]> git.proxmox.com Git - ceph.git/blobdiff - ceph/src/rgw/rgw_sts.cc
projects / ceph.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Import ceph 15.2.8
[ceph.git] / ceph / src / rgw / rgw_sts.cc
diff --git a/ceph/src/rgw/rgw_sts.cc b/ceph/src/rgw/rgw_sts.cc
index de4e33fb4aa788956d5af909e97656a23b709b1a..ca813c244b614d422f88386b2c8f2cd80393d92d 100644 (file)
--- a/ceph/src/rgw/rgw_sts.cc
+++ b/ceph/src/rgw/rgw_sts.cc
@@ -44,6 +44,7 @@ int Credentials::generateCredentials(CephContext* cct,
                           const uint64_t& duration,
                           const boost::optional<string>& policy,
                           const boost::optional<string>& roleId,
+                          const boost::optional<string>& role_session,
                           boost::optional<rgw_user> user,
                           rgw::auth::Identity* identity)
 {
@@ -117,6 +118,7 @@ int Credentials::generateCredentials(CephContext* cct,
     token.perm_mask = 0;
     token.is_admin = 0;
     token.acct_type = TYPE_ROLE;
+    token.role_session = role_session.get();
   }
 
   buffer::list input, enc_output;
@@ -335,6 +337,7 @@ AssumeRoleWithWebIdentityResponse STSService::assumeRoleWithWebIdentity(AssumeRo
   //Role and Policy provide the authorization info, user id and applier info are not needed
   response.assumeRoleResp.retCode = response.assumeRoleResp.creds.generateCredentials(cct, req.getDuration(),
                                                                                       req.getPolicy(), roleId,
+                                                                                      req.getRoleSessionName(),
                                                                                       user_id, nullptr);
   if (response.assumeRoleResp.retCode < 0) {
     return response;
@@ -380,6 +383,7 @@ AssumeRoleResponse STSService::assumeRole(AssumeRoleRequest& req)
   //Role and Policy provide the authorization info, user id and applier info are not needed
   response.retCode = response.creds.generateCredentials(cct, req.getDuration(),
                                               req.getPolicy(), roleId,
+                                              req.getRoleSessionName(),
                                               user_id, nullptr);
   if (response.retCode < 0) {
     return response;
@@ -417,6 +421,7 @@ GetSessionTokenResponse STSService::getSessionToken(GetSessionTokenRequest& req)
                                       req.getDuration(),
                                       boost::none,
                                       boost::none,
+                                      boost::none,
                                       user_id,
                                       identity); ret < 0) {
     return make_tuple(ret, cred);
Ceph