rgw: Add support bucket policy for subuser

author Seena Fallah <seenafallah@gmail.com>

Sun, 9 Feb 2020 15:31:04 +0000 (19:01 +0330)

committer Seena Fallah <seenafallah@gmail.com>

Tue, 11 Feb 2020 08:53:46 +0000 (12:23 +0330)
author Seena Fallah <seenafallah@gmail.com>
Sun, 9 Feb 2020 15:31:04 +0000 (19:01 +0330)
committer Seena Fallah <seenafallah@gmail.com>
Tue, 11 Feb 2020 08:53:46 +0000 (12:23 +0330)
diff --git a/.gitignore b/.gitignore

index a04d59a632edcb165ba5beee0fb46f5b365c0e20..149ec0f24993eb1657afdff39b43602241bb78c1 100644 (file)
--- a/.gitignore
+++ b/.gitignore
@@ -68,6 +68,8 @@ GTAGS
  
  .idea
  
+.vscode
+
  # dashboard
  /src/pybind/mgr/dashboard/frontend/.protractor-report
  /src/pybind/mgr/dashboard/frontend/src/environments/environment.ts
diff --git a/doc/radosgw/bucketpolicy.rst b/doc/radosgw/bucketpolicy.rst

index 260bf2b106d97db932c8f6614de24972c1d26658..ba14e097ece3afea0522d84492ffdd48c186ab9b 100644 (file)
--- a/doc/radosgw/bucketpolicy.rst
+++ b/doc/radosgw/bucketpolicy.rst
@@ -21,7 +21,7 @@ For example, one may use s3cmd to set or delete a policy thus::
      "Version": "2012-10-17",
      "Statement": [{
        "Effect": "Allow",
-      "Principal": {"AWS": ["arn:aws:iam::usfolks:user/fred"]},
+      "Principal": {"AWS": ["arn:aws:iam::usfolks:user/fred:subuser"]},
        "Action": "s3:PutObjectAcl",
        "Resource": [
          "arn:aws:s3:::happybucket/*"
diff --git a/src/rgw/rgw_auth.cc b/src/rgw/rgw_auth.cc

index b18d91832c3b9ed5d470a099f35da53346fb6643..a730ce3b292dc1c7081e07bfd2673946731f7f87 100644 (file)
--- a/src/rgw/rgw_auth.cc
+++ b/src/rgw/rgw_auth.cc
@@ -613,9 +613,18 @@ bool rgw::auth::LocalApplier::is_identity(const idset_t& ids) const {
                id.get_tenant() == user_info.user_id.tenant) {
        return true;
      } else if (id.is_user() &&
-              (id.get_tenant() == user_info.user_id.tenant) &&
-              (id.get_id() == user_info.user_id.id)) {
-      return true;
+              (id.get_tenant() == user_info.user_id.tenant)) {
+      if (id.get_id() == user_info.user_id.id) {
+        return true;
+      }
+      for (auto subuser : user_info.subusers) {
+        std::string user = user_info.user_id.id;
+        user.append(":");
+        user.append(subuser.second.name);
+        if (user == id.get_id()) {
+          return true;
+        }
+      }
      }
    }
    return false;
diff --git a/src/rgw/rgw_op.cc b/src/rgw/rgw_op.cc

index d2325c1ccd5fd43f8b1ee8777fc0baebc94e2ed0..99ce3cb3ccba6e7e644b793adf924c00b1b767c7 100644 (file)
--- a/src/rgw/rgw_op.cc
+++ b/src/rgw/rgw_op.cc
@@ -85,8 +85,6 @@ using rgw::ARN;
  using rgw::IAM::Effect;
  using rgw::IAM::Policy;
  
-using rgw::IAM::Policy;
-
  static string mp_ns = RGW_OBJ_NS_MULTIPART;
  static string shadow_ns = RGW_OBJ_NS_SHADOW;
author	Seena Fallah <seenafallah@gmail.com>
	Sun, 9 Feb 2020 15:31:04 +0000 (19:01 +0330)
committer	Seena Fallah <seenafallah@gmail.com>
	Tue, 11 Feb 2020 08:53:46 +0000 (12:23 +0330)
.gitignore		patch \| blob \| history
doc/radosgw/bucketpolicy.rst		patch \| blob \| history
src/rgw/rgw_auth.cc		patch \| blob \| history
src/rgw/rgw_op.cc		patch \| blob \| history