", "tenant", "generate-key", "max-buckets", "suspended", "op-mask"}))
+	body, err := api.call(ctx, http.MethodPut, "/user", valueToURLParams(user, []string{"uid", "display-name", "default-placement", "email", "key-type", "access-key", "secret-key", "user-caps", "tenant", "generate-key", "max-buckets", "suspended", "op-mask", "account-id", "account-root"}))
 	if err != nil {
 		return User{}, err
 	}
@@ -196,7 +198,7 @@ func (api *API) ModifyUser(ctx context.Context, user User) (User, error) {
 	}
 
 	// valid parameters not supported by go-ceph: system, placement-tags
-	body, err := api.call(ctx, http.MethodPost, "/user", valueToURLParams(user, []string{"uid", "display-name", "default-placement", "email", "generate-key", "access-key", "secret-key", "key-type", "max-buckets", "suspended", "op-mask"}))
+	body, err := api.call(ctx, http.MethodPost, "/user", valueToURLParams(user, []string{"uid", "display-name", "default-placement", "email", "generate-key", "access-key", "secret-key", "key-type", "max-buckets", "suspended", "op-mask", "account-id", "account-root"}))
 	if err != nil {
 		return User{}, err
 	}

Original file line number	Diff line number	Diff line change
`@@ -85,6 +85,9 @@ const (`
`85`	`85`	`// ErrSignatureDoesNotMatch - the query to the API has invalid parameters`
`86`	`86`	`ErrSignatureDoesNotMatch errorReason = "SignatureDoesNotMatch"`
`87`	`87`
	`88`	`+ // ErrAccountAlreadyExists indicates that the account already exists`
	`89`	`+ ErrAccountAlreadyExists errorReason = "AccountAlreadyExists"`
	`90`	`+`
`88`	`91`	`unmarshalError = "failed to unmarshal radosgw http response"`
`89`	`92`	`)`
`90`	`93`
Original file line number	Diff line number	Diff line change
`@@ -34,6 +34,8 @@ type User struct {`
`34`	`34`	GenerateStat *bool `url:"stats"`
`35`	`35`	Stat UserStat `json:"stats"`
`36`	`36`	UserCaps string `url:"user-caps"`
	`37`	+ AccountID string `json:"account_id" url:"account-id"`
	`38`	+ AccountRoot *bool `url:"account-root"`
`37`	`39`	`}`
`38`	`40`
`39`	`41`	`// SubuserSpec represents a subusers of a ceph-rgw user`
`@@ -160,7 +162,7 @@ func (api *API) CreateUser(ctx context.Context, user User) (User, error) {`
`160`	`162`	`}`
`161`	`163`
`162`	`164`	`// valid parameters not supported by go-ceph: system, exclusive, placement-tags`
`163`		`- body, err := api.call(ctx, http.MethodPut, "/user", valueToURLParams(user, []string{"uid", "display-name", "default-placement", "email", "key-type", "access-key", "secret-key", "user-caps", "tenant", "generate-key", "max-buckets", "suspended", "op-mask"}))`
	`165`	`+ body, err := api.call(ctx, http.MethodPut, "/user", valueToURLParams(user, []string{"uid", "display-name", "default-placement", "email", "key-type", "access-key", "secret-key", "user-caps", "tenant", "generate-key", "max-buckets", "suspended", "op-mask", "account-id", "account-root"}))`
`164`	`166`	`if err != nil {`
`165`	`167`	`return User{}, err`
`166`	`168`	`}`
`@@ -196,7 +198,7 @@ func (api *API) ModifyUser(ctx context.Context, user User) (User, error) {`
`196`	`198`	`}`
`197`	`199`
`198`	`200`	`// valid parameters not supported by go-ceph: system, placement-tags`
`199`		`- body, err := api.call(ctx, http.MethodPost, "/user", valueToURLParams(user, []string{"uid", "display-name", "default-placement", "email", "generate-key", "access-key", "secret-key", "key-type", "max-buckets", "suspended", "op-mask"}))`
	`201`	`+ body, err := api.call(ctx, http.MethodPost, "/user", valueToURLParams(user, []string{"uid", "display-name", "default-placement", "email", "generate-key", "access-key", "secret-key", "key-type", "max-buckets", "suspended", "op-mask", "account-id", "account-root"}))`
`200`	`202`	`if err != nil {`
`201`	`203`	`return User{}, err`
`202`	`204`	`}`