Skip to content

Comments

squid: rgw: revert account-related changes to get_iam_policy_from_attr()#59221

Merged
cbodley merged 2 commits intoceph:squidfrom
cbodley:wip-67554-squid
Aug 29, 2024
Merged

squid: rgw: revert account-related changes to get_iam_policy_from_attr()#59221
cbodley merged 2 commits intoceph:squidfrom
cbodley:wip-67554-squid

Conversation

@cbodley
Copy link
Contributor

@cbodley cbodley commented Aug 14, 2024

while bucket ARNs in iam policies don't include account names, policy
evaluation does need to differentiate between buckets in different
tenant namespaces

when requests pass bucket/object ARNs into
verify_bucket/object_permission(), those do include the bucket's tenant
name. to match against those ARNs, we also need to pass the requested
bucket's tenant name into get_iam_policy_from_attr()

Fixes: https://tracker.ceph.com/issues/67464

Signed-off-by: Casey Bodley <[email protected]>
(cherry picked from commit d7377da)
Signed-off-by: Casey Bodley <[email protected]>
(cherry picked from commit f38429b)
@cbodley cbodley requested a review from a team as a code owner August 14, 2024 13:26
@cbodley cbodley added this to the squid milestone Aug 14, 2024
@cbodley cbodley added the rgw label Aug 14, 2024
@github-actions github-actions bot added the tests label Aug 14, 2024
@cbodley cbodley modified the milestones: squid, v19.2.0 Aug 28, 2024
@cbodley
Copy link
Contributor Author

cbodley commented Aug 28, 2024

@cbodley cbodley merged commit 70ff8ef into ceph:squid Aug 29, 2024
@cbodley cbodley deleted the wip-67554-squid branch August 29, 2024 00:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants