From: Casey Bodley Date: Wed, 22 Jan 2020 20:53:29 +0000 (-0500) Subject: Merge pull request #30152 from theanalyst/rgw/iam-policy-bitset-fn X-Git-Tag: v15.1.0~103 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=cbcf45c1892e58337ab51cf69f23a7c3ababe4fc;p=ceph-ci.git Merge pull request #30152 from theanalyst/rgw/iam-policy-bitset-fn rgw: iam: use a function to calculate the Action Bit string Reviewed-by: Adam C. Emerson --- cbcf45c1892e58337ab51cf69f23a7c3ababe4fc diff --cc src/rgw/rgw_iam_policy.h index c80258b8d8b,cee2f05262c..dfe1a857cc9 --- a/src/rgw/rgw_iam_policy.h +++ b/src/rgw/rgw_iam_policy.h @@@ -102,37 -103,50 +102,50 @@@ static constexpr std::uint64_t s3GetObj static constexpr std::uint64_t s3BypassGovernanceRetention = 60; static constexpr std::uint64_t s3All = 61; - static constexpr std::uint64_t iamPutUserPolicy = 62; - static constexpr std::uint64_t iamGetUserPolicy = 63; - static constexpr std::uint64_t iamDeleteUserPolicy = 64; - static constexpr std::uint64_t iamListUserPolicies = 65; - static constexpr std::uint64_t iamCreateRole = 66; - static constexpr std::uint64_t iamDeleteRole = 67; - static constexpr std::uint64_t iamModifyRole = 68; - static constexpr std::uint64_t iamGetRole = 69; - static constexpr std::uint64_t iamListRoles = 70; - static constexpr std::uint64_t iamPutRolePolicy = 71; - static constexpr std::uint64_t iamGetRolePolicy = 72; - static constexpr std::uint64_t iamListRolePolicies = 73; - static constexpr std::uint64_t iamDeleteRolePolicy = 74; - static constexpr std::uint64_t iamAll = 75; - static constexpr std::uint64_t stsAssumeRole = 76; - static constexpr std::uint64_t stsAssumeRoleWithWebIdentity = 77; - static constexpr std::uint64_t stsGetSessionToken = 78; - static constexpr std::uint64_t stsAll = 79; - - static constexpr std::uint64_t s3Count = s3BypassGovernanceRetention + 1; + static constexpr std::uint64_t iamPutUserPolicy = s3All + 1; + static constexpr std::uint64_t iamGetUserPolicy = s3All + 2; + static constexpr std::uint64_t iamDeleteUserPolicy = s3All + 3; + static constexpr std::uint64_t iamListUserPolicies = s3All + 4; + static constexpr std::uint64_t iamCreateRole = s3All + 5; + static constexpr std::uint64_t iamDeleteRole = s3All + 6; + static constexpr std::uint64_t iamModifyRole = s3All + 7; + static constexpr std::uint64_t iamGetRole = s3All + 8; + static constexpr std::uint64_t iamListRoles = s3All + 9; + static constexpr std::uint64_t iamPutRolePolicy = s3All + 10; + static constexpr std::uint64_t iamGetRolePolicy = s3All + 11; + static constexpr std::uint64_t iamListRolePolicies = s3All + 12; + static constexpr std::uint64_t iamDeleteRolePolicy = s3All + 13; + static constexpr std::uint64_t iamAll = s3All + 14; + + static constexpr std::uint64_t stsAssumeRole = iamAll + 1; + static constexpr std::uint64_t stsAssumeRoleWithWebIdentity = iamAll + 2; + static constexpr std::uint64_t stsGetSessionToken = iamAll + 3; + static constexpr std::uint64_t stsAll = iamAll + 4; + + static constexpr std::uint64_t s3Count = s3All; static constexpr std::uint64_t allCount = stsAll + 1; -using Action_t = bitset; +using Action_t = std::bitset; using NotAction_t = Action_t; + template + constexpr std::bitset make_bitmask(size_t s) { + // unfortunately none of the shift/logic operators of std::bitset have a constexpr variation + return s < 64 ? std::bitset ((1ULL << s) - 1) : + std::bitset((1ULL << 63) - 1) | make_bitmask (s - 63) << 63; + } + + template + constexpr std::bitset set_cont_bits(size_t start, size_t end) + { + return (make_bitmask(end - start)) << start; + } + static const Action_t None(0); - static const Action_t s3AllValue("1111111111111111111111111111111111111111111111111111111111111"); - static const Action_t iamAllValue("111111111111100000000000000000000000000000000000000000000000000000000000000"); - static const Action_t stsAllValue("1110000000000000000000000000000000000000000000000000000000000000000000000000000"); - //Modify allValue if more Actions are added - static const Action_t allValue("11111111111111111111111111111111111111111111111111111111111111111111111111111111"); + static const Action_t s3AllValue = set_cont_bits(0,s3All); + static const Action_t iamAllValue = set_cont_bits(s3All+1,iamAll); + static const Action_t stsAllValue = set_cont_bits(iamAll+1,stsAll); + static const Action_t allValue = set_cont_bits(0,allCount); namespace { // Please update the table in doc/radosgw/s3/authentication.rst if you