From: Pritha Srivastava Date: Tue, 26 Jun 2018 09:43:51 +0000 (+0530) Subject: rgw: Policy code for STS. X-Git-Tag: v14.0.1~113^2 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=refs%2Fpull%2F23504%2Fhead;p=ceph.git rgw: Policy code for STS. Signed-off-by: Pritha Srivastava --- diff --git a/src/rgw/rgw_iam_policy.cc b/src/rgw/rgw_iam_policy.cc index 593d018f70ce..4c316f476428 100644 --- a/src/rgw/rgw_iam_policy.cc +++ b/src/rgw/rgw_iam_policy.cc @@ -847,6 +847,12 @@ bool ParseState::do_string(CephContext* cct, const char* s, size_t l) { if ((t->notaction & iamAllValue) == iamAllValue) { t->notaction[iamAll] = 1; } + if ((t->action & stsAllValue) == stsAllValue) { + t->action[stsAll] = 1; + } + if ((t->notaction & stsAllValue) == stsAllValue) { + t->notaction[stsAll] = 1; + } } } } else if (w->id == TokenID::Resource || w->id == TokenID::NotResource) { diff --git a/src/rgw/rgw_iam_policy.h b/src/rgw/rgw_iam_policy.h index 6c032c2a5d65..f15d215a8a49 100644 --- a/src/rgw/rgw_iam_policy.h +++ b/src/rgw/rgw_iam_policy.h @@ -112,9 +112,11 @@ static constexpr std::uint64_t iamGetRolePolicy = 65; static constexpr std::uint64_t iamListRolePolicies = 66; static constexpr std::uint64_t iamDeleteRolePolicy = 67; static constexpr std::uint64_t iamAll = 68; +static constexpr std::uint64_t stsAssumeRole = 69; +static constexpr std::uint64_t stsAll = 70; static constexpr std::uint64_t s3Count = s3DeleteObjectVersionTagging + 1; -static constexpr std::uint64_t allCount = iamAll + 1; +static constexpr std::uint64_t allCount = stsAll + 1; using Action_t = bitset; using NotAction_t = Action_t; @@ -122,10 +124,9 @@ using NotAction_t = Action_t; static const Action_t None(0); static const Action_t s3AllValue("111111111111111111111111111111111111111111111111111111"); static const Action_t iamAllValue("11111111111110000000000000000000000000000000000000000000000000000000"); +static const Action_t stsAllValue("1000000000000000000000000000000000000000000000000000000000000000000000"); //Modify allValue if more Actions are added -static const Action_t allValue("111111111111111111111111111111111111111111111111111111111111111111111"); - -static constexpr std::uint64_t stsAssumeRole = 1ULL << 55; +static const Action_t allValue("11111111111111111111111111111111111111111111111111111111111111111111111"); namespace { inline int op_to_perm(std::uint64_t op) { diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc index e80cc3ff17cf..5c0b77b3dd78 100644 --- a/src/rgw/rgw_rest_s3.cc +++ b/src/rgw/rgw_rest_s3.cc @@ -46,7 +46,6 @@ #include "rgw_crypt_sanitize.h" #include "rgw_rest_user_policy.h" #include "include/ceph_assert.h" -#include "include/assert.h" #include "rgw_role.h" #include "rgw_rest_sts.h" #include "rgw_sts.h" diff --git a/src/rgw/rgw_rest_sts.cc b/src/rgw/rgw_rest_sts.cc index 339f11bf1a3d..cadfe7b33ece 100644 --- a/src/rgw/rgw_rest_sts.cc +++ b/src/rgw/rgw_rest_sts.cc @@ -4,7 +4,6 @@ #include #include -#include "include/assert.h" #include "ceph_ver.h" #include "common/Formatter.h" diff --git a/src/test/rgw/test_rgw_iam_policy.cc b/src/test/rgw/test_rgw_iam_policy.cc index 9b3db3f43cde..64946b33ada6 100644 --- a/src/test/rgw/test_rgw_iam_policy.cc +++ b/src/test/rgw/test_rgw_iam_policy.cc @@ -84,6 +84,7 @@ using rgw::IAM::NotAction_t; using rgw::IAM::iamCreateRole; using rgw::IAM::iamDeleteRole; using rgw::IAM::iamAll; +using rgw::IAM::stsAll; class FakeIdentity : public Identity { const Principal id; @@ -615,7 +616,7 @@ TEST_F(PolicyTest, Parse6) { EXPECT_TRUE(p->statements[0].noprinc.empty()); EXPECT_EQ(p->statements[0].effect, Effect::Allow); Action_t act; - for (auto i = 0U; i <= iamAll; i++) + for (auto i = 0U; i <= stsAll; i++) act[i] = 1; EXPECT_EQ(p->statements[0].action, act); EXPECT_EQ(p->statements[0].notaction, None);