rgw: add infile arg to role-policy put

Allow passing policy-doc with infile arg

Signed-off-by: Seena Fallah <seenafallah@gmail.com>

diff --git a/doc/radosgw/role.rst b/doc/radosgw/role.rst
index 4511e2fe13311462f662085102cffdf29c6498d3..66ef0ac9c1f84312763a479bdd0eaac63676c423 100644 (file)
--- a/doc/radosgw/role.rst
+++ b/doc/radosgw/role.rst
@@ -203,6 +203,10 @@ For example::
 
   radosgw-admin role-policy put --role-name=S3Access1 --policy-name=Policy1 --policy-doc=\{\"Version\":\"2012-10-17\",\"Statement\":\[\{\"Effect\":\"Allow\",\"Action\":\[\"s3:*\"\],\"Resource\":\"arn:aws:s3:::example_bucket\"\}\]\}
 
+For passing ``policy-doc`` as a file::
+
+  radosgw-admin role-policy put --role-name=S3Access1 --policy-name=Policy1 --infile policy-document.json
+
 In the above example, we are attaching a policy 'Policy1' to role 'S3Access1', which allows all s3 actions on 'example_bucket'.
 
 List Permission Policy Names attached to a Role

diff --git a/src/rgw/rgw_admin.cc b/src/rgw/rgw_admin.cc
index 9f4ef12dbff0a7f6a673323a34e7557f26e2538e..376f4b548913096f868d59149981510872ea4de1 100644 (file)
--- a/src/rgw/rgw_admin.cc
+++ b/src/rgw/rgw_admin.cc
@@ -5834,12 +5834,22 @@ int main(int argc, const char **argv)
         return -EINVAL;
       }
 
-      if (perm_policy_doc.empty()) {
+      if (perm_policy_doc.empty() && infile.empty()) {
         cerr << "permission policy document is empty" << std::endl;
         return -EINVAL;
       }
 
-      bufferlist bl = bufferlist::static_from_string(perm_policy_doc);
+      bufferlist bl;
+      if (!infile.empty()) {
+        int ret = read_input(infile, bl);
+        if (ret < 0) {
+          cerr << "ERROR: failed to read input policy document: " << cpp_strerror(-ret) << std::endl;
+          return -ret;
+        }
+        perm_policy_doc = bl.to_str();
+      } else {
+        bl = bufferlist::static_from_string(perm_policy_doc);
+      }
       try {
         const rgw::IAM::Policy p(g_ceph_context, tenant, bl);
       } catch (rgw::IAM::PolicyParseException& e) {