rgw: Add support bucket policy for subuser

author Seena Fallah <seenafallah@gmail.com>

Sun, 9 Feb 2020 15:31:04 +0000 (19:01 +0330)

committer Nathan Cutler <ncutler@suse.com>

Wed, 4 Mar 2020 09:54:05 +0000 (10:54 +0100)
author Seena Fallah <seenafallah@gmail.com>
Sun, 9 Feb 2020 15:31:04 +0000 (19:01 +0330)
committer Nathan Cutler <ncutler@suse.com>
Wed, 4 Mar 2020 09:54:05 +0000 (10:54 +0100)
diff --git a/.gitignore b/.gitignore

index b562aed0faf22bc7106d2c7552963f1819e1b126..86375e1c32d65b59302a0d1c89ca62a79fab641c 100644 (file)
--- a/.gitignore
+++ b/.gitignore
@@ -66,6 +66,8 @@ GTAGS
  
  .idea
  
+.vscode
+
  # dashboard
  /src/pybind/mgr/dashboard/frontend/src/environments/environment.ts
  /src/pybind/mgr/dashboard/frontend/src/environments/environment.prod.ts
diff --git a/doc/radosgw/bucketpolicy.rst b/doc/radosgw/bucketpolicy.rst

index 32a0e751b24b5673c4555f346154d3abc801fab0..33816a8ce49ee87515abdbd6ea8a4b4bcb2b1572 100644 (file)
--- a/doc/radosgw/bucketpolicy.rst
+++ b/doc/radosgw/bucketpolicy.rst
@@ -21,7 +21,7 @@ For example, one may use s3cmd to set or delete a policy thus::
      "Version": "2012-10-17",
      "Statement": [{
        "Effect": "Allow",
-      "Principal": {"AWS": ["arn:aws:iam::usfolks:user/fred"]},
+      "Principal": {"AWS": ["arn:aws:iam::usfolks:user/fred:subuser"]},
        "Action": "s3:PutObjectAcl",
        "Resource": [
          "arn:aws:s3:::happybucket/*"
diff --git a/src/rgw/rgw_auth.cc b/src/rgw/rgw_auth.cc

index 3cdc7d360af6d63db63372b53bb46c17bc8edbff..50a7ac575742a402a281fdc929a08aa7e10653b7 100644 (file)
--- a/src/rgw/rgw_auth.cc
+++ b/src/rgw/rgw_auth.cc
@@ -542,9 +542,18 @@ bool rgw::auth::LocalApplier::is_identity(const idset_t& ids) const {
                id.get_tenant() == user_info.user_id.tenant) {
        return true;
      } else if (id.is_user() &&
-              (id.get_tenant() == user_info.user_id.tenant) &&
-              (id.get_id() == user_info.user_id.id)) {
-      return true;
+              (id.get_tenant() == user_info.user_id.tenant)) {
+      if (id.get_id() == user_info.user_id.id) {
+        return true;
+      }
+      for (auto subuser : user_info.subusers) {
+        std::string user = user_info.user_id.id;
+        user.append(":");
+        user.append(subuser.second.name);
+        if (user == id.get_id()) {
+          return true;
+        }
+      }
      }
    }
    return false;
diff --git a/src/rgw/rgw_op.cc b/src/rgw/rgw_op.cc

index 0005c9ee30dbf81c95133ccd8f6740eec938a711..0846937c319694b13bd40484cf572544ca7261a6 100644 (file)
--- a/src/rgw/rgw_op.cc
+++ b/src/rgw/rgw_op.cc
@@ -85,8 +85,6 @@ using rgw::ARN;
  using rgw::IAM::Effect;
  using rgw::IAM::Policy;
  
-using rgw::IAM::Policy;
-
  static string mp_ns = RGW_OBJ_NS_MULTIPART;
  static string shadow_ns = RGW_OBJ_NS_SHADOW;
author	Seena Fallah <seenafallah@gmail.com>
	Sun, 9 Feb 2020 15:31:04 +0000 (19:01 +0330)
committer	Nathan Cutler <ncutler@suse.com>
	Wed, 4 Mar 2020 09:54:05 +0000 (10:54 +0100)
.gitignore		patch \| blob \| history
doc/radosgw/bucketpolicy.rst		patch \| blob \| history
src/rgw/rgw_auth.cc		patch \| blob \| history
src/rgw/rgw_op.cc		patch \| blob \| history