rgw: add support sse-c to bucket policy conditions

author Seena Fallah <seenafallah@gmail.com>

Fri, 19 Jul 2024 20:21:00 +0000 (22:21 +0200)

committer Seena Fallah <seenafallah@gmail.com>

Fri, 19 Jul 2024 20:23:09 +0000 (22:23 +0200)
author Seena Fallah <seenafallah@gmail.com>
Fri, 19 Jul 2024 20:21:00 +0000 (22:21 +0200)
committer Seena Fallah <seenafallah@gmail.com>
Fri, 19 Jul 2024 20:23:09 +0000 (22:23 +0200)
diff --git a/src/rgw/rgw_iam_policy_keywords.gperf b/src/rgw/rgw_iam_policy_keywords.gperf

index 6b09a6aff8181f5e00210a5893dbf7e88ad4d222..d81218b9ea9fb39b72fdfb6362b4ac92e813c2d5 100644 (file)
--- a/src/rgw/rgw_iam_policy_keywords.gperf
+++ b/src/rgw/rgw_iam_policy_keywords.gperf
@@ -103,6 +103,7 @@ Null, TokenKind::cond_op, TokenID::Null, (uint64_t) Type::null, true, true
  #s3:x-amz-grant-full-control, TokenKind::cond_key, TokenID::s3x_amz_grant_permission, (uint64_t) Type::boolean, true, false
  #s3:x-amz-copy-source, TokenKind::cond_key, TokenID::s3x_amz_copy_source, (uint64_t) Type::string, true, false
  #s3:x-amz-server-side-encryption, TokenKind::cond_key, TokenID::s3x_amz_server_side_encryption, (uint64_t) Type::boolean, true, false
+#s3:x-amz-server-side-encryption-customer-algorithm, TokenKind::cond_key, TokenID::s3x_amz_server_side_encryption_customer_algorithm, (uint64_t) Type::boolean, true, false
  #s3:x-amz-server-side-encryption-aws-kms-key-id, TokenKind::cond_key, TokenID::s3x_amz_server_side_encryption_aws_kms_key_id, (uint64_t) Type::arn, true, false
  #s3:x-amz-metadata-directive, TokenKind::cond_key, TokenID::s3x_amz_metadata_directive, (uint64_t) Type::string, true, false
  #s3:x-amz-storage-class, TokenKind::cond_key, TokenID::s3x_amz_storage_class, (uint64_t) Type::string, true, false
diff --git a/src/rgw/rgw_iam_policy_keywords.h b/src/rgw/rgw_iam_policy_keywords.h

index c1cfa9052d60ab2104c88d919e0de6c6e269e669..a247cbc8559a5d5fae80de89002cdf90d4c47d07 100644 (file)
--- a/src/rgw/rgw_iam_policy_keywords.h
+++ b/src/rgw/rgw_iam_policy_keywords.h
@@ -77,6 +77,7 @@ enum class TokenID {
    s3x_amz_grant_permission,
    s3x_amz_copy_source,
    s3x_amz_server_side_encryption,
+  s3x_amz_server_side_encryption_customer_algorithm,
    s3x_amz_server_side_encryption_aws_kms_key_id,
    s3x_amz_metadata_directive,
    s3x_amz_storage_class,
diff --git a/src/rgw/rgw_op.cc b/src/rgw/rgw_op.cc

index 31a74e183e63b9ba29206d1d0c051fd7e5e8501d..259ba632a9620f39a1fe1e397d7f5b02a74f26f9 100644 (file)
--- a/src/rgw/rgw_op.cc
+++ b/src/rgw/rgw_op.cc
@@ -772,6 +772,12 @@ static void rgw_iam_add_crypt_attrs(rgw::IAM::Environment& e,
      rgw_add_to_iam_environment(e, s3_encrypt_attr, h->second);
    }
  
+  constexpr auto customer_algo_attr = "x-amz-server-side-encryption-customer-algorithm";
+  constexpr auto s3_customer_algo_attr = "s3:x-amz-server-side-encryption-customer-algorithm";
+  if (auto h = attrs.find(customer_algo_attr); h != attrs.end()) {
+    rgw_add_to_iam_environment(e, s3_customer_algo_attr, h->second);
+  }
+
    constexpr auto kms_attr = "x-amz-server-side-encryption-aws-kms-key-id";
    constexpr auto s3_kms_attr = "s3:x-amz-server-side-encryption-aws-kms-key-id";
    if (auto h = attrs.find(kms_attr); h != attrs.end()) {
author	Seena Fallah <seenafallah@gmail.com>
	Fri, 19 Jul 2024 20:21:00 +0000 (22:21 +0200)
committer	Seena Fallah <seenafallah@gmail.com>
	Fri, 19 Jul 2024 20:23:09 +0000 (22:23 +0200)
src/rgw/rgw_iam_policy_keywords.gperf		patch \| blob \| history
src/rgw/rgw_iam_policy_keywords.h		patch \| blob \| history
src/rgw/rgw_op.cc		patch \| blob \| history