diff options
| author | Rahul Dev Parashar <rahul.dev@flipkart.com> | 2021-07-19 09:18:14 +0200 |
|---|---|---|
| committer | Rahul Dev Parashar <rahul.dev@flipkart.com> | 2021-07-19 09:18:14 +0200 |
| commit | 95acefb2f5e5b1a930b263bbc7d18857d476653c (patch) | |
| tree | a1e7beae60734213b5f35217788727b9f03d9e8e /src/rgw/rgw_iam_policy.cc | |
| parent | Merge pull request #42176 from tchaikov/wip-doc-option (diff) | |
| download | ceph-95acefb2f5e5b1a930b263bbc7d18857d476653c.tar.xz ceph-95acefb2f5e5b1a930b263bbc7d18857d476653c.zip | |
rgw: Introduce BucketEncryption APIs to support SSE-S3 feature
This patch introduces support for 3 new BucketEncryption APIs which are listed
below and are helpful in supporting AWS SSE-S3 encryption mode.
PutBucketEncryption: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketEncryption.html
GetBucketEncryption: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketEncryption.html
DeleteBucketEncryption: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketEncryption.html
The user provided parameters are parsed and stored in the bucket's extended
attributes RGW_ATTR_BUCKET_ENCRYPTION and
RGW_ATTR_BUCKET_ENCRYPTION_SSE_S3_KEY_ID.
Signed-off-by: Rahul Dev Parashar <rahul.dev@flipkart.com>
Diffstat (limited to 'src/rgw/rgw_iam_policy.cc')
| -rw-r--r-- | src/rgw/rgw_iam_policy.cc | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/rgw/rgw_iam_policy.cc b/src/rgw/rgw_iam_policy.cc index 48780c2efbb..686601d3ac7 100644 --- a/src/rgw/rgw_iam_policy.cc +++ b/src/rgw/rgw_iam_policy.cc @@ -79,6 +79,7 @@ static const actpair actpairs[] = { "s3:GetAccelerateConfiguration", s3GetAccelerateConfiguration }, { "s3:GetBucketAcl", s3GetBucketAcl }, { "s3:GetBucketCORS", s3GetBucketCORS }, + { "s3:GetBucketEncryption", s3GetBucketEncryption }, { "s3:GetBucketLocation", s3GetBucketLocation }, { "s3:GetBucketLogging", s3GetBucketLogging }, { "s3:GetBucketNotification", s3GetBucketNotification }, @@ -111,6 +112,7 @@ static const actpair actpairs[] = { "s3:PutAccelerateConfiguration", s3PutAccelerateConfiguration }, { "s3:PutBucketAcl", s3PutBucketAcl }, { "s3:PutBucketCORS", s3PutBucketCORS }, + { "s3:PutBucketEncryption", s3PutBucketEncryption }, { "s3:PutBucketLogging", s3PutBucketLogging }, { "s3:PutBucketNotification", s3PutBucketNotification }, { "s3:PutBucketPolicy", s3PutBucketPolicy }, @@ -1136,6 +1138,12 @@ const char* action_bit_string(uint64_t action) { case s3PutBucketCORS: return "s3:PutBucketCORS"; + case s3GetBucketEncryption: + return "s3:GetBucketEncryption"; + + case s3PutBucketEncryption: + return "s3:PutBucketEncryption"; + case s3GetBucketVersioning: return "s3:GetBucketVersioning"; |