From: Pritha Srivastava <prsrivas@redhat.com>
Date: Thu, 28 Jun 2018 05:55:21 +0000 (+0530)
Subject: rgw: Corrected code for ARNs for entities that have a path.
X-Git-Tag: v14.0.1~335^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=b4ca4f3d256cfe4894ef5505652b6c3bdff1a942;p=ceph-ci.git

rgw: Corrected code for ARNs for entities that have a path.

Signed-off-by: Pritha Srivastava <prsrivas@redhat.com>
---

diff --git a/src/rgw/rgw_iam_policy.cc b/src/rgw/rgw_iam_policy.cc
index ada2c1f969f..8641d110917 100644
--- a/src/rgw/rgw_iam_policy.cc
+++ b/src/rgw/rgw_iam_policy.cc
@@ -208,13 +208,14 @@ ARN::ARN(const rgw_bucket& b, const string& o)
   resource.append(o);
 }
 
-ARN::ARN(const string& resource_name, const string& type, const string& tenant)
+ARN::ARN(const string& resource_name, const string& type, const string& tenant, bool has_path)
   : partition(Partition::aws),
     service(Service::iam),
     region(),
     account(tenant),
     resource(type) {
-  resource.push_back('/');
+  if (! has_path)
+    resource.push_back('/');
   resource.append(resource_name);
 }
 
diff --git a/src/rgw/rgw_iam_policy.h b/src/rgw/rgw_iam_policy.h
index 38e2726a234..b7fe5599635 100644
--- a/src/rgw/rgw_iam_policy.h
+++ b/src/rgw/rgw_iam_policy.h
@@ -242,7 +242,7 @@ struct ARN {
   ARN(const rgw_obj& o);
   ARN(const rgw_bucket& b);
   ARN(const rgw_bucket& b, const std::string& o);
-  ARN(const string& resource_name, const string& type, const string& tenant);
+  ARN(const string& resource_name, const string& type, const string& tenant, bool has_path=false);
 
   static boost::optional<ARN> parse(const std::string& s,
 				    bool wildcard = false);
diff --git a/src/rgw/rgw_rest_role.cc b/src/rgw/rgw_rest_role.cc
index 6867e0a0f65..4b11af695a4 100644
--- a/src/rgw/rgw_rest_role.cc
+++ b/src/rgw/rgw_rest_role.cc
@@ -42,7 +42,7 @@ int RGWRestRole::verify_permission()
   if (!verify_user_permission(s,
                               rgw::IAM::ARN(resource_name,
                                             "role",
-                                             s->user->user_id.tenant),
+                                             s->user->user_id.tenant, true),
                                              op)) {
     return -EACCES;
   }
@@ -88,7 +88,7 @@ int RGWCreateRole::verify_permission()
   if (!verify_user_permission(s,
                               rgw::IAM::ARN(resource_name,
                                             "role",
-                                             s->user->user_id.tenant),
+                                             s->user->user_id.tenant, true),
                                              get_op())) {
     return -EACCES;
   }
@@ -179,7 +179,7 @@ int RGWGetRole::_verify_permission(const RGWRole& role)
   if (!verify_user_permission(s,
                               rgw::IAM::ARN(resource_name,
                                             "role",
-                                             s->user->user_id.tenant),
+                                             s->user->user_id.tenant, true),
                                              get_op())) {
     return -EACCES;
   }