rgw/auth: rgw_common.h exposes evaluate_iam_policies()

Signed-off-by: Casey Bodley <cbodley@redhat.com>

diff --git a/src/rgw/rgw_common.cc b/src/rgw/rgw_common.cc
index e8951e148fc6521ac6241d8e837d2c7bff61ae49..7dc242ef19d746349c69c64593aae229e8031b27 100644 (file)
--- a/src/rgw/rgw_common.cc
+++ b/src/rgw/rgw_common.cc
@@ -1150,6 +1150,8 @@ Effect eval_identity_or_session_policies(const DoutPrefixProvider* dpp,
   return policy_res;
 }
 
+} // anonymous namespace
+
 // determine whether a request is allowed or denied within an account
 Effect evaluate_iam_policies(
     const DoutPrefixProvider* dpp,
@@ -1231,8 +1233,6 @@ Effect evaluate_iam_policies(
   return Effect::Pass;
 }
 
-} // anonymous namespace
-
 bool verify_user_permission(const DoutPrefixProvider* dpp,
                             perm_state_base * const s,
                             const RGWAccessControlPolicy& user_acl,

diff --git a/src/rgw/rgw_common.h b/src/rgw/rgw_common.h
index 134a6d6ee5bdc19e5f92d6923b068147701493cf..56f51d08d74d6c2203ea275450584fa8d68cb200 100644 (file)
--- a/src/rgw/rgw_common.h
+++ b/src/rgw/rgw_common.h
@@ -1762,6 +1762,16 @@ bool verify_object_permission_no_policy(const DoutPrefixProvider* dpp,
                                        const RGWAccessControlPolicy& object_acl,
                                        const int perm);
 
+// determine whether a request is allowed or denied within an account
+rgw::IAM::Effect evaluate_iam_policies(
+    const DoutPrefixProvider* dpp,
+    const rgw::IAM::Environment& env,
+    const rgw::auth::Identity& identity,
+    bool account_root, uint64_t op, const rgw::ARN& arn,
+    const boost::optional<rgw::IAM::Policy>& resource_policy,
+    const std::vector<rgw::IAM::Policy>& identity_policies,
+    const std::vector<rgw::IAM::Policy>& session_policies);
+
 bool verify_user_permission(const DoutPrefixProvider* dpp,
                             req_state * const s,
                             const RGWAccessControlPolicy& user_acl,