From 885a78dcd40cab7822cca06e6843b9f43dd5d00e Mon Sep 17 00:00:00 2001 From: Alan King Date: Fri, 17 Jan 2025 15:41:03 -0500 Subject: [PATCH] [#296] Replace proxy_connection with client_connection The proxy_connections used by this plugin are equivalent to using the irods::experimental::client_connection provided by the iRODS client library except for modifying the authFlag. Seeing as everything is done by client connections as admins in the plugin now, the authFlag doesn't matter as much anymore. As such, all instances of proxy_connection can be replaced and the whole header file has been removed. Also removes the unused exec_as_user header file. --- .../private/storage_tiering/exec_as_user.hpp | 41 ---------- .../storage_tiering/proxy_connection.hpp | 71 ----------------- src/main.cpp | 77 ++++++++----------- src/storage_tiering.cpp | 48 +++++------- 4 files changed, 51 insertions(+), 186 deletions(-) delete mode 100644 include/irods/private/storage_tiering/exec_as_user.hpp delete mode 100644 include/irods/private/storage_tiering/proxy_connection.hpp diff --git a/include/irods/private/storage_tiering/exec_as_user.hpp b/include/irods/private/storage_tiering/exec_as_user.hpp deleted file mode 100644 index a7ca742..0000000 --- a/include/irods/private/storage_tiering/exec_as_user.hpp +++ /dev/null @@ -1,41 +0,0 @@ -#ifndef IRODS_CAPABILITY_STORAGE_TIERING_EXEC_AS_USER_HPP -#define IRODS_CAPABILITY_STORAGE_TIERING_EXEC_AS_USER_HPP - -#include -#include -#include - -namespace irods { - template - int exec_as_user(rcComm_t* _comm, const std::string& _user_name, const std::string& _user_zone, Function _func) - { - auto& user = _comm->clientUser; - - // need to be able to have a rodsuser/rodsuser 'switch hats' - //if (user.authInfo.authFlag < LOCAL_PRIV_USER_AUTH) { - // THROW(CAT_INSUFFICIENT_PRIVILEGE_LEVEL, "Cannot switch user"); - //} - - const std::string old_user_name = user.userName; - const std::string old_user_zone = user.rodsZone; - - rstrcpy(user.userName, _user_name.data(), NAME_LEN); - rstrcpy(user.rodsZone, _user_zone.data(), NAME_LEN); - - rodsLog( - LOG_DEBUG, - "Executing as user [%s] fom zone [%s]", - user.userName, - user.rodsZone); - - irods::at_scope_exit> at_scope_exit{[&user, &old_user_name, &old_user_zone] { - rstrcpy(user.userName, old_user_name.c_str(), MAX_NAME_LEN); - rstrcpy(user.rodsZone, old_user_zone.c_str(), MAX_NAME_LEN); - }}; - - return _func(_comm); - } // exec_as_user - -} // namespace irods - -#endif // IRODS_CAPABILITY_STORAGE_TIERING_EXEC_AS_USER_HPP diff --git a/include/irods/private/storage_tiering/proxy_connection.hpp b/include/irods/private/storage_tiering/proxy_connection.hpp deleted file mode 100644 index 4ccba69..0000000 --- a/include/irods/private/storage_tiering/proxy_connection.hpp +++ /dev/null @@ -1,71 +0,0 @@ -#ifndef IRODS_STORAGE_TIERING_PROXY_CONNECTION_HPP -#define IRODS_STORAGE_TIERING_PROXY_CONNECTION_HPP - -#include - -namespace irods { - - struct proxy_connection { - rErrMsg_t err_msg; - rcComm_t* conn; - - // Makes a proxy connection where the client is specified by the username in the parameters, and the proxy user - // is the service account rodsadmin for the local server. - auto make(const std::string& clientUser, const std::string& clientZone) -> rcComm_t* - { - rodsEnv env{}; - _getRodsEnv(env); - - // TODO(#296): Handle any errors which occur in _rcConnect or clientLogin. - conn = _rcConnect(env.rodsHost, - env.rodsPort, - env.rodsUserName, - env.rodsZone, - clientUser.c_str(), - clientZone.c_str(), - &err_msg, - 0, - 0); - - clientLogin(conn); - - return conn; - } // make - - // Makes a proxy connection where both the proxy and client users are the service account rodsadmin for the - // local server. - auto make_rodsadmin_connection() -> RcComm* - { - rodsEnv env{}; - _getRodsEnv(env); - - // TODO(#296): Handle any errors which occur in _rcConnect or clientLogin. - conn = _rcConnect(env.rodsHost, - env.rodsPort, - env.rodsUserName, - env.rodsZone, - env.rodsUserName, - env.rodsZone, - &err_msg, - 0, - 0); - - clientLogin(conn); - - // Set the authFlag because auth plugin does not set it and the storage tiering plugin needs to know whether - // the client connection is privileged. This proxy connection uses the local client environment which should - // be the iRODS service account, a rodsadmin. If the local client environment is not a rodsadmin, the plugin - // will not function properly because it uses the ADMIN_KW and the server does not allow non-rodsadmins to - // use the ADMIN_KW. - conn->clientUser.authInfo.authFlag = LOCAL_PRIV_USER_AUTH; - - return conn; - } // make_rodsadmin_connection - - ~proxy_connection() { rcDisconnect(conn); } - }; // proxy_connection - -} - - -#endif // IRODS_STORAGE_TIERING_PROXY_CONNECTION_HPP diff --git a/src/main.cpp b/src/main.cpp index 993f0a1..1fb3a40 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -5,8 +5,8 @@ #include #include "irods/private/storage_tiering/utilities.hpp" #include -#include "irods/private/storage_tiering/proxy_connection.hpp" +#include #include #include #include @@ -129,9 +129,7 @@ namespace { addKeyVal(&data_obj_inp.condInput, RESC_NAME_KW, _source_resource.c_str()); addKeyVal(&data_obj_inp.condInput, DEST_RESC_NAME_KW, _destination_resource.c_str()); - if(_comm->clientUser.authInfo.authFlag >= LOCAL_PRIV_USER_AUTH) { - addKeyVal(&data_obj_inp.condInput, ADMIN_KW, ""); - } + addKeyVal(&data_obj_inp.condInput, ADMIN_KW, ""); transferStat_t* trans_stat{}; const auto repl_err = rcDataObjRepl(_comm, &data_obj_inp); @@ -168,9 +166,7 @@ namespace { &obj_inp.condInput, COPIES_KW, "1"); - if(_comm->clientUser.authInfo.authFlag >= LOCAL_PRIV_USER_AUTH) { - addKeyVal(&obj_inp.condInput, ADMIN_KW, ""); - } + addKeyVal(&obj_inp.condInput, ADMIN_KW, ""); const auto trim_err = rcDataObjTrim(_comm, &obj_inp); if(trim_err < 0) { @@ -197,12 +193,10 @@ namespace { ""}; const auto free_cond_input = irods::at_scope_exit{[&avuOp] { clearKeyVal(&avuOp.condInput); }}; - if (_comm->clientUser.authInfo.authFlag >= LOCAL_PRIV_USER_AUTH) { - addKeyVal(&avuOp.condInput, ADMIN_KW, ""); - } + addKeyVal(&avuOp.condInput, ADMIN_KW, ""); auto status = rcModAVUMetadata(_comm, &avuOp); - if(status < 0) { + if (status < 0) { const auto msg = fmt::format("{}: failed to set access time for [{}]", __func__, _logical_path); log_re::error(msg); THROW(status, msg); @@ -242,10 +236,10 @@ namespace { const std::string& _object_path, const std::string& _collection_type, const std::string& _attribute) { - auto proxy_conn = irods::proxy_connection(); - rcComm_t* comm = proxy_conn.make_rodsadmin_connection(); + irods::experimental::client_connection conn; + RcComm& comm = static_cast(conn); if(_collection_type.size() == 0) { - update_access_time_for_data_object(comm, _object_path, _attribute); + update_access_time_for_data_object(&comm, _object_path, _attribute); } else { // register a collection @@ -255,7 +249,7 @@ namespace { coll_inp.collName, _object_path.c_str(), MAX_NAME_LEN); - int handle = rcOpenCollection(comm, &coll_inp); + int handle = rcOpenCollection(&comm, &coll_inp); if(handle < 0) { THROW( handle, @@ -263,7 +257,7 @@ namespace { _object_path); } - apply_access_time_to_collection(comm, handle, _attribute); + apply_access_time_to_collection(&comm, handle, _attribute); } } // set_access_time_metadata @@ -439,16 +433,13 @@ namespace { parser.set_string(source_hier); parser.first_resc(source_resource); - auto proxy_conn = irods::proxy_connection(); - rcComm_t* comm = proxy_conn.make_rodsadmin_connection(); + irods::experimental::client_connection conn; + RcComm& comm = static_cast(conn); - irods::storage_tiering st{comm, _rei, plugin_instance_name}; + irods::storage_tiering st{&comm, _rei, plugin_instance_name}; st.migrate_object_to_minimum_restage_tier( - object_path, - _rei->rsComm->clientUser.userName, - _rei->rsComm->clientUser.rodsZone, - source_resource); + object_path, _rei->rsComm->clientUser.userName, _rei->rsComm->clientUser.rodsZone, source_resource); } else if("pep_api_data_obj_open_post" == _rn || "pep_api_data_obj_create_post" == _rn) { @@ -488,15 +479,14 @@ namespace { if(opened_objects.find(l1_idx) != opened_objects.end()) { auto [object_path, resource_name] = opened_objects[l1_idx]; - auto proxy_conn = irods::proxy_connection(); - rcComm_t* comm = proxy_conn.make_rodsadmin_connection(); + irods::experimental::client_connection conn; + RcComm& comm = static_cast(conn); - irods::storage_tiering st{comm, _rei, plugin_instance_name}; - st.migrate_object_to_minimum_restage_tier( - object_path, - _rei->rsComm->clientUser.userName, - _rei->rsComm->clientUser.rodsZone, - resource_name); + irods::storage_tiering st{&comm, _rei, plugin_instance_name}; + st.migrate_object_to_minimum_restage_tier(object_path, + _rei->rsComm->clientUser.userName, + _rei->rsComm->clientUser.rodsZone, + resource_name); } } } @@ -675,13 +665,11 @@ irods::error exec_rule_text( delay_obj["rule-engine-operation"] = irods::storage_tiering::policy::storage_tiering; delay_obj["storage-tier-groups"] = rule_obj["storage-tier-groups"]; - auto proxy_conn = irods::proxy_connection(); - rcComm_t* comm = proxy_conn.make_rodsadmin_connection(); + irods::experimental::client_connection conn; + RcComm& comm = static_cast(conn); - irods::storage_tiering st{comm, rei, plugin_instance_name}; - st.schedule_storage_tiering_policy( - delay_obj.dump(), - params); + irods::storage_tiering st{&comm, rei, plugin_instance_name}; + st.schedule_storage_tiering_policy(delay_obj.dump(), params); } else { return ERROR( @@ -735,10 +723,10 @@ irods::error exec_rule_expression( if(rule_obj.contains("rule-engine-operation") && irods::storage_tiering::policy::storage_tiering == rule_obj.at("rule-engine-operation")) { try { - auto proxy_conn = irods::proxy_connection(); - rcComm_t* comm = proxy_conn.make_rodsadmin_connection(); + irods::experimental::client_connection conn; + RcComm& comm = static_cast(conn); - irods::storage_tiering st{comm, rei, plugin_instance_name}; + irods::storage_tiering st{&comm, rei, plugin_instance_name}; for(const auto& group : rule_obj["storage-tier-groups"]) { st.apply_policy_for_tier_group(group); } @@ -759,11 +747,11 @@ irods::error exec_rule_expression( const std::string& user_zone = rule_obj["user-zone"]; auto& pin = plugin_instance_name; - auto proxy_conn = irods::proxy_connection(); - rcComm_t* comm = proxy_conn.make_rodsadmin_connection(); + irods::experimental::client_connection conn; + RcComm& comm = static_cast(conn); // TODO(#297): Use get or get_ref for these parameters. - auto status = apply_data_movement_policy(comm, + auto status = apply_data_movement_policy(&comm, plugin_instance_name, rule_obj["object-path"], rule_obj["user-name"], @@ -774,7 +762,7 @@ irods::error exec_rule_expression( rule_obj["preserve-replicas"], rule_obj["verification-type"]); - irods::storage_tiering st{comm, rei, plugin_instance_name}; + irods::storage_tiering st{&comm, rei, plugin_instance_name}; // TODO(#297): Use get or get_ref for these parameters. status = apply_tier_group_metadata_policy(st, rule_obj["group-name"], @@ -791,7 +779,6 @@ irods::error exec_rule_expression( _e.code(), _e.what()); } - } else { return CODE(RULE_ENGINE_CONTINUE); diff --git a/src/storage_tiering.cpp b/src/storage_tiering.cpp index 6e83037..2555c5e 100644 --- a/src/storage_tiering.cpp +++ b/src/storage_tiering.cpp @@ -11,8 +11,8 @@ #include #include #include -#include "irods/private/storage_tiering/proxy_connection.hpp" +#include #include #include #include @@ -635,31 +635,27 @@ namespace irods { object_is_processed[object_path] = 1; } - auto proxy_conn = irods::proxy_connection(); - rcComm_t* comm = proxy_conn.make_rodsadmin_connection(); + irods::experimental::client_connection conn; + RcComm& comm = static_cast(conn); if(preserve_replicas) { - if(skip_object_in_lower_tier( - comm, - object_path, - _partial_list)) { + if (skip_object_in_lower_tier(&comm, object_path, _partial_list)) { return; } } - queue_data_movement( - comm, - config_.instance_name, - _group_name, - object_path, - _results[2], - _results[3], - _results[4], - _source_resource, - _destination_resource, - get_verification_for_resc(comm, _destination_resource), - get_preserve_replicas_for_resc(comm, _source_resource), - get_data_movement_parameters_for_resource(comm, _source_resource)); + queue_data_movement(&comm, + config_.instance_name, + _group_name, + object_path, + _results[2], + _results[3], + _results[4], + _source_resource, + _destination_resource, + get_verification_for_resc(&comm, _destination_resource), + get_preserve_replicas_for_resc(&comm, _source_resource), + get_data_movement_parameters_for_resource(&comm, _source_resource)); }; // job @@ -989,9 +985,7 @@ namespace irods { const_cast(access_time.c_str()), const_cast(config_.migration_scheduled_flag.c_str())}; - if (_comm->clientUser.authInfo.authFlag >= LOCAL_PRIV_USER_AUTH) { - addKeyVal(&set_op.condInput, ADMIN_KW, ""); - } + addKeyVal(&set_op.condInput, ADMIN_KW, ""); if (const auto ec = rcModAVUMetadata(_comm, &set_op); ec < 0) { const auto msg = fmt::format("{}: failed to set migration scheduled flag for [{}]", __func__, _object_path); @@ -1017,9 +1011,7 @@ namespace irods { const_cast(access_time.c_str()), nullptr}; - if (_comm->clientUser.authInfo.authFlag >= LOCAL_PRIV_USER_AUTH) { - addKeyVal(&set_op.condInput, ADMIN_KW, ""); - } + addKeyVal(&set_op.condInput, ADMIN_KW, ""); if (const auto ec = rcModAVUMetadata(_comm, &set_op); ec < 0) { const auto msg = @@ -1078,9 +1070,7 @@ namespace irods { const_cast(_group_name.c_str()), const_cast(destination_replica_number.c_str())}; - if (comm_->clientUser.authInfo.authFlag >= LOCAL_PRIV_USER_AUTH) { - addKeyVal(&set_op.condInput, ADMIN_KW, ""); - } + addKeyVal(&set_op.condInput, ADMIN_KW, ""); auto status = rcModAVUMetadata(comm_, &set_op); if (status < 0) {