From: Oguzhan Ozmen <oozmen@bloomberg.net>
Date: Sat, 7 Oct 2023 01:53:23 +0000 (-0400)
Subject: RGW/Roles: honor "--max-session-duration" option when CREATING a role
X-Git-Tag: v19.0.0~154^2~1
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=08dffc23921fe1be98bce72d16d8bcc73e5e6b63;p=ceph.git

RGW/Roles: honor "--max-session-duration" option when CREATING a role

Currently, this option is not honored and the default (3600s) is used
regardless of whether this option is provided when creating a role:

$ radosgw-admin role create  --role-name=myrole --max-session-duration=43200 ...
$ radosgw-admin role get --role-name=myrole | jq '.MaxSessionDuration'
3600

With this commit, the value given by the --max-session-duration is
considered when creating the role. This would reduce the need for
updating the role's max-session-duration using a separate "role update"
radosgw-admin command call after the role is created:

$ radosgw-admin role create  --role-name=myrole --max-session-duration=43200 ...
$ radosgw-admin role get --role-name=myrole | jq '.MaxSessionDuration'
43200

Signed-off-by: Oguzhan Ozmen <oozmen@bloomberg.net>
---

diff --git a/src/rgw/rgw_admin.cc b/src/rgw/rgw_admin.cc
index 25955a52213c..4b4b5977aa6c 100644
--- a/src/rgw/rgw_admin.cc
+++ b/src/rgw/rgw_admin.cc
@@ -6712,7 +6712,8 @@ int main(int argc, const char **argv)
         cerr << "failed to parse policy: " << e.what() << std::endl;
         return -EINVAL;
       }
-      std::unique_ptr<rgw::sal::RGWRole> role = driver->get_role(role_name, tenant, path, assume_role_doc);
+      std::unique_ptr<rgw::sal::RGWRole> role = driver->get_role(role_name, tenant, path,
+                                                                 assume_role_doc, max_session_duration);
       ret = role->create(dpp(), true, "", null_yield);
       if (ret < 0) {
         return -ret;