Bug #20708: rgw: policy cannot parse Condition with IfExists - rgw - Ceph

Actions

Copy link

Bug #20708

closed

rgw: policy cannot parse Condition with IfExists

Added by Casey Bodley over 6 years ago. Updated over 6 years ago.

Status:

Resolved

Priority:

High

Assignee:

Adam Emerson

Target version:

% Done:

Source:

Tags:

Backport:

Regression:

Severity:

3 - minor

Reviewed:

Affected Versions:

ceph-qa-suite:

Pull request ID:

Crash signature (v1):

Crash signature (v2):

Description

The s3test test_bucket_policy_set_condition_operator_end_with_IfExists from https://github.com/ceph/s3-tests/pull/167 is failing.

It fails to parse the policy string:

{
  "Version":"2012-10-17",
  "Statement": [{
    "Sid": "Allow Public Access to All Objects",
    "Effect": "Allow",
    "Principal": "*",
    "Action": "s3:GetObject",
    "Condition": {
      "StringLikeIfExists": {
        "aws:Referer": "http://www.example.com/*" 
      }
    },
    "Resource": "arn:aws:s3:::%s/*" 
  }]
}

When rgw::IAM::ParseState::key() is called with "StringLikeIfExists", no token is found in 'tokens.lookup()'. This is allowed when (w->kind == TokenKind::cond_op), but w in this case is {name = "Condition", kind = TokenKind::statement, id = TokenID::Condition, specific = 0, arrayable = true, objectable = true}.