From: Seena Fallah Date: Wed, 14 Oct 2020 07:13:15 +0000 (+0330) Subject: rgw: add infile arg to role-policy put X-Git-Tag: v18.0.0~1474^2 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=b8d7d356120dc3698def0b88deb5616448cfd3c0;p=ceph-ci.git rgw: add infile arg to role-policy put Allow passing policy-doc with infile arg Signed-off-by: Seena Fallah --- diff --git a/doc/radosgw/role.rst b/doc/radosgw/role.rst index 4511e2fe133..66ef0ac9c1f 100644 --- a/doc/radosgw/role.rst +++ b/doc/radosgw/role.rst @@ -203,6 +203,10 @@ For example:: radosgw-admin role-policy put --role-name=S3Access1 --policy-name=Policy1 --policy-doc=\{\"Version\":\"2012-10-17\",\"Statement\":\[\{\"Effect\":\"Allow\",\"Action\":\[\"s3:*\"\],\"Resource\":\"arn:aws:s3:::example_bucket\"\}\]\} +For passing ``policy-doc`` as a file:: + + radosgw-admin role-policy put --role-name=S3Access1 --policy-name=Policy1 --infile policy-document.json + In the above example, we are attaching a policy 'Policy1' to role 'S3Access1', which allows all s3 actions on 'example_bucket'. List Permission Policy Names attached to a Role diff --git a/src/rgw/rgw_admin.cc b/src/rgw/rgw_admin.cc index 9f4ef12dbff..376f4b54891 100644 --- a/src/rgw/rgw_admin.cc +++ b/src/rgw/rgw_admin.cc @@ -5834,12 +5834,22 @@ int main(int argc, const char **argv) return -EINVAL; } - if (perm_policy_doc.empty()) { + if (perm_policy_doc.empty() && infile.empty()) { cerr << "permission policy document is empty" << std::endl; return -EINVAL; } - bufferlist bl = bufferlist::static_from_string(perm_policy_doc); + bufferlist bl; + if (!infile.empty()) { + int ret = read_input(infile, bl); + if (ret < 0) { + cerr << "ERROR: failed to read input policy document: " << cpp_strerror(-ret) << std::endl; + return -ret; + } + perm_policy_doc = bl.to_str(); + } else { + bl = bufferlist::static_from_string(perm_policy_doc); + } try { const rgw::IAM::Policy p(g_ceph_context, tenant, bl); } catch (rgw::IAM::PolicyParseException& e) {