From: wzbxqt <wangzhong@cmss.chinamobile.com>
Date: Fri, 6 Aug 2021 15:09:05 +0000 (+0800)
Subject: rgw,doc: fix command problem
X-Git-Tag: v17.1.0~588^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=7a3198ef6052676fa98bc2d7dd2805ca056007b9;p=ceph-ci.git

rgw,doc: fix command problem

Signed-off-by: wangzhong <wangzhong@cmss.chinamobile.com>
---

diff --git a/doc/radosgw/STS.rst b/doc/radosgw/STS.rst
index d843ea5d37c..6cfb28dd4f1 100644
--- a/doc/radosgw/STS.rst
+++ b/doc/radosgw/STS.rst
@@ -67,7 +67,7 @@ The trust between the IDP and the role is created by adding a Condition to the r
 allows access only to applications with the app id given in the trust policy document. The Condition
 is of the form::
 
-    "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Federated\":[\"arn:aws:iam:::oidc-provider/<URL of IDP>\"]},\"Action\":[\"sts:AssumeRoleWithWebIdentity\"],\"Condition\":{\"StringEquals\":{\"<URL of IDP> :app_id\":\"<aud>\"\}\}\}\]\}"
+    '''{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"Federated":["arn:aws:iam:::oidc-provider/<URL of IDP>"]},"Action":["sts:AssumeRoleWithWebIdentity"],"Condition":{"StringEquals":{"<URL of IDP> :app_id":"<aud>"}}}]}'''
 
 The app_id in the condition above must match the 'aud' field of the incoming token.
 
@@ -106,7 +106,7 @@ according to the permission policy attached to the role.
     region_name=''
     )
 
-    policy_document = "{\"Version\":\"2012-10-17\",\"Statement\":{\"Effect\":\"Allow\",\"Principal\":{\"AWS\":[\"arn:aws:iam:::user/TESTER1\"]},\"Action\":[\"sts:AssumeRole\"]}]}"
+    policy_document = '''{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"AWS":["arn:aws:iam:::user/TESTER1"]},"Action":["sts:AssumeRole"]}]}'''
 
     role_response = iam_client.create_role(
     AssumeRolePolicyDocument=policy_document,
@@ -114,7 +114,7 @@ according to the permission policy attached to the role.
     RoleName='S3Access',
     )
 
-    role_policy = "{\"Version\":\"2012-10-17\",\"Statement\":{\"Effect\":\"Allow\",\"Action\":\"s3:*\",\"Resource\":\"arn:aws:s3:::*\"}}"
+    role_policy = '''{"Version":"2012-10-17","Statement":{"Effect":"Allow","Action":"s3:*","Resource":"arn:aws:s3:::*"}}'''
 
     response = iam_client.put_role_policy(
     RoleName='S3Access',
@@ -171,14 +171,14 @@ according to permission policy of the role.
      ]
     )
 
-    policy_document = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Federated\":[\"arn:aws:iam:::oidc-provider/localhost:8080/auth/realms/demo\"]},\"Action\":[\"sts:AssumeRoleWithWebIdentity\"],\"Condition\":{\"StringEquals\":{\"localhost:8080/auth/realms/demo:app_id\":\"customer-portal\"}}}]}"
+    policy_document = '''{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"Federated":["arn:aws:iam:::oidc-provider/localhost:8080/auth/realms/demo"]},"Action":["sts:AssumeRoleWithWebIdentity"],"Condition":{"StringEquals":{"localhost:8080/auth/realms/demo:app_id":"customer-portal"}}}]}'''
     role_response = iam_client.create_role(
     AssumeRolePolicyDocument=policy_document,
     Path='/',
     RoleName='S3Access',
     )
 
-    role_policy = "{\"Version\":\"2012-10-17\",\"Statement\":{\"Effect\":\"Allow\",\"Action\":\"s3:*\",\"Resource\":\"arn:aws:s3:::*\"}}"
+    role_policy = '''{"Version":"2012-10-17","Statement":{"Effect":"Allow","Action":"s3:*","Resource":"arn:aws:s3:::*"}}'''
 
     response = iam_client.put_role_policy(
         RoleName='S3Access',
diff --git a/doc/radosgw/role.rst b/doc/radosgw/role.rst
index a774624315a..2954fd0022a 100644
--- a/doc/radosgw/role.rst
+++ b/doc/radosgw/role.rst
@@ -53,7 +53,7 @@ Delete a Role
 
 To delete a role, execute the following::
 
-	radosgw-admin role rm --role-name={role-name}
+	radosgw-admin role delete --role-name={role-name}
 
 Request Parameters
 ~~~~~~~~~~~~~~~~~~
@@ -65,7 +65,7 @@ Request Parameters
 
 For example:: 	
 	
-  radosgw-admin role rm --role-name=S3Access1
+  radosgw-admin role delete --role-name=S3Access1
 
 Note: A role can be deleted only when it doesn't have any permission policy attached to it.
 
@@ -267,7 +267,7 @@ Delete Policy attached to a Role
 
 To delete permission policy attached to a role, execute the following::
 
-	radosgw-admin role policy rm --role-name={role-name} --policy-name={policy-name}
+	radosgw-admin role policy delete --role-name={role-name} --policy-name={policy-name}
 
 Request Parameters
 ~~~~~~~~~~~~~~~~~~
@@ -284,7 +284,7 @@ Request Parameters
 
 For example::
 
-  radosgw-admin role-policy get --role-name=S3Access1 --policy-name=Policy1
+  radosgw-admin role-policy delete --role-name=S3Access1 --policy-name=Policy1
 
 
 REST APIs for Manipulating a Role
diff --git a/src/rgw/rgw_admin.cc b/src/rgw/rgw_admin.cc
index b202e9d9c31..b246aa3e454 100644
--- a/src/rgw/rgw_admin.cc
+++ b/src/rgw/rgw_admin.cc
@@ -250,14 +250,14 @@ void usage()
   cout << "  orphans list-jobs          deprecated -- list the current job-ids for orphans search\n";
   cout << "                           * the three 'orphans' sub-commands are now deprecated; consider using the `rgw-orphan-list` tool\n";
   cout << "  role create                create a AWS role for use with STS\n";
-  cout << "  role rm                    remove a role\n";
+  cout << "  role delete                remove a role\n";
   cout << "  role get                   get a role\n";
   cout << "  role list                  list roles with specified path prefix\n";
   cout << "  role modify                modify the assume role policy of an existing role\n";
   cout << "  role-policy put            add/update permission policy to role\n";
   cout << "  role-policy list           list policies attached to a role\n";
   cout << "  role-policy get            get the specified inline policy document embedded with the given role\n";
-  cout << "  role-policy rm             remove policy attached to a role\n";
+  cout << "  role-policy delete         remove policy attached to a role\n";
   cout << "  reshard add                schedule a resharding of a bucket\n";
   cout << "  reshard list               list all bucket resharding or scheduled to be resharded\n";
   cout << "  reshard status             read bucket resharding status\n";
diff --git a/src/test/cli/radosgw-admin/help.t b/src/test/cli/radosgw-admin/help.t
index c63c63cb55e..e4afb655db5 100644
--- a/src/test/cli/radosgw-admin/help.t
+++ b/src/test/cli/radosgw-admin/help.t
@@ -144,14 +144,14 @@
     orphans list-jobs          deprecated -- list the current job-ids for orphans search
                              * the three 'orphans' sub-commands are now deprecated; consider using the `rgw-orphan-list` tool
     role create                create a AWS role for use with STS
-    role rm                    remove a role
+    role delete                remove a role
     role get                   get a role
     role list                  list roles with specified path prefix
     role modify                modify the assume role policy of an existing role
     role-policy put            add/update permission policy to role
     role-policy list           list policies attached to a role
     role-policy get            get the specified inline policy document embedded with the given role
-    role-policy rm             remove policy attached to a role
+    role-policy delete         remove policy attached to a role
     reshard add                schedule a resharding of a bucket
     reshard list               list all bucket resharding or scheduled to be resharded
     reshard status             read bucket resharding status