rgw: Policy code for STS.

Signed-off-by: Pritha Srivastava <prsrivas@redhat.com>

diff --git a/src/rgw/rgw_iam_policy.cc b/src/rgw/rgw_iam_policy.cc
index 593d018f70ceb96409dde1abb0eacd75b18fd08f..4c316f47642812d0d451b2cd147299324531cd63 100644 (file)
--- a/src/rgw/rgw_iam_policy.cc
+++ b/src/rgw/rgw_iam_policy.cc
@@ -847,6 +847,12 @@ bool ParseState::do_string(CephContext* cct, const char* s, size_t l) {
         if ((t->notaction & iamAllValue) == iamAllValue) {
           t->notaction[iamAll] = 1;
         }
+        if ((t->action & stsAllValue) == stsAllValue) {
+          t->action[stsAll] = 1;
+        }
+        if ((t->notaction & stsAllValue) == stsAllValue) {
+          t->notaction[stsAll] = 1;
+        }
       }
     }
   } else if (w->id == TokenID::Resource || w->id == TokenID::NotResource) {

diff --git a/src/rgw/rgw_iam_policy.h b/src/rgw/rgw_iam_policy.h
index 6c032c2a5d65563a8fb9c2b14e9db5cfac07cd5c..f15d215a8a492e51c8ae4b25592a503ed89bc349 100644 (file)
--- a/src/rgw/rgw_iam_policy.h
+++ b/src/rgw/rgw_iam_policy.h
@@ -112,9 +112,11 @@ static constexpr std::uint64_t iamGetRolePolicy = 65;
 static constexpr std::uint64_t iamListRolePolicies = 66;
 static constexpr std::uint64_t iamDeleteRolePolicy = 67;
 static constexpr std::uint64_t iamAll = 68;
+static constexpr std::uint64_t stsAssumeRole = 69;
+static constexpr std::uint64_t stsAll = 70;
 
 static constexpr std::uint64_t s3Count = s3DeleteObjectVersionTagging + 1;
-static constexpr std::uint64_t allCount = iamAll + 1;
+static constexpr std::uint64_t allCount = stsAll + 1;
 
 using Action_t = bitset<allCount>;
 using NotAction_t = Action_t;
@@ -122,10 +124,9 @@ using NotAction_t = Action_t;
 static const Action_t None(0);
 static const Action_t s3AllValue("111111111111111111111111111111111111111111111111111111");
 static const Action_t iamAllValue("11111111111110000000000000000000000000000000000000000000000000000000");
+static const Action_t stsAllValue("1000000000000000000000000000000000000000000000000000000000000000000000");
 //Modify allValue if more Actions are added
-static const Action_t allValue("111111111111111111111111111111111111111111111111111111111111111111111");
-
-static constexpr std::uint64_t stsAssumeRole = 1ULL << 55;
+static const Action_t allValue("11111111111111111111111111111111111111111111111111111111111111111111111");
 
 namespace {
 inline int op_to_perm(std::uint64_t op) {

diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc
index e80cc3ff17cf2dea996f343ff2bf0d020bf9092c..5c0b77b3dd78d381ced79fa17b321b6d33dd55c5 100644 (file)
--- a/src/rgw/rgw_rest_s3.cc
+++ b/src/rgw/rgw_rest_s3.cc
@@ -46,7 +46,6 @@
 #include "rgw_crypt_sanitize.h"
 #include "rgw_rest_user_policy.h"
 #include "include/ceph_assert.h"
-#include "include/assert.h"
 #include "rgw_role.h"
 #include "rgw_rest_sts.h"
 #include "rgw_sts.h"

diff --git a/src/rgw/rgw_rest_sts.cc b/src/rgw/rgw_rest_sts.cc
index 339f11bf1a3d7847a243b1439b035f94c118bc62..cadfe7b33ece94ce5900f0bc69d2286dfd0fb966 100644 (file)
--- a/src/rgw/rgw_rest_sts.cc
+++ b/src/rgw/rgw_rest_sts.cc
@@ -4,7 +4,6 @@
 #include <boost/utility/in_place_factory.hpp>
 #include <boost/tokenizer.hpp>
 
-#include "include/assert.h"
 #include "ceph_ver.h"
 
 #include "common/Formatter.h"

diff --git a/src/test/rgw/test_rgw_iam_policy.cc b/src/test/rgw/test_rgw_iam_policy.cc
index 9b3db3f43cdee8676ae8321b0e73e8ec37d2f6c5..64946b33ada627a25a927ddcdcc3e7ba6f07d367 100644 (file)
--- a/src/test/rgw/test_rgw_iam_policy.cc
+++ b/src/test/rgw/test_rgw_iam_policy.cc
@@ -84,6 +84,7 @@ using rgw::IAM::NotAction_t;
 using rgw::IAM::iamCreateRole;
 using rgw::IAM::iamDeleteRole;
 using rgw::IAM::iamAll;
+using rgw::IAM::stsAll;
 
 class FakeIdentity : public Identity {
   const Principal id;
@@ -615,7 +616,7 @@ TEST_F(PolicyTest, Parse6) {
   EXPECT_TRUE(p->statements[0].noprinc.empty());
   EXPECT_EQ(p->statements[0].effect, Effect::Allow);
   Action_t act;
-  for (auto i = 0U; i <= iamAll; i++)
+  for (auto i = 0U; i <= stsAll; i++)
     act[i] = 1;
   EXPECT_EQ(p->statements[0].action, act);
   EXPECT_EQ(p->statements[0].notaction, None);