From: Seena Fallah <seenafallah@gmail.com>
Date: Fri, 19 Jul 2024 17:34:25 +0000 (+0200)
Subject: rgw: donot check for NotPrincipal in IsPublicStatement
X-Git-Tag: v20.0.0~1422^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=019aaa4d101db6b749140eaa5e62f997c57b0d81;p=ceph.git

rgw: donot check for NotPrincipal in IsPublicStatement

As NotPrincipal cannot be used with Effect Allow there is no need to
check for that.
Also before this change, policies without `NotPrincipal` were identified
as a public as std::none_of() returns true on empty flats and the check
was not considering the fact that the policy might have pricipals. but
due to the missing concept from AWS about how to deal with Principal and
NotPrincipal on Allow Effect we can just remove it.

Signed-off-by: Seena Fallah <seenafallah@gmail.com>
---

diff --git a/src/rgw/rgw_iam_policy.cc b/src/rgw/rgw_iam_policy.cc
index 94d7d1bf29c5..1901c6f87cbd 100644
--- a/src/rgw/rgw_iam_policy.cc
+++ b/src/rgw/rgw_iam_policy.cc
@@ -1893,14 +1893,10 @@ struct IsPublicStatement
   bool operator() (const Statement &s) const {
     if (s.effect == Effect::Allow) {
       for (const auto& p : s.princ) {
-	if (p.is_wildcard()) {
-	  return s.eval_conditions(iam_all_env) == Effect::Allow;
-	}
+        if (p.is_wildcard()) {
+          return s.eval_conditions(iam_all_env) == Effect::Allow;
+        }
       }
-      // no princ should not contain fixed values
-      return std::none_of(s.noprinc.begin(), s.noprinc.end(), [](const rgw::auth::Principal& p) {
-								return p.is_wildcard();
-							      });
     }
     return false;
   }