From c4930af028e6c458a8fd88d2a022e2bec85f9dfd Mon Sep 17 00:00:00 2001 From: Pritha Srivastava Date: Tue, 26 Jun 2018 15:13:51 +0530 Subject: [PATCH] rgw: Policy code for STS. Signed-off-by: Pritha Srivastava --- src/rgw/rgw_iam_policy.cc | 6 ++++++ src/rgw/rgw_iam_policy.h | 9 +++++---- src/rgw/rgw_rest_s3.cc | 1 - src/rgw/rgw_rest_sts.cc | 1 - src/test/rgw/test_rgw_iam_policy.cc | 3 ++- 5 files changed, 13 insertions(+), 7 deletions(-) diff --git a/src/rgw/rgw_iam_policy.cc b/src/rgw/rgw_iam_policy.cc index 593d018f70c..4c316f47642 100644 --- a/src/rgw/rgw_iam_policy.cc +++ b/src/rgw/rgw_iam_policy.cc @@ -847,6 +847,12 @@ bool ParseState::do_string(CephContext* cct, const char* s, size_t l) { if ((t->notaction & iamAllValue) == iamAllValue) { t->notaction[iamAll] = 1; } + if ((t->action & stsAllValue) == stsAllValue) { + t->action[stsAll] = 1; + } + if ((t->notaction & stsAllValue) == stsAllValue) { + t->notaction[stsAll] = 1; + } } } } else if (w->id == TokenID::Resource || w->id == TokenID::NotResource) { diff --git a/src/rgw/rgw_iam_policy.h b/src/rgw/rgw_iam_policy.h index 6c032c2a5d6..f15d215a8a4 100644 --- a/src/rgw/rgw_iam_policy.h +++ b/src/rgw/rgw_iam_policy.h @@ -112,9 +112,11 @@ static constexpr std::uint64_t iamGetRolePolicy = 65; static constexpr std::uint64_t iamListRolePolicies = 66; static constexpr std::uint64_t iamDeleteRolePolicy = 67; static constexpr std::uint64_t iamAll = 68; +static constexpr std::uint64_t stsAssumeRole = 69; +static constexpr std::uint64_t stsAll = 70; static constexpr std::uint64_t s3Count = s3DeleteObjectVersionTagging + 1; -static constexpr std::uint64_t allCount = iamAll + 1; +static constexpr std::uint64_t allCount = stsAll + 1; using Action_t = bitset; using NotAction_t = Action_t; @@ -122,10 +124,9 @@ using NotAction_t = Action_t; static const Action_t None(0); static const Action_t s3AllValue("111111111111111111111111111111111111111111111111111111"); static const Action_t iamAllValue("11111111111110000000000000000000000000000000000000000000000000000000"); +static const Action_t stsAllValue("1000000000000000000000000000000000000000000000000000000000000000000000"); //Modify allValue if more Actions are added -static const Action_t allValue("111111111111111111111111111111111111111111111111111111111111111111111"); - -static constexpr std::uint64_t stsAssumeRole = 1ULL << 55; +static const Action_t allValue("11111111111111111111111111111111111111111111111111111111111111111111111"); namespace { inline int op_to_perm(std::uint64_t op) { diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc index e80cc3ff17c..5c0b77b3dd7 100644 --- a/src/rgw/rgw_rest_s3.cc +++ b/src/rgw/rgw_rest_s3.cc @@ -46,7 +46,6 @@ #include "rgw_crypt_sanitize.h" #include "rgw_rest_user_policy.h" #include "include/ceph_assert.h" -#include "include/assert.h" #include "rgw_role.h" #include "rgw_rest_sts.h" #include "rgw_sts.h" diff --git a/src/rgw/rgw_rest_sts.cc b/src/rgw/rgw_rest_sts.cc index 339f11bf1a3..cadfe7b33ec 100644 --- a/src/rgw/rgw_rest_sts.cc +++ b/src/rgw/rgw_rest_sts.cc @@ -4,7 +4,6 @@ #include #include -#include "include/assert.h" #include "ceph_ver.h" #include "common/Formatter.h" diff --git a/src/test/rgw/test_rgw_iam_policy.cc b/src/test/rgw/test_rgw_iam_policy.cc index 9b3db3f43cd..64946b33ada 100644 --- a/src/test/rgw/test_rgw_iam_policy.cc +++ b/src/test/rgw/test_rgw_iam_policy.cc @@ -84,6 +84,7 @@ using rgw::IAM::NotAction_t; using rgw::IAM::iamCreateRole; using rgw::IAM::iamDeleteRole; using rgw::IAM::iamAll; +using rgw::IAM::stsAll; class FakeIdentity : public Identity { const Principal id; @@ -615,7 +616,7 @@ TEST_F(PolicyTest, Parse6) { EXPECT_TRUE(p->statements[0].noprinc.empty()); EXPECT_EQ(p->statements[0].effect, Effect::Allow); Action_t act; - for (auto i = 0U; i <= iamAll; i++) + for (auto i = 0U; i <= stsAll; i++) act[i] = 1; EXPECT_EQ(p->statements[0].action, act); EXPECT_EQ(p->statements[0].notaction, None); -- 2.47.3