Actions
Bug #20708
closedrgw: policy cannot parse Condition with IfExists
% Done:
0%
Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
The s3test test_bucket_policy_set_condition_operator_end_with_IfExists from https://github.com/ceph/s3-tests/pull/167 is failing.
It fails to parse the policy string:
{ "Version":"2012-10-17", "Statement": [{ "Sid": "Allow Public Access to All Objects", "Effect": "Allow", "Principal": "*", "Action": "s3:GetObject", "Condition": { "StringLikeIfExists": { "aws:Referer": "http://www.example.com/*" } }, "Resource": "arn:aws:s3:::%s/*" }] }
When rgw::IAM::ParseState::key() is called with "StringLikeIfExists", no token is found in 'tokens.lookup()'. This is allowed when (w->kind == TokenKind::cond_op), but w in this case is {name = "Condition", kind = TokenKind::statement, id = TokenID::Condition, specific = 0, arrayable = true, objectable = true}.
Actions