return configuration;
}
+static int read_public_access_conf(const DoutPrefixProvider *dpp,
+ optional_yield y, rgw::sal::Driver* driver,
+ const rgw_owner& bucket_owner,
+ const std::map<std::string, bufferlist>& bucket_attrs,
+ PublicAccessBlockConfiguration& config)
+{
+ auto bucket_config = get_public_access_conf_from_attr(bucket_attrs);
+
+ const auto* account_id = std::get_if<rgw_account_id>(&bucket_owner);
+ if (!account_id) {
+ config = std::move(bucket_config);
+ return 0;
+ }
+
+ // if the bucket owner is an account, check for account-level config
+ RGWAccountInfo account_info;
+ std::map<std::string, bufferlist> account_attrs;
+ RGWObjVersionTracker objv; // ignored
+ int r = driver->load_account_by_id(dpp, y, *account_id, account_info,
+ account_attrs, objv);
+ if (r < 0) {
+ ldpp_dout(dpp, 1) << "ERROR: " << __func__ << " failed to load bucket "
+ "owner's account=" << *account_id << " with " << cpp_strerror(r) << dendl;
+ return r;
+ }
+
+ auto account_config = get_public_access_conf_from_attr(account_attrs);
+ config = config_union(bucket_config, account_config);
+ return 0;
+}
+
static int read_bucket_policy(const DoutPrefixProvider *dpp,
rgw::sal::Driver* driver,
req_state *s,
return -EINVAL;
}
- s->public_access_block = get_public_access_conf_from_attr(s->bucket_attrs);
+ ret = read_public_access_conf(dpp, y, driver,
+ s->bucket->get_owner(),
+ s->bucket->get_attrs(),
+ s->public_access_block);
+ if (ret < 0) {
+ return ret;
+ }
s->bucket_object_ownership = rgw::s3::get_object_ownership(s->bucket_attrs);
}
return os;
}
+auto config_union(const PublicAccessBlockConfiguration& lhs,
+ const PublicAccessBlockConfiguration& rhs)
+ -> PublicAccessBlockConfiguration
+{
+ return {
+ .BlockPublicAcls = lhs.BlockPublicAcls || rhs.BlockPublicAcls,
+ .IgnorePublicAcls = lhs.IgnorePublicAcls || rhs.IgnorePublicAcls,
+ .BlockPublicPolicy = lhs.BlockPublicPolicy || rhs.BlockPublicPolicy,
+ .RestrictPublicBuckets = lhs.RestrictPublicBuckets || rhs.RestrictPublicBuckets,
+ };
+}
*/
#pragma once
+
+#include <iosfwd>
#include "include/encoding.h"
class XMLObj;
}
void decode_xml(XMLObj *obj);
- void dump_xml(Formatter *f) const;
+ void dump_xml(ceph::Formatter *f) const;
};
WRITE_CLASS_ENCODER(PublicAccessBlockConfiguration)
std::ostream& operator<< (std::ostream& os, const PublicAccessBlockConfiguration& access_conf);
+
+/// Return the union of two configurations by memberwise logical-or.
+auto config_union(const PublicAccessBlockConfiguration& lhs,
+ const PublicAccessBlockConfiguration& rhs)
+ -> PublicAccessBlockConfiguration;
projects / ceph.git / commitdiff