rgw/auth: RoleApplier matches account principals

author Casey Bodley <cbodley@redhat.com>

Wed, 21 Feb 2024 20:55:09 +0000 (15:55 -0500)

committer Casey Bodley <cbodley@redhat.com>

Fri, 12 Apr 2024 19:34:29 +0000 (15:34 -0400)
author Casey Bodley <cbodley@redhat.com>
Wed, 21 Feb 2024 20:55:09 +0000 (15:55 -0500)
committer Casey Bodley <cbodley@redhat.com>
Fri, 12 Apr 2024 19:34:29 +0000 (15:34 -0400)
diff --git a/src/rgw/rgw_auth.cc b/src/rgw/rgw_auth.cc

index f8673a771c86bba52fc4b3e8d0b18496b80adf74..dd9337818c79efa2010bb579f3a1050c66b95ee8 100644 (file)
--- a/src/rgw/rgw_auth.cc
+++ b/src/rgw/rgw_auth.cc
@@ -976,6 +976,9 @@ void rgw::auth::RoleApplier::to_str(std::ostream& out) const {
  bool rgw::auth::RoleApplier::is_identity(const Principal& p) const {
    if (p.is_wildcard()) {
      return true;
+  } else if (p.is_account()) {
+    return match_account_or_tenant(role.account_id, role.tenant,
+                                   p.get_account());
    } else if (p.is_role()) {
      return p.get_id() == role.name // TODO: match path/name
          && p.get_account() == role.tenant;
author	Casey Bodley <cbodley@redhat.com>
	Wed, 21 Feb 2024 20:55:09 +0000 (15:55 -0500)
committer	Casey Bodley <cbodley@redhat.com>
	Fri, 12 Apr 2024 19:34:29 +0000 (15:34 -0400)