Merge pull request #35924 from pritha-srivastava/wip-rgw-sts-error-messages

author Matt Benjamin <mbenjamin@redhat.com>

Wed, 16 Sep 2020 11:20:51 +0000 (07:20 -0400)

committer GitHub <noreply@github.com>

Wed, 16 Sep 2020 11:20:51 +0000 (07:20 -0400)
author Matt Benjamin <mbenjamin@redhat.com>
Wed, 16 Sep 2020 11:20:51 +0000 (07:20 -0400)
committer GitHub <noreply@github.com>
Wed, 16 Sep 2020 11:20:51 +0000 (07:20 -0400)
diff --cc src/rgw/rgw_rest_sts.cc

index 0f184b5c843c9ac8e5d68956c57d9b657aa6d03f,90fff490c60442afc11bbbc0b6563a6a682f8077..92a49bd508d37abd50996d5baf3f4baef7be4ee8
--- 1/src/rgw/rgw_rest_sts.cc
--- 2/src/rgw/rgw_rest_sts.cc
+++ b/src/rgw/rgw_rest_sts.cc
@@@ -339,11 -334,10 +342,12 @@@ WebTokenEngine::authenticate( const Dou
     if (t) {
       string role_session = s->info.args.get("RoleSessionName");
       if (role_session.empty()) {
+       ldout(s->cct, 0) << "Role Session Name is empty " << dendl;
         return result_t::deny(-EACCES);
       }
- -    auto apl = apl_factory->create_apl_web_identity(cct, s, role_session, *t);
+ +    string role_arn = s->info.args.get("RoleArn");
+ +    string role_tenant = get_role_tenant(role_arn);
+ +    auto apl = apl_factory->create_apl_web_identity(cct, s, role_session, role_tenant, *t);
       return result_t::grant(std::move(apl));
     }
     return result_t::deny(-EACCES);
diff --cc src/rgw/rgw_sts.cc
Simple merge
author	Matt Benjamin <mbenjamin@redhat.com>
	Wed, 16 Sep 2020 11:20:51 +0000 (07:20 -0400)
committer	GitHub <noreply@github.com>
	Wed, 16 Sep 2020 11:20:51 +0000 (07:20 -0400)
		1	2
src/rgw/rgw_rest_sts.cc	patch \|	diff1 \|	diff2 \|	blob \| history
src/rgw/rgw_sts.cc	patch \|	diff1 \|	diff2 \|	blob \| history