ACLOwner rgw::auth::RoleApplier::get_aclowner() const
{
ACLOwner owner;
- owner.id = token_attrs.user_id;
+ if (!role.account_id.empty()) {
+ owner.id = role.account_id;
+ } else {
+ owner.id = token_attrs.user_id;
+ }
owner.display_name = role.name;
return owner;
}
+bool rgw::auth::RoleApplier::is_owner_of(const rgw_owner& o) const
+{
+ return match_owner(o, token_attrs.user_id, role.account_id);
+}
+
void rgw::auth::RoleApplier::to_str(std::ostream& out) const {
out << "rgw::auth::RoleApplier(role name =" << role.name;
for (auto& policy: role.inline_policies) {
std::string id;
std::string name;
std::string tenant;
+ rgw_account_id account_id;
std::vector<std::string> inline_policies;
std::vector<std::string> managed_policies;
};
bool is_admin_of(const rgw_owner& o) const override {
return false;
}
- bool is_owner_of(const rgw_owner& o) const override {
- auto* uid = std::get_if<rgw_user>(&o);
- // TODO: handle account roles
- return uid && *uid == token_attrs.user_id;
- }
+ bool is_owner_of(const rgw_owner& o) const override;
bool is_identity(const Principal& p) const override;
uint32_t get_perm_mask() const override {
return RGW_PERM_NONE;
r.id = token.roleId;
r.name = role->get_name();
r.tenant = role->get_tenant();
+ r.account_id = role->get_account_id();
for (auto& [name, policy] : role->get_info().perm_policy_map) {
r.inline_policies.push_back(std::move(policy));
projects / ceph.git / commitdiff