git.apps.os.sepia.ceph.com Git

author	Yuval Lifshitz <ylifshit@redhat.com>
	Sun, 26 Mar 2023 10:02:17 +0000 (10:02 +0000)
committer	Yuval Lifshitz <ylifshit@redhat.com>
	Mon, 27 Mar 2023 10:26:06 +0000 (10:26 +0000)
commit	e100d392a0ed4a22d8544d25299df2366e727d4c
tree	6c826b4c5523762fe66790fe619e20a21d501baa	tree \| snapshot
parent	68df405e530cc8317c62abf2bfc4458a41023b59	commit \| diff

rgw/notifications: support bucket notification with bucket policy

following policy should be used to allow any user to get, put and delete
bucket notification on a bucket called "my-bucket":
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Statement",
      "Effect": "Allow",
      "Principal": "*",
      "Action": ["s3:GetBucketNotification", "s3:PutBucketNotification"],
      "Resource": "arn:aws:s3:::my-bucket"
    }
  ]
}

note that notification deletion uses the "PUT" permission.

Fixes: https://tracker.ceph.com/issues/59136
Signed-off-by: Yuval Lifshitz <ylifshit@redhat.com>

src/rgw/rgw_rest_pubsub.cc		diff \| blob \| history
src/test/rgw/bucket_notification/test_bn.py		diff \| blob \| history