From: Casey Bodley Date: Fri, 26 Jan 2024 03:04:32 +0000 (-0500) Subject: rgw/iam: add s3:Get/PutBucketOwnershipControls X-Git-Tag: v19.1.0~99^2~92 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=e290baec0fd8419948664c87e4f69ac589a5f4f7;p=ceph.git rgw/iam: add s3:Get/PutBucketOwnershipControls Signed-off-by: Casey Bodley (cherry picked from commit f473d28ef0979d535ff1c1d71a880849821cc42b) --- diff --git a/src/rgw/rgw_iam_policy.cc b/src/rgw/rgw_iam_policy.cc index bfd6d60eb1ad..ba8507e50174 100644 --- a/src/rgw/rgw_iam_policy.cc +++ b/src/rgw/rgw_iam_policy.cc @@ -81,6 +81,7 @@ static const actpair actpairs[] = { "s3:GetBucketLocation", s3GetBucketLocation }, { "s3:GetBucketLogging", s3GetBucketLogging }, { "s3:GetBucketNotification", s3GetBucketNotification }, + { "s3:GetBucketOwnershipControls", s3GetBucketOwnershipControls }, { "s3:GetBucketPolicy", s3GetBucketPolicy }, { "s3:GetBucketPolicyStatus", s3GetBucketPolicyStatus }, { "s3:GetBucketPublicAccessBlock", s3GetBucketPublicAccessBlock }, @@ -113,6 +114,7 @@ static const actpair actpairs[] = { "s3:PutBucketEncryption", s3PutBucketEncryption }, { "s3:PutBucketLogging", s3PutBucketLogging }, { "s3:PutBucketNotification", s3PutBucketNotification }, + { "s3:PutBucketOwnershipControls", s3PutBucketOwnershipControls }, { "s3:PutBucketPolicy", s3PutBucketPolicy }, { "s3:PutBucketRequestPayment", s3PutBucketRequestPayment }, { "s3:PutBucketTagging", s3PutBucketTagging }, @@ -1290,6 +1292,12 @@ const char* action_bit_string(uint64_t action) { case s3PutBucketAcl: return "s3:PutBucketAcl"; + case s3GetBucketOwnershipControls: + return "s3:GetBucketOwnershipControls"; + + case s3PutBucketOwnershipControls: + return "s3:PutBucketOwnershipControls"; + case s3GetBucketCORS: return "s3:GetBucketCORS"; diff --git a/src/rgw/rgw_iam_policy.h b/src/rgw/rgw_iam_policy.h index 232896a97f44..35d5a5698c56 100644 --- a/src/rgw/rgw_iam_policy.h +++ b/src/rgw/rgw_iam_policy.h @@ -65,6 +65,8 @@ enum { s3PutAccelerateConfiguration, s3GetBucketAcl, s3PutBucketAcl, + s3GetBucketOwnershipControls, + s3PutBucketOwnershipControls, s3GetBucketCORS, s3PutBucketCORS, s3GetBucketVersioning, diff --git a/src/test/rgw/test_rgw_iam_policy.cc b/src/test/rgw/test_rgw_iam_policy.cc index 87b11af19da6..68e5f508b348 100644 --- a/src/test/rgw/test_rgw_iam_policy.cc +++ b/src/test/rgw/test_rgw_iam_policy.cc @@ -51,6 +51,7 @@ using rgw::IAM::s3All; using rgw::IAM::s3All; using rgw::IAM::s3GetAccelerateConfiguration; using rgw::IAM::s3GetBucketAcl; +using rgw::IAM::s3GetBucketOwnershipControls; using rgw::IAM::s3GetBucketCORS; using rgw::IAM::s3GetBucketLocation; using rgw::IAM::s3GetBucketLogging; @@ -379,6 +380,7 @@ TEST_F(PolicyTest, Parse3) { act2[s3GetObjectVersionTorrent] = 1; act2[s3GetAccelerateConfiguration] = 1; act2[s3GetBucketAcl] = 1; + act2[s3GetBucketOwnershipControls] = 1; act2[s3GetBucketCORS] = 1; act2[s3GetBucketVersioning] = 1; act2[s3GetBucketRequestPayment] = 1; @@ -449,6 +451,7 @@ TEST_F(PolicyTest, Eval3) { s3allow[s3GetObjectVersionTorrent] = 1; s3allow[s3GetAccelerateConfiguration] = 1; s3allow[s3GetBucketAcl] = 1; + s3allow[s3GetBucketOwnershipControls] = 1; s3allow[s3GetBucketCORS] = 1; s3allow[s3GetBucketVersioning] = 1; s3allow[s3GetBucketRequestPayment] = 1;