rgw/auth: rgw_common.h exposes evaluate_iam_policies()

author Casey Bodley <cbodley@redhat.com>

Sat, 9 Mar 2024 16:05:10 +0000 (11:05 -0500)

committer Casey Bodley <cbodley@redhat.com>

Fri, 12 Apr 2024 19:34:30 +0000 (15:34 -0400)
author Casey Bodley <cbodley@redhat.com>
Sat, 9 Mar 2024 16:05:10 +0000 (11:05 -0500)
committer Casey Bodley <cbodley@redhat.com>
Fri, 12 Apr 2024 19:34:30 +0000 (15:34 -0400)
diff --git a/src/rgw/rgw_common.cc b/src/rgw/rgw_common.cc

index 7786056199aeec26c819eca9a251741c0ef63e78..6e20c2b145c026eee92497578a96f19e1cbe8332 100644 (file)
--- a/src/rgw/rgw_common.cc
+++ b/src/rgw/rgw_common.cc
@@ -1150,6 +1150,8 @@ Effect eval_identity_or_session_policies(const DoutPrefixProvider* dpp,
    return policy_res;
  }
  
+} // anonymous namespace
+
  // determine whether a request is allowed or denied within an account
  Effect evaluate_iam_policies(
      const DoutPrefixProvider* dpp,
@@ -1231,8 +1233,6 @@ Effect evaluate_iam_policies(
    return Effect::Pass;
  }
  
-} // anonymous namespace
-
  bool verify_user_permission(const DoutPrefixProvider* dpp,
                              perm_state_base * const s,
                              const RGWAccessControlPolicy& user_acl,
diff --git a/src/rgw/rgw_common.h b/src/rgw/rgw_common.h

index 6b3e350bae02e8c1f30c0b617a53e67fd31764a7..296e808e0bac8dcbc8c3eb77de709fad38baac1c 100644 (file)
--- a/src/rgw/rgw_common.h
+++ b/src/rgw/rgw_common.h
@@ -1761,6 +1761,16 @@ bool verify_object_permission_no_policy(const DoutPrefixProvider* dpp,
                                         const RGWAccessControlPolicy& object_acl,
                                         const int perm);
  
+// determine whether a request is allowed or denied within an account
+rgw::IAM::Effect evaluate_iam_policies(
+    const DoutPrefixProvider* dpp,
+    const rgw::IAM::Environment& env,
+    const rgw::auth::Identity& identity,
+    bool account_root, uint64_t op, const rgw::ARN& arn,
+    const boost::optional<rgw::IAM::Policy>& resource_policy,
+    const std::vector<rgw::IAM::Policy>& identity_policies,
+    const std::vector<rgw::IAM::Policy>& session_policies);
+
  bool verify_user_permission(const DoutPrefixProvider* dpp,
                              req_state * const s,
                              const RGWAccessControlPolicy& user_acl,
author	Casey Bodley <cbodley@redhat.com>
	Sat, 9 Mar 2024 16:05:10 +0000 (11:05 -0500)
committer	Casey Bodley <cbodley@redhat.com>
	Fri, 12 Apr 2024 19:34:30 +0000 (15:34 -0400)
src/rgw/rgw_common.cc		patch \| blob \| history
src/rgw/rgw_common.h		patch \| blob \| history