From: Seena Fallah <seenafallah@gmail.com>
Date: Sun, 9 Feb 2020 15:31:04 +0000 (+0330)
Subject: rgw: Add support bucket policy for subuser
X-Git-Tag: v14.2.10~210^2~2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=620e7b4e5c7abb3897376d0212bde9d71304ee7c;p=ceph.git

rgw: Add support bucket policy for subuser

Signed-off-by: Seena Fallah <seenafallah@gmail.com>
(cherry picked from commit 84b96f8d4f49fe1a82f3a8803a91b26f2a50ffd7)
---

diff --git a/.gitignore b/.gitignore
index b562aed0faf2..86375e1c32d6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -66,6 +66,8 @@ GTAGS
 
 .idea
 
+.vscode
+
 # dashboard
 /src/pybind/mgr/dashboard/frontend/src/environments/environment.ts
 /src/pybind/mgr/dashboard/frontend/src/environments/environment.prod.ts
diff --git a/doc/radosgw/bucketpolicy.rst b/doc/radosgw/bucketpolicy.rst
index 32a0e751b24b..33816a8ce49e 100644
--- a/doc/radosgw/bucketpolicy.rst
+++ b/doc/radosgw/bucketpolicy.rst
@@ -21,7 +21,7 @@ For example, one may use s3cmd to set or delete a policy thus::
     "Version": "2012-10-17",
     "Statement": [{
       "Effect": "Allow",
-      "Principal": {"AWS": ["arn:aws:iam::usfolks:user/fred"]},
+      "Principal": {"AWS": ["arn:aws:iam::usfolks:user/fred:subuser"]},
       "Action": "s3:PutObjectAcl",
       "Resource": [
         "arn:aws:s3:::happybucket/*"
diff --git a/src/rgw/rgw_auth.cc b/src/rgw/rgw_auth.cc
index 3cdc7d360af6..50a7ac575742 100644
--- a/src/rgw/rgw_auth.cc
+++ b/src/rgw/rgw_auth.cc
@@ -542,9 +542,18 @@ bool rgw::auth::LocalApplier::is_identity(const idset_t& ids) const {
 	       id.get_tenant() == user_info.user_id.tenant) {
       return true;
     } else if (id.is_user() &&
-	       (id.get_tenant() == user_info.user_id.tenant) &&
-	       (id.get_id() == user_info.user_id.id)) {
-      return true;
+	       (id.get_tenant() == user_info.user_id.tenant)) {
+      if (id.get_id() == user_info.user_id.id) {
+        return true;
+      }
+      for (auto subuser : user_info.subusers) {
+        std::string user = user_info.user_id.id;
+        user.append(":");
+        user.append(subuser.second.name);
+        if (user == id.get_id()) {
+          return true;
+        }
+      }
     }
   }
   return false;
diff --git a/src/rgw/rgw_op.cc b/src/rgw/rgw_op.cc
index 0005c9ee30db..0846937c3196 100644
--- a/src/rgw/rgw_op.cc
+++ b/src/rgw/rgw_op.cc
@@ -85,8 +85,6 @@ using rgw::ARN;
 using rgw::IAM::Effect;
 using rgw::IAM::Policy;
 
-using rgw::IAM::Policy;
-
 static string mp_ns = RGW_OBJ_NS_MULTIPART;
 static string shadow_ns = RGW_OBJ_NS_SHADOW;