Bug #64232
openGetting an RGW service Segfault when assigning an attribute to an IAM role
0%
Description
The current implementation of RGWTagRole, which inherits RGWRestRole::verify_permission() from its base class, encounters a critical issue when loading RGWRole from storage and initializing the RGWRestRole::_role member variable.To address this issue and ensure that errors in initialization are appropriately handled, it is proposed to separate the initialization logic from the permission-checking logic.
Reproducer:
1. Create a rgw user
./bin/radosgw-admin user create --uid user2 --access-key 1234 --secret 1234 --display-name user2
2. Add role capabilities
./bin/radosgw-admin caps add --uid user2 --caps="roles=*"
3. Add admin flag to the user
./bin/radosgw-admin user modify --uid user2 --access-key 1234 --secret 1234 --display-name user2 --admin
aws configure --profile user2
aws --profile user2 --endpoint http://localhost:8000 iam tag-role --role-name rgwabac-department --tags Key=Department,Value=Engineering