From: Casey Bodley Date: Tue, 12 Mar 2024 23:08:50 +0000 (-0400) Subject: rgw/pubsub: notifications can refer to topics in other accounts/tenants X-Git-Tag: v19.1.0~99^2~20 X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=7daaef36f8529dbb58c97dc26f9b1f1d03ed7966;p=ceph.git rgw/pubsub: notifications can refer to topics in other accounts/tenants accounts can use topic policy to grant sns:Publish permissions to other accounts. the PutBucketNotification op should expect TopicArns from other accounts. the account name from each TopicArn should be used as the 'tenant' argument for RGWPubSub's constructor so we look for the topic in the right namespace Signed-off-by: Casey Bodley (cherry picked from commit a72975821fe36b411982346254a33771f97abb26) --- diff --git a/src/rgw/rgw_rest_pubsub.cc b/src/rgw/rgw_rest_pubsub.cc index b7926e9f7f33e..eeba1a060ae51 100644 --- a/src/rgw/rgw_rest_pubsub.cc +++ b/src/rgw/rgw_rest_pubsub.cc @@ -1140,7 +1140,6 @@ int RGWPSCreateNotifOp::init_processing(optional_yield y) return ret; } - const RGWPubSub ps(driver, get_account_or_tenant(s->owner.id), *s->penv.site); for (const auto& c : configurations.list) { const auto& notif_name = c.id; @@ -1171,6 +1170,7 @@ int RGWPSCreateNotifOp::init_processing(optional_yield y) std::forward_as_tuple()); if (insert.second) { rgw_pubsub_topic& topic_info = insert.first->second; + const RGWPubSub ps(driver, arn->account, *s->penv.site); ret = ps.get_topic(this, topic_name, topic_info, y, nullptr); if (ret < 0) { ldpp_dout(this, 4) << "failed to get topic '" << topic_name << "', ret=" << ret << dendl; @@ -1298,7 +1298,6 @@ void RGWPSCreateNotifOp::execute_v2(optional_yield y) { << s->bucket << ", ret = " << op_ret << dendl; return; } - const RGWPubSub ps(driver, get_account_or_tenant(s->owner.id), *s->penv.site); for (const auto& c : configurations.list) { const auto& notif_name = c.id;