]> git-server-git.apps.pok.os.sepia.ceph.com Git - ceph.git/commit
projects / ceph.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b689838) | patch
rgw/sts: adding code for aws:RequestTags as part
authorPritha Srivastava <prsrivas@redhat.com>
Thu, 4 Mar 2021 08:57:46 +0000 (14:27 +0530)
committerPritha Srivastava <prsrivas@redhat.com>
Thu, 18 Aug 2022 07:40:36 +0000 (13:10 +0530)
commit7f512db7ee2093ffd5a2723cec1ffcfe2b1761ed
tree13c3440dc9be29513d429022e32d88c7821a0f50tree | snapshot
parentb689838fbeeaf8302fe4a3ae93ada5e2659b4863commit | diff
rgw/sts: adding code for aws:RequestTags as part
of session tags implementation.

Session Tags can be passed in the web token in
AssumeRoleWithWebIdentity call by configuring
them in the IDP. These tags can be used as Conditions
in the trust policy of a role as aws:RequestTag, based
on which a federated user is allowed to assume a role.
The trust policy should have a statement for 'sts:TagSession'
alongwith 'sts:AssumeRoleWithWebIdentity' in case principal
tags are passed in the web token.

Signed-off-by: Pritha Srivastava <prsrivas@redhat.com>
(cherry picked from commit f05184bd73d5e123f2ff699a24ba9cf32ea7a668)
src/rgw/rgw_auth.cc diff | blob | history
src/rgw/rgw_auth.h diff | blob | history
src/rgw/rgw_common.h diff | blob | history
src/rgw/rgw_iam_policy.cc diff | blob | history
src/rgw/rgw_iam_policy.h diff | blob | history
src/rgw/rgw_rest_sts.cc diff | blob | history
src/rgw/rgw_rest_sts.h diff | blob | history
src/rgw/rgw_web_idp.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.