From: Adam C. Emerson <aemerson@redhat.com>
Date: Thu, 16 Oct 2025 20:07:17 +0000 (-0400)
Subject: rgw/policy: Add missing strings for actions
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=aedc350b80fe3bcd1009bde6b69eb2b1048f4e1b;p=ceph-ci.git

rgw/policy: Add missing strings for actions

Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
---

diff --git a/src/rgw/rgw_iam_policy.cc b/src/rgw/rgw_iam_policy.cc
index ecd704da78e..c6d5c38ac32 100644
--- a/src/rgw/rgw_iam_policy.cc
+++ b/src/rgw/rgw_iam_policy.cc
@@ -1288,7 +1288,7 @@ Effect Statement::eval_conditions(const Environment& e) const {
   return Effect::Deny;
 }
 
-const char* action_bit_string(uint64_t action) {
+const char* action_bit_string(action_t action) {
   switch (action) {
   case s3GetObject:
     return "s3:GetObject";
@@ -1416,8 +1416,8 @@ const char* action_bit_string(uint64_t action) {
   case s3PutBucketLogging:
     return "s3:PutBucketLogging";
 
-    case s3PostBucketLogging:
-      return "s3:PostBucketLogging";
+  case s3PostBucketLogging:
+    return "s3:PostBucketLogging";
 
   case s3GetBucketTagging:
     return "s3:GetBucketTagging";
@@ -1488,6 +1488,27 @@ const char* action_bit_string(uint64_t action) {
   case s3BypassGovernanceRetention:
     return "s3:BypassGovernanceRetention";
 
+  case s3GetBucketPolicyStatus:
+    return "s3:GetBucketPolicyStatus";
+
+  case s3PutPublicAccessBlock:
+    return "s3:PutPublicAccessBlock";
+
+  case s3GetPublicAccessBlock:
+    return "s3:GetPublicAccessBlock";
+
+  case s3DeletePublicAccessBlock:
+    return "s3:DeletePublicAccessBlock";
+
+  case s3PutBucketPublicAccessBlock:
+    return "s3:PutBucketPublicAccessBlock";
+
+  case s3GetBucketPublicAccessBlock:
+    return "s3:GetBucketPublicAccessBlock";
+
+  case s3DeleteBucketPublicAccessBlock:
+    return "s3:DeleteBucketPublicAccessBlock";
+
   case s3GetObjectAttributes:
     return "s3:GetObjectAttributes";
 
@@ -1751,6 +1772,15 @@ const char* action_bit_string(uint64_t action) {
 
   case organizationsListTargetsForPolicy:
     return "organizations:ListTargetsForPolicy";
+
+  case s3All:
+  case s3objectlambdaAll:
+  case iamAll:
+  case stsAll:
+  case snsAll:
+  case organizationsAll:
+  case allCount:
+    return "s3Invalid";
   }
   return "s3Invalid";
 }
@@ -1759,14 +1789,14 @@ namespace {
 ostream& print_actions(ostream& m, const Action_t a) {
   bool begun = false;
   m << "[ ";
-  for (auto i = 0U; i < allCount; ++i) {
+  for (std::underlying_type_t<action_t> i = 0; i < allCount; ++i) {
     if (a[i] == 1) {
       if (begun) {
         m << ", ";
       } else {
         begun = true;
       }
-      m << action_bit_string(i);
+      m << action_bit_string(action_t(i));
     }
   }
   if (begun) {
diff --git a/src/rgw/rgw_iam_policy.h b/src/rgw/rgw_iam_policy.h
index b202052ce92..72f29dd4acd 100644
--- a/src/rgw/rgw_iam_policy.h
+++ b/src/rgw/rgw_iam_policy.h
@@ -40,7 +40,7 @@ class Identity;
 namespace rgw {
 namespace IAM {
 
-enum {
+enum action_t {
   s3GetObject,
   s3GetObjectVersion,
   s3PutObject,
@@ -337,7 +337,7 @@ inline int op_to_perm(std::uint64_t op) {
 }
 }
 
-const char* action_bit_string(uint64_t action);
+const char* action_bit_string(action_t action);
 
 enum class PolicyPrincipal {
   Role,
diff --git a/src/rgw/rgw_op.h b/src/rgw/rgw_op.h
index 4408bbb2e86..c9e19c50b38 100644
--- a/src/rgw/rgw_op.h
+++ b/src/rgw/rgw_op.h
@@ -448,7 +448,7 @@ protected:
   bool first_data;
   uint64_t cur_ofs;
   bufferlist waiting;
-  uint64_t action = 0;
+  rgw::IAM::action_t action{};
 
   bool get_retention;
   bool get_legal_hold;