From a72975821fe36b411982346254a33771f97abb26 Mon Sep 17 00:00:00 2001 From: Casey Bodley Date: Tue, 12 Mar 2024 19:08:50 -0400 Subject: [PATCH] rgw/pubsub: notifications can refer to topics in other accounts/tenants accounts can use topic policy to grant sns:Publish permissions to other accounts. the PutBucketNotification op should expect TopicArns from other accounts. the account name from each TopicArn should be used as the 'tenant' argument for RGWPubSub's constructor so we look for the topic in the right namespace Signed-off-by: Casey Bodley --- src/rgw/rgw_rest_pubsub.cc | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/rgw/rgw_rest_pubsub.cc b/src/rgw/rgw_rest_pubsub.cc index b7926e9f7f3..eeba1a060ae 100644 --- a/src/rgw/rgw_rest_pubsub.cc +++ b/src/rgw/rgw_rest_pubsub.cc @@ -1140,7 +1140,6 @@ int RGWPSCreateNotifOp::init_processing(optional_yield y) return ret; } - const RGWPubSub ps(driver, get_account_or_tenant(s->owner.id), *s->penv.site); for (const auto& c : configurations.list) { const auto& notif_name = c.id; @@ -1171,6 +1170,7 @@ int RGWPSCreateNotifOp::init_processing(optional_yield y) std::forward_as_tuple()); if (insert.second) { rgw_pubsub_topic& topic_info = insert.first->second; + const RGWPubSub ps(driver, arn->account, *s->penv.site); ret = ps.get_topic(this, topic_name, topic_info, y, nullptr); if (ret < 0) { ldpp_dout(this, 4) << "failed to get topic '" << topic_name << "', ret=" << ret << dendl; @@ -1298,7 +1298,6 @@ void RGWPSCreateNotifOp::execute_v2(optional_yield y) { << s->bucket << ", ret = " << op_ret << dendl; return; } - const RGWPubSub ps(driver, get_account_or_tenant(s->owner.id), *s->penv.site); for (const auto& c : configurations.list) { const auto& notif_name = c.id; -- 2.39.5