Skip to content

Comments

squid: rgw: revert account-related changes to get_iam_policy_from_attr()#59221

Merged
cbodley merged 2 commits intoceph:squidfrom
cbodley:wip-67554-squid
Aug 29, 2024
Merged

squid: rgw: revert account-related changes to get_iam_policy_from_attr()#59221
cbodley merged 2 commits intoceph:squidfrom
cbodley:wip-67554-squid

Conversation

@cbodley
Copy link
Contributor

@cbodley cbodley commented Aug 14, 2024

cbodley added 2 commits August 14, 2024 09:26
@cbodley
rgw: revert account-related changes to get_iam_policy_from_attr()
f850c30 
while bucket ARNs in iam policies don't include account names, policy
evaluation does need to differentiate between buckets in different
tenant namespaces

when requests pass bucket/object ARNs into
verify_bucket/object_permission(), those do include the bucket's tenant
name. to match against those ARNs, we also need to pass the requested
bucket's tenant name into get_iam_policy_from_attr()

Fixes: https://tracker.ceph.com/issues/67464

Signed-off-by: Casey Bodley <[email protected]>
(cherry picked from commit d7377da)
@cbodley
qa/s3tests: configure tenant name for 's3 tenant' section
b3b2fa5 
Signed-off-by: Casey Bodley <[email protected]>
(cherry picked from commit f38429b)
@cbodley cbodley requested a review from a team as a code owner August 14, 2024 13:26
@cbodley cbodley added this to the squid milestone Aug 14, 2024
@cbodley cbodley added the rgw label Aug 14, 2024
@github-actions github-actions bot added the tests label Aug 14, 2024
@cbodley cbodley modified the milestones: squid, v19.2.0 Aug 28, 2024
@cbodley
Copy link
Contributor Author

cbodley commented Aug 28, 2024

qa pending in https://pulpito.ceph.com/cbodley-2024-08-28_19:53:30-rgw-wip-67554-squid-distro-default-smithi/

@cbodley
Copy link
Contributor Author

cbodley commented Aug 29, 2024

passed qa in https://pulpito.ceph.com/cbodley-2024-08-28_19:53:30-rgw-wip-67554-squid-distro-default-smithi with rerun https://pulpito.ceph.com/cbodley-2024-08-28_22:09:13-rgw-wip-67554-squid-distro-default-smithi

@cbodley cbodley merged commit 70ff8ef into ceph:squid Aug 29, 2024
@cbodley cbodley deleted the wip-67554-squid branch August 29, 2024 00:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dang dang dang approved these changes

@pritha-srivastava pritha-srivastava Awaiting requested review from pritha-srivastava

Assignees

No one assigned

Labels

needs-qa rgw tests

Projects

None yet

Milestone

v19.2.0

Development

Successfully merging this pull request may close these issues.

2 participants

@cbodley @dang