From 620e7b4e5c7abb3897376d0212bde9d71304ee7c Mon Sep 17 00:00:00 2001
From: Seena Fallah <seenafallah@gmail.com>
Date: Sun, 9 Feb 2020 19:01:04 +0330
Subject: [PATCH] rgw: Add support bucket policy for subuser

Signed-off-by: Seena Fallah <seenafallah@gmail.com>
(cherry picked from commit 84b96f8d4f49fe1a82f3a8803a91b26f2a50ffd7)
---
 .gitignore                   |  2 ++
 doc/radosgw/bucketpolicy.rst |  2 +-
 src/rgw/rgw_auth.cc          | 15 ++++++++++++---
 src/rgw/rgw_op.cc            |  2 --
 4 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/.gitignore b/.gitignore
index b562aed0faf22..86375e1c32d65 100644
--- a/.gitignore
+++ b/.gitignore
@@ -66,6 +66,8 @@ GTAGS
 
 .idea
 
+.vscode
+
 # dashboard
 /src/pybind/mgr/dashboard/frontend/src/environments/environment.ts
 /src/pybind/mgr/dashboard/frontend/src/environments/environment.prod.ts
diff --git a/doc/radosgw/bucketpolicy.rst b/doc/radosgw/bucketpolicy.rst
index 32a0e751b24b5..33816a8ce49ee 100644
--- a/doc/radosgw/bucketpolicy.rst
+++ b/doc/radosgw/bucketpolicy.rst
@@ -21,7 +21,7 @@ For example, one may use s3cmd to set or delete a policy thus::
     "Version": "2012-10-17",
     "Statement": [{
       "Effect": "Allow",
-      "Principal": {"AWS": ["arn:aws:iam::usfolks:user/fred"]},
+      "Principal": {"AWS": ["arn:aws:iam::usfolks:user/fred:subuser"]},
       "Action": "s3:PutObjectAcl",
       "Resource": [
         "arn:aws:s3:::happybucket/*"
diff --git a/src/rgw/rgw_auth.cc b/src/rgw/rgw_auth.cc
index 3cdc7d360af6d..50a7ac575742a 100644
--- a/src/rgw/rgw_auth.cc
+++ b/src/rgw/rgw_auth.cc
@@ -542,9 +542,18 @@ bool rgw::auth::LocalApplier::is_identity(const idset_t& ids) const {
 	       id.get_tenant() == user_info.user_id.tenant) {
       return true;
     } else if (id.is_user() &&
-	       (id.get_tenant() == user_info.user_id.tenant) &&
-	       (id.get_id() == user_info.user_id.id)) {
-      return true;
+	       (id.get_tenant() == user_info.user_id.tenant)) {
+      if (id.get_id() == user_info.user_id.id) {
+        return true;
+      }
+      for (auto subuser : user_info.subusers) {
+        std::string user = user_info.user_id.id;
+        user.append(":");
+        user.append(subuser.second.name);
+        if (user == id.get_id()) {
+          return true;
+        }
+      }
     }
   }
   return false;
diff --git a/src/rgw/rgw_op.cc b/src/rgw/rgw_op.cc
index 0005c9ee30dbf..0846937c31969 100644
--- a/src/rgw/rgw_op.cc
+++ b/src/rgw/rgw_op.cc
@@ -85,8 +85,6 @@ using rgw::ARN;
 using rgw::IAM::Effect;
 using rgw::IAM::Policy;
 
-using rgw::IAM::Policy;
-
 static string mp_ns = RGW_OBJ_NS_MULTIPART;
 static string shadow_ns = RGW_OBJ_NS_SHADOW;
 
-- 
2.39.5