Project

General

Profile

Bug #20708

rgw: policy cannot parse Condition with IfExists

Added by Casey Bodley 3 months ago. Updated 3 months ago.

Status:
Resolved
Priority:
High
Assignee:
Target version:
-
Start date:
07/20/2017
Due date:
% Done:

0%

Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Release:
Needs Doc:
No

Description

The s3test test_bucket_policy_set_condition_operator_end_with_IfExists from https://github.com/ceph/s3-tests/pull/167 is failing.

It fails to parse the policy string:

{
  "Version":"2012-10-17",
  "Statement": [{
    "Sid": "Allow Public Access to All Objects",
    "Effect": "Allow",
    "Principal": "*",
    "Action": "s3:GetObject",
    "Condition": {
      "StringLikeIfExists": {
        "aws:Referer": "http://www.example.com/*" 
      }
    },
    "Resource": "arn:aws:s3:::%s/*" 
  }]
}

When rgw::IAM::ParseState::key() is called with "StringLikeIfExists", no token is found in 'tokens.lookup()'. This is allowed when (w->kind == TokenKind::cond_op), but w in this case is {name = "Condition", kind = TokenKind::statement, id = TokenID::Condition, specific = 0, arrayable = true, objectable = true}.

History

#2 Updated by Casey Bodley 3 months ago

  • Status changed from New to Resolved

Also available in: Atom PDF