New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
rgw: Return Error if Bucket Policy Contians Undefined Action #17433
Conversation
Signed-off-by: Wen Zhang zhangwen1@unionpay.com
src/rgw/rgw_iam_policy.cc
Outdated
@@ -792,6 +792,8 @@ static optional<Principal> parse_principal(CephContext* cct, TokenID t, | |||
bool ParseState::do_string(CephContext* cct, const char* s, size_t l) { | |||
auto k = pp->tokens.lookup(s, l); | |||
Policy& p = pp->policy; | |||
bool isAction = false; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there a real need to take isAction variable?
Because whenever it goes inside case ((w->id == TokenID::Action) || (w->id == TokenID::NotAction))
it will loop through the for()
.
And if it does not go inside ((w->id == TokenID::Action) || (w->id == TokenID::NotAction))
isValidAction
is always false
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If we do not mark isAction flag, will return false when w->id is another value. For example, w->id == TokenID::Effect, isVaildAction is false,. At finally, "if(!isValidAction)return false" will be executed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure, looks reasonable,
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit, might be consistent with the naming convention: we don't use camelCase in Ceph, so i'd suggest rename this variable to is_action
instead.
@adamemerson Could you review this? Tks~ |
src/rgw/rgw_iam_policy.cc
Outdated
@@ -792,6 +792,8 @@ static optional<Principal> parse_principal(CephContext* cct, TokenID t, | |||
bool ParseState::do_string(CephContext* cct, const char* s, size_t l) { | |||
auto k = pp->tokens.lookup(s, l); | |||
Policy& p = pp->policy; | |||
bool isAction = false; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure, looks reasonable,
Signed-off-by: Wen Zhang zhangwen1@unionpay.com
@tchaikov I just rename the variables. Could you review it? Tks~ |
thanks, looks better =) |
@joscollin Could you merge it? Tks~ |
@C2python This PR is waiting for testing. See the |
@joscollin thanks for test runs, looks good |
@mattbenjamin no problem :-) |
Signed-off-by: Wen Zhang zhangwen1@unionpay.com