From 019aaa4d101db6b749140eaa5e62f997c57b0d81 Mon Sep 17 00:00:00 2001 From: Seena Fallah Date: Fri, 19 Jul 2024 19:34:25 +0200 Subject: [PATCH] rgw: donot check for NotPrincipal in IsPublicStatement As NotPrincipal cannot be used with Effect Allow there is no need to check for that. Also before this change, policies without `NotPrincipal` were identified as a public as std::none_of() returns true on empty flats and the check was not considering the fact that the policy might have pricipals. but due to the missing concept from AWS about how to deal with Principal and NotPrincipal on Allow Effect we can just remove it. Signed-off-by: Seena Fallah --- src/rgw/rgw_iam_policy.cc | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/src/rgw/rgw_iam_policy.cc b/src/rgw/rgw_iam_policy.cc index 94d7d1bf29c..1901c6f87cb 100644 --- a/src/rgw/rgw_iam_policy.cc +++ b/src/rgw/rgw_iam_policy.cc @@ -1893,14 +1893,10 @@ struct IsPublicStatement bool operator() (const Statement &s) const { if (s.effect == Effect::Allow) { for (const auto& p : s.princ) { - if (p.is_wildcard()) { - return s.eval_conditions(iam_all_env) == Effect::Allow; - } + if (p.is_wildcard()) { + return s.eval_conditions(iam_all_env) == Effect::Allow; + } } - // no princ should not contain fixed values - return std::none_of(s.noprinc.begin(), s.noprinc.end(), [](const rgw::auth::Principal& p) { - return p.is_wildcard(); - }); } return false; } -- 2.47.3