rgw_attrs: fixes for 3 more iam/perms mappings

author Matt Benjamin <mbenjamin@redhat.com>

Thu, 9 Jan 2025 20:11:10 +0000 (15:11 -0500)

committer Matt Benjamin <mbenjamin@redhat.com>

Fri, 10 Jan 2025 20:12:20 +0000 (15:12 -0500)
author Matt Benjamin <mbenjamin@redhat.com>
Thu, 9 Jan 2025 20:11:10 +0000 (15:11 -0500)
committer Matt Benjamin <mbenjamin@redhat.com>
Fri, 10 Jan 2025 20:12:20 +0000 (15:12 -0500)
diff --git a/src/rgw/rgw_iam_policy.cc b/src/rgw/rgw_iam_policy.cc

index 52f50ab71aa9f5d0ac4e95248541a899cf395aa6..ef6761d42227f74e29ee160ffd676c08f6bd08f8 100644 (file)
--- a/src/rgw/rgw_iam_policy.cc
+++ b/src/rgw/rgw_iam_policy.cc
@@ -95,6 +95,7 @@ static const actpair actpairs[] =
   { "s3:GetObjectAcl", s3GetObjectAcl },
   { "s3:GetObject", s3GetObject },
   { "s3:GetObjectAttributes", s3GetObjectAttributes },
+ { "s3:GetObjectVersionAttributes", s3GetObjectVersionAttributes },
   { "s3:GetObjectTorrent", s3GetObjectTorrent },
   { "s3:GetObjectVersionAcl", s3GetObjectVersionAcl },
   { "s3:GetObjectVersion", s3GetObjectVersion },
@@ -1484,6 +1485,9 @@ const char* action_bit_string(uint64_t action) {
    case s3GetObjectAttributes:
      return "s3:GetObjectAttributes";
  
+  case s3GetObjectVersionAttributes:
+    return "s3:GetObjectVersionAttributes";
+
    case s3DescribeJob:
      return "s3:DescribeJob";
  
diff --git a/src/rgw/rgw_iam_policy.h b/src/rgw/rgw_iam_policy.h

index 21e98a9ff091f3c1efa202628ced584619ba4753..dd323ee4b9c87a1f5b8ca808cf1b04e911956cf8 100644 (file)
--- a/src/rgw/rgw_iam_policy.h
+++ b/src/rgw/rgw_iam_policy.h
@@ -250,6 +250,7 @@ inline int op_to_perm(std::uint64_t op) {
    case s3GetObjectRetention:
    case s3GetObjectLegalHold:
    case s3GetObjectAttributes:
+  case s3GetObjectVersionAttributes:
    case s3ListAllMyBuckets:
    case s3ListBucket:
    case s3ListBucketMultipartUploads:
diff --git a/src/test/rgw/test_rgw_iam_policy.cc b/src/test/rgw/test_rgw_iam_policy.cc

index 7dadb7812ffb7582ef731f9465217612d4503e3c..1d13c2aa013e2b7dd8ed91dec7ad56f866e02a52 100644 (file)
--- a/src/test/rgw/test_rgw_iam_policy.cc
+++ b/src/test/rgw/test_rgw_iam_policy.cc
@@ -75,6 +75,8 @@ using rgw::IAM::s3GetObjectTagging;
  using rgw::IAM::s3GetObjectVersion;
  using rgw::IAM::s3GetObjectVersionTagging;
  using rgw::IAM::s3GetObjectVersionTorrent;
+using rgw::IAM::s3GetObjectAttributes;
+using rgw::IAM::s3GetObjectVersionAttributes;
  using rgw::IAM::s3GetPublicAccessBlock;
  using rgw::IAM::s3GetReplicationConfiguration;
  using rgw::IAM::s3ListAllMyBuckets;
@@ -419,6 +421,8 @@ TEST_F(PolicyTest, Parse3) {
    act2[s3GetObjectVersionAcl] = 1;
    act2[s3GetObjectTorrent] = 1;
    act2[s3GetObjectVersionTorrent] = 1;
+  act2[s3GetObjectAttributes] = 1;
+  act2[s3GetObjectVersionAttributes] = 1;
    act2[s3GetAccelerateConfiguration] = 1;
    act2[s3GetBucketAcl] = 1;
    act2[s3GetBucketOwnershipControls] = 1;
@@ -487,6 +491,8 @@ TEST_F(PolicyTest, Eval3) {
    s3allow[s3GetObjectVersion] = 1;
    s3allow[s3GetObjectAcl] = 1;
    s3allow[s3GetObjectVersionAcl] = 1;
+  s3allow[s3GetObjectAttributes] = 1;
+  s3allow[s3GetObjectVersionAttributes] = 1;
    s3allow[s3GetObjectTorrent] = 1;
    s3allow[s3GetObjectVersionTorrent] = 1;
    s3allow[s3GetAccelerateConfiguration] = 1;
@@ -883,6 +889,8 @@ TEST_F(ManagedPolicyTest, AmazonS3ReadOnlyAccess)
    act[s3GetObjectVersionAcl] = 1;
    act[s3GetObjectTorrent] = 1;
    act[s3GetObjectVersionTorrent] = 1;
+  act[s3GetObjectAttributes] = 1;
+  act[s3GetObjectVersionAttributes] = 1;
    act[s3GetAccelerateConfiguration] = 1;
    act[s3GetBucketAcl] = 1;
    act[s3GetBucketOwnershipControls] = 1;
author	Matt Benjamin <mbenjamin@redhat.com>
	Thu, 9 Jan 2025 20:11:10 +0000 (15:11 -0500)
committer	Matt Benjamin <mbenjamin@redhat.com>
	Fri, 10 Jan 2025 20:12:20 +0000 (15:12 -0500)
src/rgw/rgw_iam_policy.cc		patch \| blob \| history
src/rgw/rgw_iam_policy.h		patch \| blob \| history
src/test/rgw/test_rgw_iam_policy.cc		patch \| blob \| history