]> git-server-git.apps.pok.os.sepia.ceph.com Git - ceph.git/commit
projects / ceph.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 78f13d6) | patch
rgw/sts: adding code for aws:RequestTags as part
authorPritha Srivastava <prsrivas@redhat.com>
Thu, 4 Mar 2021 08:57:46 +0000 (14:27 +0530)
committerPritha Srivastava <prsrivas@redhat.com>
Wed, 1 Sep 2021 10:26:17 +0000 (15:56 +0530)
commitf05184bd73d5e123f2ff699a24ba9cf32ea7a668
treebfd9687d3d9692c9eeb2784c385602063f8c9fdetree | snapshot
parent78f13d6de19f0260fe47d1d8e97b5e8f47bf1184commit | diff
rgw/sts: adding code for aws:RequestTags as part
of session tags implementation.

Session Tags can be passed in the web token in
AssumeRoleWithWebIdentity call by configuring
them in the IDP. These tags can be used as Conditions
in the trust policy of a role as aws:RequestTag, based
on which a federated user is allowed to assume a role.
The trust policy should have a statement for 'sts:TagSession'
alongwith 'sts:AssumeRoleWithWebIdentity' in case principal
tags are passed in the web token.

Signed-off-by: Pritha Srivastava <prsrivas@redhat.com>
src/rgw/rgw_auth.cc diff | blob | history
src/rgw/rgw_auth.h diff | blob | history
src/rgw/rgw_common.h diff | blob | history
src/rgw/rgw_iam_policy.cc diff | blob | history
src/rgw/rgw_iam_policy.h diff | blob | history
src/rgw/rgw_rest_sts.cc diff | blob | history
src/rgw/rgw_rest_sts.h diff | blob | history
src/rgw/rgw_web_idp.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.