]> git.apps.os.sepia.ceph.com Git - ceph.git/commit
projects / ceph.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5ac06fa) | patch
rgw/sts: correcting the evaluation of session policies 42632/head
authorPritha Srivastava <prsrivas@redhat.com>
Thu, 27 May 2021 13:36:44 +0000 (19:06 +0530)
committerCory Snyder <csnyder@iland.com>
Wed, 18 Aug 2021 09:29:43 +0000 (05:29 -0400)
commite9d541cb459e40697928c5ca7b65793d277298ec
tree9cf2a80b698f885e58d7964d3ac9ffa9ac9c7de1tree | snapshot
parent5ac06faf64aefc6a931ea77567b65d1951b5da1bcommit | diff
rgw/sts: correcting the evaluation of session policies
passed in with AssumeRoleWithWebIdentity.

Session Policies are used to restrict the permissions
granted by identity-based (Role's permission policy
and resource-policy (bucket policy) in some cases.

Fixes: https://tracker.ceph.com/issues/51019
Signed-off-by: Pritha Srivastava <prsrivas@redhat.com>
(cherry picked from commit bd611d451aaaba65c6c1b7a91ec4486142c90522)

Conflicts:
src/rgw/rgw_op.cc

Cherry-pick notes:
- conflict due to rgw::sal::RGWObject renaming to rgw::sal::Object after Pacific
src/rgw/rgw_auth.cc diff | blob | history
src/rgw/rgw_common.cc diff | blob | history
src/rgw/rgw_common.h diff | blob | history
src/rgw/rgw_iam_policy.cc diff | blob | history
src/rgw/rgw_iam_policy.h diff | blob | history
src/rgw/rgw_op.cc diff | blob | history
src/test/rgw/test_rgw_iam_policy.cc diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.