From 7daaef36f8529dbb58c97dc26f9b1f1d03ed7966 Mon Sep 17 00:00:00 2001 From: Casey Bodley Date: Tue, 12 Mar 2024 19:08:50 -0400 Subject: [PATCH] rgw/pubsub: notifications can refer to topics in other accounts/tenants accounts can use topic policy to grant sns:Publish permissions to other accounts. the PutBucketNotification op should expect TopicArns from other accounts. the account name from each TopicArn should be used as the 'tenant' argument for RGWPubSub's constructor so we look for the topic in the right namespace Signed-off-by: Casey Bodley (cherry picked from commit a72975821fe36b411982346254a33771f97abb26) --- src/rgw/rgw_rest_pubsub.cc | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/rgw/rgw_rest_pubsub.cc b/src/rgw/rgw_rest_pubsub.cc index b7926e9f7f33e..eeba1a060ae51 100644 --- a/src/rgw/rgw_rest_pubsub.cc +++ b/src/rgw/rgw_rest_pubsub.cc @@ -1140,7 +1140,6 @@ int RGWPSCreateNotifOp::init_processing(optional_yield y) return ret; } - const RGWPubSub ps(driver, get_account_or_tenant(s->owner.id), *s->penv.site); for (const auto& c : configurations.list) { const auto& notif_name = c.id; @@ -1171,6 +1170,7 @@ int RGWPSCreateNotifOp::init_processing(optional_yield y) std::forward_as_tuple()); if (insert.second) { rgw_pubsub_topic& topic_info = insert.first->second; + const RGWPubSub ps(driver, arn->account, *s->penv.site); ret = ps.get_topic(this, topic_name, topic_info, y, nullptr); if (ret < 0) { ldpp_dout(this, 4) << "failed to get topic '" << topic_name << "', ret=" << ret << dendl; @@ -1298,7 +1298,6 @@ void RGWPSCreateNotifOp::execute_v2(optional_yield y) { << s->bucket << ", ret = " << op_ret << dendl; return; } - const RGWPubSub ps(driver, get_account_or_tenant(s->owner.id), *s->penv.site); for (const auto& c : configurations.list) { const auto& notif_name = c.id; -- 2.39.5