rgw/sts: code changes to replace modify role with

modify role trust policy, to better reflect
what the command does.

Signed-off-by: Pritha Srivastava <prsrivas@redhat.com>

diff --git a/doc/radosgw/role.rst b/doc/radosgw/role.rst
index 76ed6924fe16ce7ec04f47452a6953c8711d6efa..dbe8810a0b8189f3090d254ee9be6ba66c6702ff 100644 (file)
--- a/doc/radosgw/role.rst
+++ b/doc/radosgw/role.rst
@@ -140,7 +140,7 @@ Update Assume Role Policy Document of a role
 
 To modify a role's assume role policy document, execute the following::
 
-       radosgw-admin role modify --role-name={role-name} --assume-role-policy-doc={trust-policy-document}
+       radosgw-admin role-trust-policy modify --role-name={role-name} --assume-role-policy-doc={trust-policy-document}
 
 Request Parameters
 ~~~~~~~~~~~~~~~~~~
@@ -157,7 +157,7 @@ Request Parameters
 
 For example::
 
-  radosgw-admin role modify --role-name=S3Access1 --assume-role-policy-doc=\{\"Version\":\"2012-10-17\",\"Statement\":\[\{\"Effect\":\"Allow\",\"Principal\":\{\"AWS\":\[\"arn:aws:iam:::user/TESTER2\"\]\},\"Action\":\[\"sts:AssumeRole\"\]\}\]\}
+  radosgw-admin role-trust-policy modify --role-name=S3Access1 --assume-role-policy-doc=\{\"Version\":\"2012-10-17\",\"Statement\":\[\{\"Effect\":\"Allow\",\"Principal\":\{\"AWS\":\[\"arn:aws:iam:::user/TESTER2\"\]\},\"Action\":\[\"sts:AssumeRole\"\]\}\]\}
 
 .. code-block:: javascript
 

diff --git a/src/rgw/rgw_admin.cc b/src/rgw/rgw_admin.cc
index 5e1851b4ace5f896221a84d636599e6d6e311b97..506098a224cac9bad6ca7937fc41e6ea80b48571 100644 (file)
--- a/src/rgw/rgw_admin.cc
+++ b/src/rgw/rgw_admin.cc
@@ -268,7 +268,7 @@ void usage()
   cout << "  role delete                remove a role\n";
   cout << "  role get                   get a role\n";
   cout << "  role list                  list roles with specified path prefix\n";
-  cout << "  role modify                modify the assume role policy of an existing role\n";
+  cout << "  role-trust-policy modify   modify the assume role policy of an existing role\n";
   cout << "  role-policy put            add/update permission policy to role\n";
   cout << "  role-policy list           list policies attached to a role\n";
   cout << "  role-policy get            get the specified inline policy document embedded with the given role\n";
@@ -790,7 +790,7 @@ enum class OPT {
   ROLE_CREATE,
   ROLE_DELETE,
   ROLE_GET,
-  ROLE_MODIFY,
+  ROLE_TRUST_POLICY_MODIFY,
   ROLE_LIST,
   ROLE_POLICY_PUT,
   ROLE_POLICY_LIST,
@@ -1017,7 +1017,7 @@ static SimpleCmd::Commands all_cmds = {
   { "role create", OPT::ROLE_CREATE },
   { "role delete", OPT::ROLE_DELETE },
   { "role get", OPT::ROLE_GET },
-  { "role modify", OPT::ROLE_MODIFY },
+  { "role-trust-policy modify", OPT::ROLE_TRUST_POLICY_MODIFY },
   { "role list", OPT::ROLE_LIST },
   { "role policy put", OPT::ROLE_POLICY_PUT },
   { "role-policy put", OPT::ROLE_POLICY_PUT },
@@ -4386,7 +4386,7 @@ int main(int argc, const char **argv)
       if (rgw::sal::User::empty(user) && opt_cmd != OPT::ROLE_CREATE
                           && opt_cmd != OPT::ROLE_DELETE
                           && opt_cmd != OPT::ROLE_GET
-                          && opt_cmd != OPT::ROLE_MODIFY
+                          && opt_cmd != OPT::ROLE_TRUST_POLICY_MODIFY
                           && opt_cmd != OPT::ROLE_LIST
                           && opt_cmd != OPT::ROLE_POLICY_PUT
                           && opt_cmd != OPT::ROLE_POLICY_LIST
@@ -6612,7 +6612,7 @@ int main(int argc, const char **argv)
       show_role_info(role.get(), formatter.get());
       return 0;
     }
-  case OPT::ROLE_MODIFY:
+  case OPT::ROLE_TRUST_POLICY_MODIFY:
     {
       if (role_name.empty()) {
         cerr << "ERROR: role name is empty" << std::endl;

diff --git a/src/rgw/rgw_auth_s3.cc b/src/rgw/rgw_auth_s3.cc
index 62fe354b457b26ad7f5e4b717bd0c4fe9c951b7d..a48cc199ffc486cbca7c8c1c4c465c55f729d9a2 100644 (file)
--- a/src/rgw/rgw_auth_s3.cc
+++ b/src/rgw/rgw_auth_s3.cc
@@ -459,7 +459,7 @@ bool is_non_s3_op(RGWOpType op_type)
       op_type == RGW_OP_CREATE_ROLE ||
       op_type == RGW_OP_DELETE_ROLE ||
       op_type == RGW_OP_GET_ROLE ||
-      op_type == RGW_OP_MODIFY_ROLE ||
+      op_type == RGW_OP_MODIFY_ROLE_TRUST_POLICY ||
       op_type == RGW_OP_LIST_ROLES ||
       op_type == RGW_OP_PUT_ROLE_POLICY ||
       op_type == RGW_OP_GET_ROLE_POLICY ||

diff --git a/src/rgw/rgw_iam_policy.cc b/src/rgw/rgw_iam_policy.cc
index 1ecb74281a73bc884f14f88ac36ff37c784b45a9..0ab1058d768934c7d8aa24f5c726329c56a5716a 100644 (file)
--- a/src/rgw/rgw_iam_policy.cc
+++ b/src/rgw/rgw_iam_policy.cc
@@ -143,7 +143,7 @@ static const actpair actpairs[] =
  { "iam:CreateRole", iamCreateRole},
  { "iam:DeleteRole", iamDeleteRole},
  { "iam:GetRole", iamGetRole},
- { "iam:ModifyRole", iamModifyRole},
+ { "iam:ModifyRoleTrustPolicy", iamModifyRoleTrustPolicy},
  { "iam:ListRoles", iamListRoles},
  { "iam:PutRolePolicy", iamPutRolePolicy},
  { "iam:GetRolePolicy", iamGetRolePolicy},
@@ -1325,8 +1325,8 @@ const char* action_bit_string(uint64_t action) {
   case iamGetRole:
     return "iam:GetRole";
 
-  case iamModifyRole:
-    return "iam:ModifyRole";
+  case iamModifyRoleTrustPolicy:
+    return "iam:ModifyRoleTrustPolicy";
 
   case iamListRoles:
     return "iam:ListRoles";

diff --git a/src/rgw/rgw_iam_policy.h b/src/rgw/rgw_iam_policy.h
index 2de1b7bd58b9f83a5e73334bc76b3bc7d9a7b8f1..de8ba9297b41a8bada5e2024757d3b112a022fda 100644 (file)
--- a/src/rgw/rgw_iam_policy.h
+++ b/src/rgw/rgw_iam_policy.h
@@ -117,7 +117,7 @@ static constexpr std::uint64_t iamDeleteUserPolicy = s3All + 3;
 static constexpr std::uint64_t iamListUserPolicies = s3All + 4;
 static constexpr std::uint64_t iamCreateRole = s3All + 5;
 static constexpr std::uint64_t iamDeleteRole = s3All + 6;
-static constexpr std::uint64_t iamModifyRole = s3All + 7;
+static constexpr std::uint64_t iamModifyRoleTrustPolicy = s3All + 7;
 static constexpr std::uint64_t iamGetRole = s3All + 8;
 static constexpr std::uint64_t iamListRoles = s3All + 9;
 static constexpr std::uint64_t iamPutRolePolicy = s3All + 10;

diff --git a/src/rgw/rgw_op_type.h b/src/rgw/rgw_op_type.h
index 58ea807318e7b0a5d452b7c94cd41c9ac6696d8f..e9b670ce2830ae5158d90aa3467d3179a61ad19f 100644 (file)
--- a/src/rgw/rgw_op_type.h
+++ b/src/rgw/rgw_op_type.h
@@ -55,7 +55,7 @@ enum RGWOpType {
   RGW_OP_CREATE_ROLE,
   RGW_OP_DELETE_ROLE,
   RGW_OP_GET_ROLE,
-  RGW_OP_MODIFY_ROLE,
+  RGW_OP_MODIFY_ROLE_TRUST_POLICY,
   RGW_OP_LIST_ROLES,
   RGW_OP_PUT_ROLE_POLICY,
   RGW_OP_GET_ROLE_POLICY,

diff --git a/src/rgw/rgw_rest_iam.cc b/src/rgw/rgw_rest_iam.cc
index f63018d189b3b9dd723e68dc8a5f15ca661ec5d2..35f1b367381929b14ac2d0bb135c362270d4cc8a 100644 (file)
--- a/src/rgw/rgw_rest_iam.cc
+++ b/src/rgw/rgw_rest_iam.cc
@@ -53,7 +53,7 @@ RGWOp *RGWHandler_REST_IAM::op_post()
     if (action.compare("GetRole") == 0)
       return new RGWGetRole;
     if (action.compare("UpdateAssumeRolePolicy") == 0)
-      return new RGWModifyRole(this->bl_post_body);
+      return new RGWModifyRoleTrustPolicy(this->bl_post_body);
     if (action.compare("ListRoles") == 0)
       return new RGWListRoles;
     if (action.compare("PutRolePolicy") == 0)

diff --git a/src/rgw/rgw_rest_role.cc b/src/rgw/rgw_rest_role.cc
index 7ae70e6a097e818ad99616d5980dc0f658799d49..71090c59c177b365979e978f43b96c7f908e4bb9 100644 (file)
--- a/src/rgw/rgw_rest_role.cc
+++ b/src/rgw/rgw_rest_role.cc
@@ -438,7 +438,7 @@ void RGWGetRole::execute(optional_yield y)
   }
 }
 
-int RGWModifyRole::get_params()
+int RGWModifyRoleTrustPolicy::get_params()
 {
   role_name = s->info.args.get("RoleName");
   trust_policy = s->info.args.get("PolicyDocument");
@@ -456,7 +456,7 @@ int RGWModifyRole::get_params()
   return 0;
 }
 
-void RGWModifyRole::execute(optional_yield y)
+void RGWModifyRoleTrustPolicy::execute(optional_yield y)
 {
   op_ret = get_params();
   if (op_ret < 0) {

diff --git a/src/rgw/rgw_rest_role.h b/src/rgw/rgw_rest_role.h
index f007d2ec23fa6dd41c9c8a11af528ad329e0f8b8..69e64306526e32926393a2d2ead0599cec888725 100644 (file)
--- a/src/rgw/rgw_rest_role.h
+++ b/src/rgw/rgw_rest_role.h
@@ -73,15 +73,15 @@ public:
   uint64_t get_op() override { return rgw::IAM::iamGetRole; }
 };
 
-class RGWModifyRole : public RGWRoleWrite {
+class RGWModifyRoleTrustPolicy : public RGWRoleWrite {
   bufferlist bl_post_body;
 public:
-  RGWModifyRole(const bufferlist& bl_post_body) : bl_post_body(bl_post_body) {};
+  RGWModifyRoleTrustPolicy(const bufferlist& bl_post_body) : bl_post_body(bl_post_body) {};
   void execute(optional_yield y) override;
   int get_params();
-  const char* name() const override { return "modify_role"; }
-  RGWOpType get_type() override { return RGW_OP_MODIFY_ROLE; }
-  uint64_t get_op() override { return rgw::IAM::iamModifyRole; }
+  const char* name() const override { return "modify_role_trust_policy"; }
+  RGWOpType get_type() override { return RGW_OP_MODIFY_ROLE_TRUST_POLICY; }
+  uint64_t get_op() override { return rgw::IAM::iamModifyRoleTrustPolicy; }
 };
 
 class RGWListRoles : public RGWRoleRead {

diff --git a/src/test/cli/radosgw-admin/help.t b/src/test/cli/radosgw-admin/help.t
index 2ea1ceda25a64b334a03440d1bc5568cfaf04a3f..a70eb5ba0a5958785396f80866da8e91b48b3746 100644 (file)
--- a/src/test/cli/radosgw-admin/help.t
+++ b/src/test/cli/radosgw-admin/help.t
@@ -157,7 +157,7 @@
     role delete                remove a role
     role get                   get a role
     role list                  list roles with specified path prefix
-    role modify                modify the assume role policy of an existing role
+    role-trust-policy modify   modify the assume role policy of an existing role
     role-policy put            add/update permission policy to role
     role-policy list           list policies attached to a role
     role-policy get            get the specified inline policy document embedded with the given role