rgw: ListRoles returns "Access Denied" for a regular user with valid allow policy

The ListRoles method doesn't initialise the arn resource, so a user that is allowed to call this method only via policies gets "Access Denied"

Signed-off-by: Theofilos Mouratidis <mtheofilos@gmail.com>

diff --git a/src/rgw/rgw_rest_role.cc b/src/rgw/rgw_rest_role.cc
index 483f1b487ff65d8d93e4f8db414d9f4f6b823a70..490803f59f5d3f25ef4d02d076643e8aebc75dbb 100644 (file)
--- a/src/rgw/rgw_rest_role.cc
+++ b/src/rgw/rgw_rest_role.cc
@@ -514,6 +514,11 @@ int RGWListRoles::init_processing(optional_yield y)
   if (const auto* id = std::get_if<rgw_account_id>(&s->owner.id); id) {
     account_id = *id;
   }
+
+  const std::string resource_name = "";
+  const rgw::ARN arn{resource_name, "role", account_id, true};
+  resource = arn;
+
   return 0;
 }