]> git-server-git.apps.pok.os.sepia.ceph.com Git - ceph-ci.git/commitdiff
projects / ceph-ci.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7e92d52)
rgw/policy: Add missing strings for actions
authorAdam C. Emerson <aemerson@redhat.com>
Thu, 16 Oct 2025 20:07:17 +0000 (16:07 -0400)
committerAdam C. Emerson <aemerson@redhat.com>
Mon, 15 Dec 2025 17:28:50 +0000 (12:28 -0500)
Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
src/rgw/rgw_iam_policy.cc patch | blob | history
src/rgw/rgw_iam_policy.h patch | blob | history
src/rgw/rgw_op.h patch | blob | history

diff --git a/src/rgw/rgw_iam_policy.cc b/src/rgw/rgw_iam_policy.cc
index ecd704da78ed4abf76a36a5c3dd71089cbe377bd..c6d5c38ac3273471ddf01bedfd401502eaa5bf69 100644 (file)
--- a/src/rgw/rgw_iam_policy.cc
+++ b/src/rgw/rgw_iam_policy.cc
@@ -1288,7 +1288,7 @@ Effect Statement::eval_conditions(const Environment& e) const {
   return Effect::Deny;
 }
 
-const char* action_bit_string(uint64_t action) {
+const char* action_bit_string(action_t action) {
   switch (action) {
   case s3GetObject:
     return "s3:GetObject";
@@ -1416,8 +1416,8 @@ const char* action_bit_string(uint64_t action) {
   case s3PutBucketLogging:
     return "s3:PutBucketLogging";
 
-    case s3PostBucketLogging:
-      return "s3:PostBucketLogging";
+  case s3PostBucketLogging:
+    return "s3:PostBucketLogging";
 
   case s3GetBucketTagging:
     return "s3:GetBucketTagging";
@@ -1488,6 +1488,27 @@ const char* action_bit_string(uint64_t action) {
   case s3BypassGovernanceRetention:
     return "s3:BypassGovernanceRetention";
 
+  case s3GetBucketPolicyStatus:
+    return "s3:GetBucketPolicyStatus";
+
+  case s3PutPublicAccessBlock:
+    return "s3:PutPublicAccessBlock";
+
+  case s3GetPublicAccessBlock:
+    return "s3:GetPublicAccessBlock";
+
+  case s3DeletePublicAccessBlock:
+    return "s3:DeletePublicAccessBlock";
+
+  case s3PutBucketPublicAccessBlock:
+    return "s3:PutBucketPublicAccessBlock";
+
+  case s3GetBucketPublicAccessBlock:
+    return "s3:GetBucketPublicAccessBlock";
+
+  case s3DeleteBucketPublicAccessBlock:
+    return "s3:DeleteBucketPublicAccessBlock";
+
   case s3GetObjectAttributes:
     return "s3:GetObjectAttributes";
 
@@ -1751,6 +1772,15 @@ const char* action_bit_string(uint64_t action) {
 
   case organizationsListTargetsForPolicy:
     return "organizations:ListTargetsForPolicy";
+
+  case s3All:
+  case s3objectlambdaAll:
+  case iamAll:
+  case stsAll:
+  case snsAll:
+  case organizationsAll:
+  case allCount:
+    return "s3Invalid";
   }
   return "s3Invalid";
 }
@@ -1759,14 +1789,14 @@ namespace {
 ostream& print_actions(ostream& m, const Action_t a) {
   bool begun = false;
   m << "[ ";
-  for (auto i = 0U; i < allCount; ++i) {
+  for (std::underlying_type_t<action_t> i = 0; i < allCount; ++i) {
     if (a[i] == 1) {
       if (begun) {
         m << ", ";
       } else {
         begun = true;
       }
-      m << action_bit_string(i);
+      m << action_bit_string(action_t(i));
     }
   }
   if (begun) {
diff --git a/src/rgw/rgw_iam_policy.h b/src/rgw/rgw_iam_policy.h
index b202052ce922b38f9b9f9ad740eaa93325578cab..72f29dd4acd5c27cec71bcede6e53bae3b7fb364 100644 (file)
--- a/src/rgw/rgw_iam_policy.h
+++ b/src/rgw/rgw_iam_policy.h
@@ -40,7 +40,7 @@ class Identity;
 namespace rgw {
 namespace IAM {
 
-enum {
+enum action_t {
   s3GetObject,
   s3GetObjectVersion,
   s3PutObject,
@@ -337,7 +337,7 @@ inline int op_to_perm(std::uint64_t op) {
 }
 }
 
-const char* action_bit_string(uint64_t action);
+const char* action_bit_string(action_t action);
 
 enum class PolicyPrincipal {
   Role,
diff --git a/src/rgw/rgw_op.h b/src/rgw/rgw_op.h
index 4408bbb2e868148728e56e0e74d1e62f690f9ab1..c9e19c50b384cfd407b9f2987ff1bda6deb6d493 100644 (file)
--- a/src/rgw/rgw_op.h
+++ b/src/rgw/rgw_op.h
@@ -448,7 +448,7 @@ protected:
   bool first_data;
   uint64_t cur_ofs;
   bufferlist waiting;
-  uint64_t action = 0;
+  rgw::IAM::action_t action{};
 
   bool get_retention;
   bool get_legal_hold;
Unnamed repository; edit this file 'description' to name the repository.