update ceph source to reef 18.1.2

[ceph.git] / ceph / src / rgw / rgw_iam_policy.h

diff --git a/ceph/src/rgw/rgw_iam_policy.h b/ceph/src/rgw/rgw_iam_policy.h
index 2de1b7bd58b9f83a5e73334bc76b3bc7d9a7b8f1..c0a7e51b5fd7e8f7fdce253f97e89575c2b2f0ab 100644 (file)
--- a/ceph/src/rgw/rgw_iam_policy.h
+++ b/ceph/src/rgw/rgw_iam_policy.h
@@ -1,8 +1,7 @@
 // -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
 // vim: ts=8 sw=2 smarttab ft=cpp
 
-#ifndef CEPH_RGW_IAM_POLICY_H
-#define CEPH_RGW_IAM_POLICY_H
+#pragma once
 
 #include <bitset>
 #include <chrono>
@@ -18,6 +17,8 @@
 #include <boost/thread/shared_mutex.hpp>
 #include <boost/variant.hpp>
 
+#include <fmt/format.h>
+
 #include "common/ceph_time.h"
 #include "common/iso_8601.h"
 
@@ -117,7 +118,7 @@ static constexpr std::uint64_t iamDeleteUserPolicy = s3All + 3;
 static constexpr std::uint64_t iamListUserPolicies = s3All + 4;
 static constexpr std::uint64_t iamCreateRole = s3All + 5;
 static constexpr std::uint64_t iamDeleteRole = s3All + 6;
-static constexpr std::uint64_t iamModifyRole = s3All + 7;
+static constexpr std::uint64_t iamModifyRoleTrustPolicy = s3All + 7;
 static constexpr std::uint64_t iamGetRole = s3All + 8;
 static constexpr std::uint64_t iamListRoles = s3All + 9;
 static constexpr std::uint64_t iamPutRolePolicy = s3All + 10;
@@ -131,7 +132,8 @@ static constexpr std::uint64_t iamListOIDCProviders = s3All + 17;
 static constexpr std::uint64_t iamTagRole = s3All + 18;
 static constexpr std::uint64_t iamListRoleTags = s3All + 19;
 static constexpr std::uint64_t iamUntagRole = s3All + 20;
-static constexpr std::uint64_t iamAll = s3All + 21;
+static constexpr std::uint64_t iamUpdateRole = s3All + 21;
+static constexpr std::uint64_t iamAll = s3All + 22;
 
 static constexpr std::uint64_t stsAssumeRole = iamAll + 1;
 static constexpr std::uint64_t stsAssumeRoleWithWebIdentity = iamAll + 2;
@@ -495,11 +497,19 @@ std::ostream& operator <<(std::ostream& m, const Statement& s);
 
 struct PolicyParseException : public std::exception {
   rapidjson::ParseResult pr;
+  std::string msg;
+
+  explicit PolicyParseException(const rapidjson::ParseResult pr,
+                               const std::string& annotation)
+    : pr(pr),
+      msg(fmt::format("At character offset {}, {}",
+                     pr.Offset(),
+                     (pr.Code() == rapidjson::kParseErrorTermination ?
+                      annotation :
+                      rapidjson::GetParseError_En(pr.Code())))) {}
 
-  explicit PolicyParseException(rapidjson::ParseResult&& pr)
-    : pr(pr) { }
   const char* what() const noexcept override {
-    return rapidjson::GetParseError_En(pr.Code());
+    return msg.c_str();
   }
 };
 
@@ -510,8 +520,14 @@ struct Policy {
 
   std::vector<Statement> statements;
 
+  // reject_invalid_principals should be set to
+  // `cct->_conf.get_val<bool>("rgw_policy_reject_invalid_principals")`
+  // when executing operations that *set* a bucket policy, but should
+  // be false when reading a stored bucket policy so as not to break
+  // backwards configuration.
   Policy(CephContext* cct, const std::string& tenant,
-        const bufferlist& text);
+        const bufferlist& text,
+        bool reject_invalid_principals);
 
   Effect eval(const Environment& e,
              boost::optional<const rgw::auth::Identity&> ida,
@@ -561,5 +577,3 @@ bool is_public(const Policy& p);
 
 }
 }
-
-#endif