From: Abhishek Lekshmanan <abhishek@suse.com>
Date: Fri, 6 Mar 2020 13:32:08 +0000 (+0100)
Subject: rgw: append user policies to existing policies
X-Git-Tag: v16.1.0~2107^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=fab10b0ba015779314bd3005a89191d2dbeaf111;p=ceph.git

rgw: append user policies to existing policies

Drop emptiness check and then appending to the policy

Signed-off-by: Abhishek Lekshmanan <abhishek@suse.com>
---

diff --git a/src/rgw/rgw_op.cc b/src/rgw/rgw_op.cc
index cb8e8a90d5333..0d9984911cccb 100644
--- a/src/rgw/rgw_op.cc
+++ b/src/rgw/rgw_op.cc
@@ -732,14 +732,10 @@ int rgw_build_bucket_policies(rgw::sal::RGWRadosStore* store, struct req_state*
     try {
       map<string, bufferlist> uattrs;
       if (ret = store->ctl()->user->get_attrs_by_uid(s->user->get_id(), &uattrs, s->yield); ! ret) {
-        if (s->iam_user_policies.empty()) {
-          s->iam_user_policies = get_iam_user_policy_from_attr(s->cct, store, uattrs, s->user->get_tenant());
-        } else {
-          // This scenario can happen when a STS token has a policy, then we need to append other user policies
-          // to the existing ones. (e.g. token returned by GetSessionToken)
           auto user_policies = get_iam_user_policy_from_attr(s->cct, store, uattrs, s->user->get_tenant());
-          s->iam_user_policies.insert(s->iam_user_policies.end(), user_policies.begin(), user_policies.end());
-        }
+          s->iam_user_policies.insert(s->iam_user_policies.end(),
+                                      std::make_move_iterator(user_policies.begin()),
+                                      std::make_move_iterator(user_policies.end()));
       } else {
         if (ret == -ENOENT)
           ret = 0;
diff --git a/src/rgw/rgw_rest.cc b/src/rgw/rgw_rest.cc
index 2816945d91d32..0457104910751 100644
--- a/src/rgw/rgw_rest.cc
+++ b/src/rgw/rgw_rest.cc
@@ -1850,14 +1850,11 @@ int RGWHandler_REST::init_permissions(RGWOp* op)
       try {
         map<string, bufferlist> uattrs;
         if (auto ret = store->ctl()->user->get_attrs_by_uid(s->user->get_id(), &uattrs, null_yield); ! ret) {
-          if (s->iam_user_policies.empty()) {
-            s->iam_user_policies = get_iam_user_policy_from_attr(s->cct, store, uattrs, s->user->get_tenant());
-          } else {
-          // This scenario can happen when a STS token has a policy, then we need to append other user policies
-          // to the existing ones. (e.g. token returned by GetSessionToken)
           auto user_policies = get_iam_user_policy_from_attr(s->cct, store, uattrs, s->user->get_tenant());
-          s->iam_user_policies.insert(s->iam_user_policies.end(), user_policies.begin(), user_policies.end());
-          }
+          s->iam_user_policies.insert(s->iam_user_policies.end(),
+                                      std::make_move_iterator(user_policies.begin()),
+                                      std::make_move_iterator(user_policies.end()));
+
         }
       } catch (const std::exception& e) {
         lderr(s->cct) << "Error reading IAM User Policy: " << e.what() << dendl;