diff --git a/include/irods/private/storage_tiering/exec_as_user.hpp b/include/irods/private/storage_tiering/exec_as_user.hpp deleted file mode 100644 index a7ca742..0000000 --- a/include/irods/private/storage_tiering/exec_as_user.hpp +++ /dev/null @@ -1,41 +0,0 @@ -#ifndef IRODS_CAPABILITY_STORAGE_TIERING_EXEC_AS_USER_HPP -#define IRODS_CAPABILITY_STORAGE_TIERING_EXEC_AS_USER_HPP - -#include -#include -#include - -namespace irods { - template - int exec_as_user(rcComm_t* _comm, const std::string& _user_name, const std::string& _user_zone, Function _func) - { - auto& user = _comm->clientUser; - - // need to be able to have a rodsuser/rodsuser 'switch hats' - //if (user.authInfo.authFlag < LOCAL_PRIV_USER_AUTH) { - // THROW(CAT_INSUFFICIENT_PRIVILEGE_LEVEL, "Cannot switch user"); - //} - - const std::string old_user_name = user.userName; - const std::string old_user_zone = user.rodsZone; - - rstrcpy(user.userName, _user_name.data(), NAME_LEN); - rstrcpy(user.rodsZone, _user_zone.data(), NAME_LEN); - - rodsLog( - LOG_DEBUG, - "Executing as user [%s] fom zone [%s]", - user.userName, - user.rodsZone); - - irods::at_scope_exit> at_scope_exit{[&user, &old_user_name, &old_user_zone] { - rstrcpy(user.userName, old_user_name.c_str(), MAX_NAME_LEN); - rstrcpy(user.rodsZone, old_user_zone.c_str(), MAX_NAME_LEN); - }}; - - return _func(_comm); - } // exec_as_user - -} // namespace irods - -#endif // IRODS_CAPABILITY_STORAGE_TIERING_EXEC_AS_USER_HPP diff --git a/include/irods/private/storage_tiering/proxy_connection.hpp b/include/irods/private/storage_tiering/proxy_connection.hpp deleted file mode 100644 index 4ccba69..0000000 --- a/include/irods/private/storage_tiering/proxy_connection.hpp +++ /dev/null @@ -1,71 +0,0 @@ -#ifndef IRODS_STORAGE_TIERING_PROXY_CONNECTION_HPP -#define IRODS_STORAGE_TIERING_PROXY_CONNECTION_HPP - -#include - -namespace irods { - - struct proxy_connection { - rErrMsg_t err_msg; - rcComm_t* conn; - - // Makes a proxy connection where the client is specified by the username in the parameters, and the proxy user - // is the service account rodsadmin for the local server. - auto make(const std::string& clientUser, const std::string& clientZone) -> rcComm_t* - { - rodsEnv env{}; - _getRodsEnv(env); - - // TODO(#296): Handle any errors which occur in _rcConnect or clientLogin. - conn = _rcConnect(env.rodsHost, - env.rodsPort, - env.rodsUserName, - env.rodsZone, - clientUser.c_str(), - clientZone.c_str(), - &err_msg, - 0, - 0); - - clientLogin(conn); - - return conn; - } // make - - // Makes a proxy connection where both the proxy and client users are the service account rodsadmin for the - // local server. - auto make_rodsadmin_connection() -> RcComm* - { - rodsEnv env{}; - _getRodsEnv(env); - - // TODO(#296): Handle any errors which occur in _rcConnect or clientLogin. - conn = _rcConnect(env.rodsHost, - env.rodsPort, - env.rodsUserName, - env.rodsZone, - env.rodsUserName, - env.rodsZone, - &err_msg, - 0, - 0); - - clientLogin(conn); - - // Set the authFlag because auth plugin does not set it and the storage tiering plugin needs to know whether - // the client connection is privileged. This proxy connection uses the local client environment which should - // be the iRODS service account, a rodsadmin. If the local client environment is not a rodsadmin, the plugin - // will not function properly because it uses the ADMIN_KW and the server does not allow non-rodsadmins to - // use the ADMIN_KW. - conn->clientUser.authInfo.authFlag = LOCAL_PRIV_USER_AUTH; - - return conn; - } // make_rodsadmin_connection - - ~proxy_connection() { rcDisconnect(conn); } - }; // proxy_connection - -} - - -#endif // IRODS_STORAGE_TIERING_PROXY_CONNECTION_HPP diff --git a/src/main.cpp b/src/main.cpp index 993f0a1..1fb3a40 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -5,8 +5,8 @@ #include #include "irods/private/storage_tiering/utilities.hpp" #include -#include "irods/private/storage_tiering/proxy_connection.hpp" +#include #include #include #include @@ -129,9 +129,7 @@ namespace { addKeyVal(&data_obj_inp.condInput, RESC_NAME_KW, _source_resource.c_str()); addKeyVal(&data_obj_inp.condInput, DEST_RESC_NAME_KW, _destination_resource.c_str()); - if(_comm->clientUser.authInfo.authFlag >= LOCAL_PRIV_USER_AUTH) { - addKeyVal(&data_obj_inp.condInput, ADMIN_KW, ""); - } + addKeyVal(&data_obj_inp.condInput, ADMIN_KW, ""); transferStat_t* trans_stat{}; const auto repl_err = rcDataObjRepl(_comm, &data_obj_inp); @@ -168,9 +166,7 @@ namespace { &obj_inp.condInput, COPIES_KW, "1"); - if(_comm->clientUser.authInfo.authFlag >= LOCAL_PRIV_USER_AUTH) { - addKeyVal(&obj_inp.condInput, ADMIN_KW, ""); - } + addKeyVal(&obj_inp.condInput, ADMIN_KW, ""); const auto trim_err = rcDataObjTrim(_comm, &obj_inp); if(trim_err < 0) { @@ -197,12 +193,10 @@ namespace { ""}; const auto free_cond_input = irods::at_scope_exit{[&avuOp] { clearKeyVal(&avuOp.condInput); }}; - if (_comm->clientUser.authInfo.authFlag >= LOCAL_PRIV_USER_AUTH) { - addKeyVal(&avuOp.condInput, ADMIN_KW, ""); - } + addKeyVal(&avuOp.condInput, ADMIN_KW, ""); auto status = rcModAVUMetadata(_comm, &avuOp); - if(status < 0) { + if (status < 0) { const auto msg = fmt::format("{}: failed to set access time for [{}]", __func__, _logical_path); log_re::error(msg); THROW(status, msg); @@ -242,10 +236,10 @@ namespace { const std::string& _object_path, const std::string& _collection_type, const std::string& _attribute) { - auto proxy_conn = irods::proxy_connection(); - rcComm_t* comm = proxy_conn.make_rodsadmin_connection(); + irods::experimental::client_connection conn; + RcComm& comm = static_cast(conn); if(_collection_type.size() == 0) { - update_access_time_for_data_object(comm, _object_path, _attribute); + update_access_time_for_data_object(&comm, _object_path, _attribute); } else { // register a collection @@ -255,7 +249,7 @@ namespace { coll_inp.collName, _object_path.c_str(), MAX_NAME_LEN); - int handle = rcOpenCollection(comm, &coll_inp); + int handle = rcOpenCollection(&comm, &coll_inp); if(handle < 0) { THROW( handle, @@ -263,7 +257,7 @@ namespace { _object_path); } - apply_access_time_to_collection(comm, handle, _attribute); + apply_access_time_to_collection(&comm, handle, _attribute); } } // set_access_time_metadata @@ -439,16 +433,13 @@ namespace { parser.set_string(source_hier); parser.first_resc(source_resource); - auto proxy_conn = irods::proxy_connection(); - rcComm_t* comm = proxy_conn.make_rodsadmin_connection(); + irods::experimental::client_connection conn; + RcComm& comm = static_cast(conn); - irods::storage_tiering st{comm, _rei, plugin_instance_name}; + irods::storage_tiering st{&comm, _rei, plugin_instance_name}; st.migrate_object_to_minimum_restage_tier( - object_path, - _rei->rsComm->clientUser.userName, - _rei->rsComm->clientUser.rodsZone, - source_resource); + object_path, _rei->rsComm->clientUser.userName, _rei->rsComm->clientUser.rodsZone, source_resource); } else if("pep_api_data_obj_open_post" == _rn || "pep_api_data_obj_create_post" == _rn) { @@ -488,15 +479,14 @@ namespace { if(opened_objects.find(l1_idx) != opened_objects.end()) { auto [object_path, resource_name] = opened_objects[l1_idx]; - auto proxy_conn = irods::proxy_connection(); - rcComm_t* comm = proxy_conn.make_rodsadmin_connection(); + irods::experimental::client_connection conn; + RcComm& comm = static_cast(conn); - irods::storage_tiering st{comm, _rei, plugin_instance_name}; - st.migrate_object_to_minimum_restage_tier( - object_path, - _rei->rsComm->clientUser.userName, - _rei->rsComm->clientUser.rodsZone, - resource_name); + irods::storage_tiering st{&comm, _rei, plugin_instance_name}; + st.migrate_object_to_minimum_restage_tier(object_path, + _rei->rsComm->clientUser.userName, + _rei->rsComm->clientUser.rodsZone, + resource_name); } } } @@ -675,13 +665,11 @@ irods::error exec_rule_text( delay_obj["rule-engine-operation"] = irods::storage_tiering::policy::storage_tiering; delay_obj["storage-tier-groups"] = rule_obj["storage-tier-groups"]; - auto proxy_conn = irods::proxy_connection(); - rcComm_t* comm = proxy_conn.make_rodsadmin_connection(); + irods::experimental::client_connection conn; + RcComm& comm = static_cast(conn); - irods::storage_tiering st{comm, rei, plugin_instance_name}; - st.schedule_storage_tiering_policy( - delay_obj.dump(), - params); + irods::storage_tiering st{&comm, rei, plugin_instance_name}; + st.schedule_storage_tiering_policy(delay_obj.dump(), params); } else { return ERROR( @@ -735,10 +723,10 @@ irods::error exec_rule_expression( if(rule_obj.contains("rule-engine-operation") && irods::storage_tiering::policy::storage_tiering == rule_obj.at("rule-engine-operation")) { try { - auto proxy_conn = irods::proxy_connection(); - rcComm_t* comm = proxy_conn.make_rodsadmin_connection(); + irods::experimental::client_connection conn; + RcComm& comm = static_cast(conn); - irods::storage_tiering st{comm, rei, plugin_instance_name}; + irods::storage_tiering st{&comm, rei, plugin_instance_name}; for(const auto& group : rule_obj["storage-tier-groups"]) { st.apply_policy_for_tier_group(group); } @@ -759,11 +747,11 @@ irods::error exec_rule_expression( const std::string& user_zone = rule_obj["user-zone"]; auto& pin = plugin_instance_name; - auto proxy_conn = irods::proxy_connection(); - rcComm_t* comm = proxy_conn.make_rodsadmin_connection(); + irods::experimental::client_connection conn; + RcComm& comm = static_cast(conn); // TODO(#297): Use get or get_ref for these parameters. - auto status = apply_data_movement_policy(comm, + auto status = apply_data_movement_policy(&comm, plugin_instance_name, rule_obj["object-path"], rule_obj["user-name"], @@ -774,7 +762,7 @@ irods::error exec_rule_expression( rule_obj["preserve-replicas"], rule_obj["verification-type"]); - irods::storage_tiering st{comm, rei, plugin_instance_name}; + irods::storage_tiering st{&comm, rei, plugin_instance_name}; // TODO(#297): Use get or get_ref for these parameters. status = apply_tier_group_metadata_policy(st, rule_obj["group-name"], @@ -791,7 +779,6 @@ irods::error exec_rule_expression( _e.code(), _e.what()); } - } else { return CODE(RULE_ENGINE_CONTINUE); diff --git a/src/storage_tiering.cpp b/src/storage_tiering.cpp index 6e83037..2555c5e 100644 --- a/src/storage_tiering.cpp +++ b/src/storage_tiering.cpp @@ -11,8 +11,8 @@ #include #include #include -#include "irods/private/storage_tiering/proxy_connection.hpp" +#include #include #include #include @@ -635,31 +635,27 @@ namespace irods { object_is_processed[object_path] = 1; } - auto proxy_conn = irods::proxy_connection(); - rcComm_t* comm = proxy_conn.make_rodsadmin_connection(); + irods::experimental::client_connection conn; + RcComm& comm = static_cast(conn); if(preserve_replicas) { - if(skip_object_in_lower_tier( - comm, - object_path, - _partial_list)) { + if (skip_object_in_lower_tier(&comm, object_path, _partial_list)) { return; } } - queue_data_movement( - comm, - config_.instance_name, - _group_name, - object_path, - _results[2], - _results[3], - _results[4], - _source_resource, - _destination_resource, - get_verification_for_resc(comm, _destination_resource), - get_preserve_replicas_for_resc(comm, _source_resource), - get_data_movement_parameters_for_resource(comm, _source_resource)); + queue_data_movement(&comm, + config_.instance_name, + _group_name, + object_path, + _results[2], + _results[3], + _results[4], + _source_resource, + _destination_resource, + get_verification_for_resc(&comm, _destination_resource), + get_preserve_replicas_for_resc(&comm, _source_resource), + get_data_movement_parameters_for_resource(&comm, _source_resource)); }; // job @@ -989,9 +985,7 @@ namespace irods { const_cast(access_time.c_str()), const_cast(config_.migration_scheduled_flag.c_str())}; - if (_comm->clientUser.authInfo.authFlag >= LOCAL_PRIV_USER_AUTH) { - addKeyVal(&set_op.condInput, ADMIN_KW, ""); - } + addKeyVal(&set_op.condInput, ADMIN_KW, ""); if (const auto ec = rcModAVUMetadata(_comm, &set_op); ec < 0) { const auto msg = fmt::format("{}: failed to set migration scheduled flag for [{}]", __func__, _object_path); @@ -1017,9 +1011,7 @@ namespace irods { const_cast(access_time.c_str()), nullptr}; - if (_comm->clientUser.authInfo.authFlag >= LOCAL_PRIV_USER_AUTH) { - addKeyVal(&set_op.condInput, ADMIN_KW, ""); - } + addKeyVal(&set_op.condInput, ADMIN_KW, ""); if (const auto ec = rcModAVUMetadata(_comm, &set_op); ec < 0) { const auto msg = @@ -1078,9 +1070,7 @@ namespace irods { const_cast(_group_name.c_str()), const_cast(destination_replica_number.c_str())}; - if (comm_->clientUser.authInfo.authFlag >= LOCAL_PRIV_USER_AUTH) { - addKeyVal(&set_op.condInput, ADMIN_KW, ""); - } + addKeyVal(&set_op.condInput, ADMIN_KW, ""); auto status = rcModAVUMetadata(comm_, &set_op); if (status < 0) {