rgw: Add support bucket policy for subuser

Signed-off-by: Seena Fallah <seenafallah@gmail.com>
author: Seena Fallah <seenafallah@gmail.com> 2020-02-09 16:31:04 +0100
committer: Seena Fallah <seenafallah@gmail.com> 2020-02-11 09:53:46 +0100
commit: 84b96f8d4f49fe1a82f3a8803a91b26f2a50ffd7 (patch)
tree: c6030d7204421f53ff3f77e23d7460fa7424a0bc
parent: Merge pull request #32928 from ljishen/wip-rados-bench-latency (diff)
download: ceph-84b96f8d4f49fe1a82f3a8803a91b26f2a50ffd7.tar.xz
ceph-84b96f8d4f49fe1a82f3a8803a91b26f2a50ffd7.zip
4 files changed, 15 insertions, 6 deletions
diff --git a/.gitignore b/.gitignore
index a04d59a632e..149ec0f2499 100644
--- a/.gitignore
+++ b/.gitignore
@@ -68,6 +68,8 @@ GTAGS
 
 .idea
 
+.vscode
+
 # dashboard
 /src/pybind/mgr/dashboard/frontend/.protractor-report
 /src/pybind/mgr/dashboard/frontend/src/environments/environment.ts
diff --git a/doc/radosgw/bucketpolicy.rst b/doc/radosgw/bucketpolicy.rst
index 260bf2b106d..ba14e097ece 100644
--- a/doc/radosgw/bucketpolicy.rst
+++ b/doc/radosgw/bucketpolicy.rst
@@ -21,7 +21,7 @@ For example, one may use s3cmd to set or delete a policy thus::
     "Version": "2012-10-17",
     "Statement": [{
       "Effect": "Allow",
-      "Principal": {"AWS": ["arn:aws:iam::usfolks:user/fred"]},
+      "Principal": {"AWS": ["arn:aws:iam::usfolks:user/fred:subuser"]},
       "Action": "s3:PutObjectAcl",
       "Resource": [
         "arn:aws:s3:::happybucket/*"
diff --git a/src/rgw/rgw_auth.cc b/src/rgw/rgw_auth.cc
index b18d91832c3..a730ce3b292 100644
--- a/src/rgw/rgw_auth.cc
+++ b/src/rgw/rgw_auth.cc
@@ -613,9 +613,18 @@ bool rgw::auth::LocalApplier::is_identity(const idset_t& ids) const {
 	       id.get_tenant() == user_info.user_id.tenant) {
       return true;
     } else if (id.is_user() &&
-	       (id.get_tenant() == user_info.user_id.tenant) &&
-	       (id.get_id() == user_info.user_id.id)) {
-      return true;
+	       (id.get_tenant() == user_info.user_id.tenant)) {
+      if (id.get_id() == user_info.user_id.id) {
+        return true;
+      }
+      for (auto subuser : user_info.subusers) {
+        std::string user = user_info.user_id.id;
+        user.append(":");
+        user.append(subuser.second.name);
+        if (user == id.get_id()) {
+          return true;
+        }
+      }
     }
   }
   return false;
diff --git a/src/rgw/rgw_op.cc b/src/rgw/rgw_op.cc
index d2325c1ccd5..99ce3cb3ccb 100644
--- a/src/rgw/rgw_op.cc
+++ b/src/rgw/rgw_op.cc
@@ -85,8 +85,6 @@ using rgw::ARN;
 using rgw::IAM::Effect;
 using rgw::IAM::Policy;
 
-using rgw::IAM::Policy;
-
 static string mp_ns = RGW_OBJ_NS_MULTIPART;
 static string shadow_ns = RGW_OBJ_NS_SHADOW;
author	Seena Fallah <seenafallah@gmail.com>	2020-02-09 16:31:04 +0100
committer	Seena Fallah <seenafallah@gmail.com>	2020-02-11 09:53:46 +0100
commit	84b96f8d4f49fe1a82f3a8803a91b26f2a50ffd7 (patch)
tree	c6030d7204421f53ff3f77e23d7460fa7424a0bc
parent	Merge pull request #32928 from ljishen/wip-rados-bench-latency (diff)
download	ceph-84b96f8d4f49fe1a82f3a8803a91b26f2a50ffd7.tar.xz ceph-84b96f8d4f49fe1a82f3a8803a91b26f2a50ffd7.zip