From: Casey Bodley Date: Sat, 9 Mar 2024 16:05:10 +0000 (-0500) Subject: rgw/auth: rgw_common.h exposes evaluate_iam_policies() X-Git-Tag: v19.1.0~99^2~25 X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=28f59380d1baa3f8bcf094a00db789d3d7c0e981;p=ceph.git rgw/auth: rgw_common.h exposes evaluate_iam_policies() Signed-off-by: Casey Bodley (cherry picked from commit 851161166be710ed7dd85c04e6378dcabb4ef92f) --- diff --git a/src/rgw/rgw_common.cc b/src/rgw/rgw_common.cc index 7786056199aee..6e20c2b145c02 100644 --- a/src/rgw/rgw_common.cc +++ b/src/rgw/rgw_common.cc @@ -1150,6 +1150,8 @@ Effect eval_identity_or_session_policies(const DoutPrefixProvider* dpp, return policy_res; } +} // anonymous namespace + // determine whether a request is allowed or denied within an account Effect evaluate_iam_policies( const DoutPrefixProvider* dpp, @@ -1231,8 +1233,6 @@ Effect evaluate_iam_policies( return Effect::Pass; } -} // anonymous namespace - bool verify_user_permission(const DoutPrefixProvider* dpp, perm_state_base * const s, const RGWAccessControlPolicy& user_acl, diff --git a/src/rgw/rgw_common.h b/src/rgw/rgw_common.h index 6b3e350bae02e..296e808e0bac8 100644 --- a/src/rgw/rgw_common.h +++ b/src/rgw/rgw_common.h @@ -1761,6 +1761,16 @@ bool verify_object_permission_no_policy(const DoutPrefixProvider* dpp, const RGWAccessControlPolicy& object_acl, const int perm); +// determine whether a request is allowed or denied within an account +rgw::IAM::Effect evaluate_iam_policies( + const DoutPrefixProvider* dpp, + const rgw::IAM::Environment& env, + const rgw::auth::Identity& identity, + bool account_root, uint64_t op, const rgw::ARN& arn, + const boost::optional& resource_policy, + const std::vector& identity_policies, + const std::vector& session_policies); + bool verify_user_permission(const DoutPrefixProvider* dpp, req_state * const s, const RGWAccessControlPolicy& user_acl,