Bug #52593
UpdateAssumeRolePolicy action requires iam:ModifyRole permission
% Done:
0%
Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
I think AWS does not define iam:ModifyRole and instead iam:UpdateAssumeRolePolicy is used. I could not find any reference for iam:ModifyRole in documentation.
Using iam:UpdateAssumeRolePolicy would be better for compatibility.
Current implementation requires to specify Ceph's specific iam:ModifyRole in the permission policy if role's trust policy needs to be modified.
For reference
https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateAssumeRolePolicy.html
https://github.com/ceph/ceph/blob/master/src/rgw/rgw_iam_policy.cc
https://github.com/ceph/ceph/blob/master/src/rgw/rgw_rest_iam.cc
History
#1 Updated by Casey Bodley over 2 years ago
- Assignee set to Pritha Srivastava