From: Seena Fallah Date: Fri, 18 Apr 2025 14:42:24 +0000 (+0200) Subject: rgw: override perms for admin on data sync X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=97b4b608fba21bf2bac69ebcffca114484049680;p=ceph.git rgw: override perms for admin on data sync If pipe is in user mode and the user is admin, don't check for perms and let it go. Signed-off-by: Seena Fallah --- diff --git a/src/rgw/driver/rados/rgw_data_sync.cc b/src/rgw/driver/rados/rgw_data_sync.cc index fcba65987af09..b607f8c0fe6ff 100644 --- a/src/rgw/driver/rados/rgw_data_sync.cc +++ b/src/rgw/driver/rados/rgw_data_sync.cc @@ -2703,6 +2703,11 @@ int RGWUserPermHandler::Bucket::init(RGWUserPermHandler *handler, bool RGWUserPermHandler::Bucket::verify_bucket_permission(const rgw_obj_key& obj_key, const uint64_t op) const { + if (ps->identity->is_admin()) { + ldpp_dout(dpp, 4) << "admin user, no need to check permissions" << dendl; + return true; + } + const rgw_obj obj(ps->bucket_info.bucket, obj_key); const auto arn = rgw::ARN(obj); @@ -2734,6 +2739,11 @@ bool RGWUserPermHandler::Bucket::verify_bucket_permission(const rgw_obj_key& obj rgw::IAM::Effect RGWUserPermHandler::Bucket::evaluate_iam_policies(const rgw_obj_key& obj_key, const uint64_t op) const { + if (ps->identity->is_admin()) { + ldpp_dout(dpp, 4) << "admin user, no need to check permissions" << dendl; + return rgw::IAM::Effect::Allow; + } + const rgw_obj obj(ps->bucket_info.bucket, obj_key); const auto arn = rgw::ARN(obj); const bool account_root = (ps->identity->get_identity_type() == TYPE_ROOT); diff --git a/src/rgw/rgw_auth.cc b/src/rgw/rgw_auth.cc index 294256bfe67f4..80dfe9c5be642 100644 --- a/src/rgw/rgw_auth.cc +++ b/src/rgw/rgw_auth.cc @@ -216,7 +216,7 @@ static auto transform_old_authinfo(const RGWUserInfo& user, id(user.user_id), display_name(user.display_name), path(user.path), - user_is_admin(user.admin), + user_is_admin(user.admin || user.system), type(user.type), account(std::move(account)), policies(std::move(policies))