From: Pritha Srivastava <prsrivas@redhat.com>
Date: Wed, 18 May 2022 10:46:22 +0000 (+0530)
Subject: rgw/sts: code changes to replace modify role with
X-Git-Tag: v17.2.8~208^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=refs%2Fpull%2F48082%2Fhead;p=ceph.git

rgw/sts: code changes to replace modify role with
modify role trust policy, to better reflect
what the command does.

Signed-off-by: Pritha Srivastava <prsrivas@redhat.com>
(cherry picked from commit 875da7f9041b54ee507bff00f40b65f6810b939a)
---

diff --git a/doc/radosgw/role.rst b/doc/radosgw/role.rst
index 736570f6466d..070ece409ae6 100644
--- a/doc/radosgw/role.rst
+++ b/doc/radosgw/role.rst
@@ -160,7 +160,7 @@ Update Assume Role Policy Document of a role
 
 To modify a role's assume role policy document, execute the following::
 
-	radosgw-admin role modify --role-name={role-name} --assume-role-policy-doc={trust-policy-document}
+	radosgw-admin role-trust-policy modify --role-name={role-name} --assume-role-policy-doc={trust-policy-document}
 
 Request Parameters
 ~~~~~~~~~~~~~~~~~~
@@ -177,7 +177,7 @@ Request Parameters
 
 For example::
 
-  radosgw-admin role modify --role-name=S3Access1 --assume-role-policy-doc=\{\"Version\":\"2012-10-17\",\"Statement\":\[\{\"Effect\":\"Allow\",\"Principal\":\{\"AWS\":\[\"arn:aws:iam:::user/TESTER2\"\]\},\"Action\":\[\"sts:AssumeRole\"\]\}\]\}
+  radosgw-admin role-trust-policy modify --role-name=S3Access1 --assume-role-policy-doc=\{\"Version\":\"2012-10-17\",\"Statement\":\[\{\"Effect\":\"Allow\",\"Principal\":\{\"AWS\":\[\"arn:aws:iam:::user/TESTER2\"\]\},\"Action\":\[\"sts:AssumeRole\"\]\}\]\}
 
 .. code-block:: javascript
 
diff --git a/src/rgw/rgw_admin.cc b/src/rgw/rgw_admin.cc
index ed3c322b04fc..01646f2af2f8 100644
--- a/src/rgw/rgw_admin.cc
+++ b/src/rgw/rgw_admin.cc
@@ -268,7 +268,7 @@ void usage()
   cout << "  role delete                remove a role\n";
   cout << "  role get                   get a role\n";
   cout << "  role list                  list roles with specified path prefix\n";
-  cout << "  role modify                modify the assume role policy of an existing role\n";
+  cout << "  role-trust-policy modify   modify the assume role policy of an existing role\n";
   cout << "  role-policy put            add/update permission policy to role\n";
   cout << "  role-policy list           list policies attached to a role\n";
   cout << "  role-policy get            get the specified inline policy document embedded with the given role\n";
@@ -791,7 +791,7 @@ enum class OPT {
   ROLE_CREATE,
   ROLE_DELETE,
   ROLE_GET,
-  ROLE_MODIFY,
+  ROLE_TRUST_POLICY_MODIFY,
   ROLE_LIST,
   ROLE_POLICY_PUT,
   ROLE_POLICY_LIST,
@@ -1017,7 +1017,7 @@ static SimpleCmd::Commands all_cmds = {
   { "role create", OPT::ROLE_CREATE },
   { "role delete", OPT::ROLE_DELETE },
   { "role get", OPT::ROLE_GET },
-  { "role modify", OPT::ROLE_MODIFY },
+  { "role-trust-policy modify", OPT::ROLE_TRUST_POLICY_MODIFY },
   { "role list", OPT::ROLE_LIST },
   { "role policy put", OPT::ROLE_POLICY_PUT },
   { "role-policy put", OPT::ROLE_POLICY_PUT },
@@ -4303,7 +4303,7 @@ int main(int argc, const char **argv)
       if (rgw::sal::User::empty(user) && opt_cmd != OPT::ROLE_CREATE
                           && opt_cmd != OPT::ROLE_DELETE
                           && opt_cmd != OPT::ROLE_GET
-                          && opt_cmd != OPT::ROLE_MODIFY
+                          && opt_cmd != OPT::ROLE_TRUST_POLICY_MODIFY
                           && opt_cmd != OPT::ROLE_LIST
                           && opt_cmd != OPT::ROLE_POLICY_PUT
                           && opt_cmd != OPT::ROLE_POLICY_LIST
@@ -6469,7 +6469,7 @@ int main(int argc, const char **argv)
       show_role_info(role.get(), formatter.get());
       return 0;
     }
-  case OPT::ROLE_MODIFY:
+  case OPT::ROLE_TRUST_POLICY_MODIFY:
     {
       if (role_name.empty()) {
         cerr << "ERROR: role name is empty" << std::endl;
diff --git a/src/rgw/rgw_auth_s3.cc b/src/rgw/rgw_auth_s3.cc
index 7c77e71307f4..742493eaf705 100644
--- a/src/rgw/rgw_auth_s3.cc
+++ b/src/rgw/rgw_auth_s3.cc
@@ -465,7 +465,7 @@ bool is_non_s3_op(RGWOpType op_type)
       op_type == RGW_OP_CREATE_ROLE ||
       op_type == RGW_OP_DELETE_ROLE ||
       op_type == RGW_OP_GET_ROLE ||
-      op_type == RGW_OP_MODIFY_ROLE ||
+      op_type == RGW_OP_MODIFY_ROLE_TRUST_POLICY ||
       op_type == RGW_OP_LIST_ROLES ||
       op_type == RGW_OP_PUT_ROLE_POLICY ||
       op_type == RGW_OP_GET_ROLE_POLICY ||
diff --git a/src/rgw/rgw_iam_policy.cc b/src/rgw/rgw_iam_policy.cc
index d73a04486713..7da3590e795a 100644
--- a/src/rgw/rgw_iam_policy.cc
+++ b/src/rgw/rgw_iam_policy.cc
@@ -143,7 +143,7 @@ static const actpair actpairs[] =
  { "iam:CreateRole", iamCreateRole},
  { "iam:DeleteRole", iamDeleteRole},
  { "iam:GetRole", iamGetRole},
- { "iam:ModifyRole", iamModifyRole},
+ { "iam:ModifyRoleTrustPolicy", iamModifyRoleTrustPolicy},
  { "iam:ListRoles", iamListRoles},
  { "iam:PutRolePolicy", iamPutRolePolicy},
  { "iam:GetRolePolicy", iamGetRolePolicy},
@@ -1325,8 +1325,8 @@ const char* action_bit_string(uint64_t action) {
   case iamGetRole:
     return "iam:GetRole";
 
-  case iamModifyRole:
-    return "iam:ModifyRole";
+  case iamModifyRoleTrustPolicy:
+    return "iam:ModifyRoleTrustPolicy";
 
   case iamListRoles:
     return "iam:ListRoles";
diff --git a/src/rgw/rgw_iam_policy.h b/src/rgw/rgw_iam_policy.h
index 2de1b7bd58b9..de8ba9297b41 100644
--- a/src/rgw/rgw_iam_policy.h
+++ b/src/rgw/rgw_iam_policy.h
@@ -117,7 +117,7 @@ static constexpr std::uint64_t iamDeleteUserPolicy = s3All + 3;
 static constexpr std::uint64_t iamListUserPolicies = s3All + 4;
 static constexpr std::uint64_t iamCreateRole = s3All + 5;
 static constexpr std::uint64_t iamDeleteRole = s3All + 6;
-static constexpr std::uint64_t iamModifyRole = s3All + 7;
+static constexpr std::uint64_t iamModifyRoleTrustPolicy = s3All + 7;
 static constexpr std::uint64_t iamGetRole = s3All + 8;
 static constexpr std::uint64_t iamListRoles = s3All + 9;
 static constexpr std::uint64_t iamPutRolePolicy = s3All + 10;
diff --git a/src/rgw/rgw_op_type.h b/src/rgw/rgw_op_type.h
index 6fe5a564da60..19f3e1a8a54d 100644
--- a/src/rgw/rgw_op_type.h
+++ b/src/rgw/rgw_op_type.h
@@ -55,7 +55,7 @@ enum RGWOpType {
   RGW_OP_CREATE_ROLE,
   RGW_OP_DELETE_ROLE,
   RGW_OP_GET_ROLE,
-  RGW_OP_MODIFY_ROLE,
+  RGW_OP_MODIFY_ROLE_TRUST_POLICY,
   RGW_OP_LIST_ROLES,
   RGW_OP_PUT_ROLE_POLICY,
   RGW_OP_GET_ROLE_POLICY,
diff --git a/src/rgw/rgw_rest_iam.cc b/src/rgw/rgw_rest_iam.cc
index f63018d189b3..35f1b3673819 100644
--- a/src/rgw/rgw_rest_iam.cc
+++ b/src/rgw/rgw_rest_iam.cc
@@ -53,7 +53,7 @@ RGWOp *RGWHandler_REST_IAM::op_post()
     if (action.compare("GetRole") == 0)
       return new RGWGetRole;
     if (action.compare("UpdateAssumeRolePolicy") == 0)
-      return new RGWModifyRole(this->bl_post_body);
+      return new RGWModifyRoleTrustPolicy(this->bl_post_body);
     if (action.compare("ListRoles") == 0)
       return new RGWListRoles;
     if (action.compare("PutRolePolicy") == 0)
diff --git a/src/rgw/rgw_rest_role.cc b/src/rgw/rgw_rest_role.cc
index 7ae70e6a097e..71090c59c177 100644
--- a/src/rgw/rgw_rest_role.cc
+++ b/src/rgw/rgw_rest_role.cc
@@ -438,7 +438,7 @@ void RGWGetRole::execute(optional_yield y)
   }
 }
 
-int RGWModifyRole::get_params()
+int RGWModifyRoleTrustPolicy::get_params()
 {
   role_name = s->info.args.get("RoleName");
   trust_policy = s->info.args.get("PolicyDocument");
@@ -456,7 +456,7 @@ int RGWModifyRole::get_params()
   return 0;
 }
 
-void RGWModifyRole::execute(optional_yield y)
+void RGWModifyRoleTrustPolicy::execute(optional_yield y)
 {
   op_ret = get_params();
   if (op_ret < 0) {
diff --git a/src/rgw/rgw_rest_role.h b/src/rgw/rgw_rest_role.h
index f007d2ec23fa..69e64306526e 100644
--- a/src/rgw/rgw_rest_role.h
+++ b/src/rgw/rgw_rest_role.h
@@ -73,15 +73,15 @@ public:
   uint64_t get_op() override { return rgw::IAM::iamGetRole; }
 };
 
-class RGWModifyRole : public RGWRoleWrite {
+class RGWModifyRoleTrustPolicy : public RGWRoleWrite {
   bufferlist bl_post_body;
 public:
-  RGWModifyRole(const bufferlist& bl_post_body) : bl_post_body(bl_post_body) {};
+  RGWModifyRoleTrustPolicy(const bufferlist& bl_post_body) : bl_post_body(bl_post_body) {};
   void execute(optional_yield y) override;
   int get_params();
-  const char* name() const override { return "modify_role"; }
-  RGWOpType get_type() override { return RGW_OP_MODIFY_ROLE; }
-  uint64_t get_op() override { return rgw::IAM::iamModifyRole; }
+  const char* name() const override { return "modify_role_trust_policy"; }
+  RGWOpType get_type() override { return RGW_OP_MODIFY_ROLE_TRUST_POLICY; }
+  uint64_t get_op() override { return rgw::IAM::iamModifyRoleTrustPolicy; }
 };
 
 class RGWListRoles : public RGWRoleRead {
diff --git a/src/test/cli/radosgw-admin/help.t b/src/test/cli/radosgw-admin/help.t
index 0930828f40f4..b3266a0edb97 100644
--- a/src/test/cli/radosgw-admin/help.t
+++ b/src/test/cli/radosgw-admin/help.t
@@ -159,7 +159,7 @@
     role delete                remove a role
     role get                   get a role
     role list                  list roles with specified path prefix
-    role modify                modify the assume role policy of an existing role
+    role-trust-policy modify   modify the assume role policy of an existing role
     role-policy put            add/update permission policy to role
     role-policy list           list policies attached to a role
     role-policy get            get the specified inline policy document embedded with the given role