rgw/iam: add s3:Get/PutBucketOwnershipControls

author Casey Bodley <cbodley@redhat.com>

Fri, 26 Jan 2024 03:04:32 +0000 (22:04 -0500)

committer Casey Bodley <cbodley@redhat.com>

Wed, 10 Apr 2024 17:09:15 +0000 (13:09 -0400)
author Casey Bodley <cbodley@redhat.com>
Fri, 26 Jan 2024 03:04:32 +0000 (22:04 -0500)
committer Casey Bodley <cbodley@redhat.com>
Wed, 10 Apr 2024 17:09:15 +0000 (13:09 -0400)
diff --git a/src/rgw/rgw_iam_policy.cc b/src/rgw/rgw_iam_policy.cc

index bfd6d60eb1ade2f1be994a1abd39c59e8193fcfd..ba8507e501742f015f1a24c6b2ec8993983e6678 100644 (file)
--- a/src/rgw/rgw_iam_policy.cc
+++ b/src/rgw/rgw_iam_policy.cc
@@ -81,6 +81,7 @@ static const actpair actpairs[] =
   { "s3:GetBucketLocation", s3GetBucketLocation },
   { "s3:GetBucketLogging", s3GetBucketLogging },
   { "s3:GetBucketNotification", s3GetBucketNotification },
+ { "s3:GetBucketOwnershipControls", s3GetBucketOwnershipControls },
   { "s3:GetBucketPolicy", s3GetBucketPolicy },
   { "s3:GetBucketPolicyStatus", s3GetBucketPolicyStatus },
   { "s3:GetBucketPublicAccessBlock", s3GetBucketPublicAccessBlock },
@@ -113,6 +114,7 @@ static const actpair actpairs[] =
   { "s3:PutBucketEncryption", s3PutBucketEncryption },
   { "s3:PutBucketLogging", s3PutBucketLogging },
   { "s3:PutBucketNotification", s3PutBucketNotification },
+ { "s3:PutBucketOwnershipControls", s3PutBucketOwnershipControls },
   { "s3:PutBucketPolicy", s3PutBucketPolicy },
   { "s3:PutBucketRequestPayment", s3PutBucketRequestPayment },
   { "s3:PutBucketTagging", s3PutBucketTagging },
@@ -1290,6 +1292,12 @@ const char* action_bit_string(uint64_t action) {
    case s3PutBucketAcl:
      return "s3:PutBucketAcl";
  
+  case s3GetBucketOwnershipControls:
+    return "s3:GetBucketOwnershipControls";
+
+  case s3PutBucketOwnershipControls:
+    return "s3:PutBucketOwnershipControls";
+
    case s3GetBucketCORS:
      return "s3:GetBucketCORS";
  
diff --git a/src/rgw/rgw_iam_policy.h b/src/rgw/rgw_iam_policy.h

index 232896a97f44b4afd0ec6f20bbc3cc228fa39e38..35d5a5698c5611b70ad6d01c1e8b5c5276f7b7ef 100644 (file)
--- a/src/rgw/rgw_iam_policy.h
+++ b/src/rgw/rgw_iam_policy.h
@@ -65,6 +65,8 @@ enum {
    s3PutAccelerateConfiguration,
    s3GetBucketAcl,
    s3PutBucketAcl,
+  s3GetBucketOwnershipControls,
+  s3PutBucketOwnershipControls,
    s3GetBucketCORS,
    s3PutBucketCORS,
    s3GetBucketVersioning,
diff --git a/src/test/rgw/test_rgw_iam_policy.cc b/src/test/rgw/test_rgw_iam_policy.cc

index 1f03920407b602b69375b79dc270baa41d77acc7..156b341ca70d34becf9ce43ab39e386ae1107afa 100644 (file)
--- a/src/test/rgw/test_rgw_iam_policy.cc
+++ b/src/test/rgw/test_rgw_iam_policy.cc
@@ -51,6 +51,7 @@ using rgw::IAM::s3All;
  using rgw::IAM::s3All;
  using rgw::IAM::s3GetAccelerateConfiguration;
  using rgw::IAM::s3GetBucketAcl;
+using rgw::IAM::s3GetBucketOwnershipControls;
  using rgw::IAM::s3GetBucketCORS;
  using rgw::IAM::s3GetBucketLocation;
  using rgw::IAM::s3GetBucketLogging;
@@ -379,6 +380,7 @@ TEST_F(PolicyTest, Parse3) {
    act2[s3GetObjectVersionTorrent] = 1;
    act2[s3GetAccelerateConfiguration] = 1;
    act2[s3GetBucketAcl] = 1;
+  act2[s3GetBucketOwnershipControls] = 1;
    act2[s3GetBucketCORS] = 1;
    act2[s3GetBucketVersioning] = 1;
    act2[s3GetBucketRequestPayment] = 1;
@@ -449,6 +451,7 @@ TEST_F(PolicyTest, Eval3) {
    s3allow[s3GetObjectVersionTorrent] = 1;
    s3allow[s3GetAccelerateConfiguration] = 1;
    s3allow[s3GetBucketAcl] = 1;
+  s3allow[s3GetBucketOwnershipControls] = 1;
    s3allow[s3GetBucketCORS] = 1;
    s3allow[s3GetBucketVersioning] = 1;
    s3allow[s3GetBucketRequestPayment] = 1;
author	Casey Bodley <cbodley@redhat.com>
	Fri, 26 Jan 2024 03:04:32 +0000 (22:04 -0500)
committer	Casey Bodley <cbodley@redhat.com>
	Wed, 10 Apr 2024 17:09:15 +0000 (13:09 -0400)
src/rgw/rgw_iam_policy.cc		patch \| blob \| history
src/rgw/rgw_iam_policy.h		patch \| blob \| history
src/test/rgw/test_rgw_iam_policy.cc		patch \| blob \| history