Project

General

Profile

Bug #52593

UpdateAssumeRolePolicy action requires iam:ModifyRole permission

Added by Daniel Iwan over 2 years ago. Updated over 2 years ago.

Status:
New
Priority:
Normal
Target version:
-
% Done:

0%

Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

I think AWS does not define iam:ModifyRole and instead iam:UpdateAssumeRolePolicy is used. I could not find any reference for iam:ModifyRole in documentation.
Using iam:UpdateAssumeRolePolicy would be better for compatibility.
Current implementation requires to specify Ceph's specific iam:ModifyRole in the permission policy if role's trust policy needs to be modified.

For reference
https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateAssumeRolePolicy.html
https://github.com/ceph/ceph/blob/master/src/rgw/rgw_iam_policy.cc
https://github.com/ceph/ceph/blob/master/src/rgw/rgw_rest_iam.cc

History

#1 Updated by Casey Bodley over 2 years ago

  • Assignee set to Pritha Srivastava

Also available in: Atom PDF