]> git-server-git.apps.pok.os.sepia.ceph.com Git - ceph.git/commit
projects / ceph.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e3d065b) | patch
rgw/auth: pass user policies into identities
authorCasey Bodley <cbodley@redhat.com>
Mon, 4 Mar 2024 21:10:17 +0000 (16:10 -0500)
committerCasey Bodley <cbodley@redhat.com>
Fri, 12 Apr 2024 19:34:29 +0000 (15:34 -0400)
commit7668bbfe0321a9718b4c114f2aa7e2f600beec1c
tree3d43eeb1cce172c404bc52ab1db8c323e032f396tree | snapshot
parente3d065b2e4c854ee325471e929b1fcbb5d375e3fcommit | diff
rgw/auth: pass user policies into identities

loading user policies in rgw_build_bucket_policies() doesn't work for
PostObj requests because we haven't authenticated yet at that point

instead, auth engines load/parse policies when they load the user info.
policies are passed into the auth identities and applied to req_state
via modify_request_state() similar to how RoleApplier handles role
policy

this also moves the load_iam_identity_policies() into rgw_auth.cc for
use by transform_old_authinfo()

Signed-off-by: Casey Bodley <cbodley@redhat.com>
(cherry picked from commit 582970a69399d989370bb1ced6e42de724509622)
14 files changed:
src/rgw/driver/rados/rgw_data_sync.cc diff | blob | history
src/rgw/rgw_auth.cc diff | blob | history
src/rgw/rgw_auth.h diff | blob | history
src/rgw/rgw_auth_s3.h diff | blob | history
src/rgw/rgw_lib.cc diff | blob | history
src/rgw/rgw_op.cc diff | blob | history
src/rgw/rgw_op.h diff | blob | history
src/rgw/rgw_process.cc diff | blob | history
src/rgw/rgw_rest.cc diff | blob | history
src/rgw/rgw_rest_s3.cc diff | blob | history
src/rgw/rgw_rest_swift.cc diff | blob | history
src/rgw/rgw_rest_swift.h diff | blob | history
src/rgw/rgw_swift_auth.cc diff | blob | history
src/rgw/rgw_swift_auth.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.