From e290baec0fd8419948664c87e4f69ac589a5f4f7 Mon Sep 17 00:00:00 2001 From: Casey Bodley Date: Thu, 25 Jan 2024 22:04:32 -0500 Subject: [PATCH] rgw/iam: add s3:Get/PutBucketOwnershipControls Signed-off-by: Casey Bodley (cherry picked from commit f473d28ef0979d535ff1c1d71a880849821cc42b) --- src/rgw/rgw_iam_policy.cc | 8 ++++++++ src/rgw/rgw_iam_policy.h | 2 ++ src/test/rgw/test_rgw_iam_policy.cc | 3 +++ 3 files changed, 13 insertions(+) diff --git a/src/rgw/rgw_iam_policy.cc b/src/rgw/rgw_iam_policy.cc index bfd6d60eb1ade..ba8507e501742 100644 --- a/src/rgw/rgw_iam_policy.cc +++ b/src/rgw/rgw_iam_policy.cc @@ -81,6 +81,7 @@ static const actpair actpairs[] = { "s3:GetBucketLocation", s3GetBucketLocation }, { "s3:GetBucketLogging", s3GetBucketLogging }, { "s3:GetBucketNotification", s3GetBucketNotification }, + { "s3:GetBucketOwnershipControls", s3GetBucketOwnershipControls }, { "s3:GetBucketPolicy", s3GetBucketPolicy }, { "s3:GetBucketPolicyStatus", s3GetBucketPolicyStatus }, { "s3:GetBucketPublicAccessBlock", s3GetBucketPublicAccessBlock }, @@ -113,6 +114,7 @@ static const actpair actpairs[] = { "s3:PutBucketEncryption", s3PutBucketEncryption }, { "s3:PutBucketLogging", s3PutBucketLogging }, { "s3:PutBucketNotification", s3PutBucketNotification }, + { "s3:PutBucketOwnershipControls", s3PutBucketOwnershipControls }, { "s3:PutBucketPolicy", s3PutBucketPolicy }, { "s3:PutBucketRequestPayment", s3PutBucketRequestPayment }, { "s3:PutBucketTagging", s3PutBucketTagging }, @@ -1290,6 +1292,12 @@ const char* action_bit_string(uint64_t action) { case s3PutBucketAcl: return "s3:PutBucketAcl"; + case s3GetBucketOwnershipControls: + return "s3:GetBucketOwnershipControls"; + + case s3PutBucketOwnershipControls: + return "s3:PutBucketOwnershipControls"; + case s3GetBucketCORS: return "s3:GetBucketCORS"; diff --git a/src/rgw/rgw_iam_policy.h b/src/rgw/rgw_iam_policy.h index 232896a97f44b..35d5a5698c561 100644 --- a/src/rgw/rgw_iam_policy.h +++ b/src/rgw/rgw_iam_policy.h @@ -65,6 +65,8 @@ enum { s3PutAccelerateConfiguration, s3GetBucketAcl, s3PutBucketAcl, + s3GetBucketOwnershipControls, + s3PutBucketOwnershipControls, s3GetBucketCORS, s3PutBucketCORS, s3GetBucketVersioning, diff --git a/src/test/rgw/test_rgw_iam_policy.cc b/src/test/rgw/test_rgw_iam_policy.cc index 87b11af19da60..68e5f508b3484 100644 --- a/src/test/rgw/test_rgw_iam_policy.cc +++ b/src/test/rgw/test_rgw_iam_policy.cc @@ -51,6 +51,7 @@ using rgw::IAM::s3All; using rgw::IAM::s3All; using rgw::IAM::s3GetAccelerateConfiguration; using rgw::IAM::s3GetBucketAcl; +using rgw::IAM::s3GetBucketOwnershipControls; using rgw::IAM::s3GetBucketCORS; using rgw::IAM::s3GetBucketLocation; using rgw::IAM::s3GetBucketLogging; @@ -379,6 +380,7 @@ TEST_F(PolicyTest, Parse3) { act2[s3GetObjectVersionTorrent] = 1; act2[s3GetAccelerateConfiguration] = 1; act2[s3GetBucketAcl] = 1; + act2[s3GetBucketOwnershipControls] = 1; act2[s3GetBucketCORS] = 1; act2[s3GetBucketVersioning] = 1; act2[s3GetBucketRequestPayment] = 1; @@ -449,6 +451,7 @@ TEST_F(PolicyTest, Eval3) { s3allow[s3GetObjectVersionTorrent] = 1; s3allow[s3GetAccelerateConfiguration] = 1; s3allow[s3GetBucketAcl] = 1; + s3allow[s3GetBucketOwnershipControls] = 1; s3allow[s3GetBucketCORS] = 1; s3allow[s3GetBucketVersioning] = 1; s3allow[s3GetBucketRequestPayment] = 1; -- 2.39.5