]> git.apps.os.sepia.ceph.com Git - ceph-ci.git/commit
projects / ceph-ci.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b9e0d4b) | patch
rgw: read_obj_policy() consults iam_user_policies on ENOENT
authorCasey Bodley <cbodley@redhat.com>
Tue, 6 Apr 2021 19:35:54 +0000 (15:35 -0400)
committerCasey Bodley <cbodley@redhat.com>
Wed, 7 Apr 2021 15:19:47 +0000 (11:19 -0400)
commit5dc9375fa1888242f388f8b502f445f3ddc891f7
treefaae21d9fe3f4379106216464d9641b47165abeetree | snapshot
parentb9e0d4b8b3acd91e5a139a868960dd817188d4ddcommit | diff
rgw: read_obj_policy() consults iam_user_policies on ENOENT

when the head object doesn't exist, read_obj_policy() has to decide
whether to return ENOENT or EACCES

when there's a bucket policy, we check whether it has s3ListBucket
permissions. when there's an assumed role, we also need to check
against the role's policies in s->iam_user_policies

Fixes: https://tracker.ceph.com/issues/49780
Signed-off-by: Casey Bodley <cbodley@redhat.com>
src/rgw/rgw_op.cc diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.