rgw: Address review comments, fix test cases for BucketEncryption APIs

Review comments are addressed. Added documentation in authentication.rst for newly added IAM policies. Test case failure due to incorrect IAM policy is fixed. Signed-off-by: Rahul Dev Parashar <rahul.dev@flipkart.com>
2025-03-31 07:53:23 +00:00 · 2021-07-19 13:37:45 +05:30 · 2021-07-19 13:37:45 +05:30 · 34befa4122
commit 34befa4122
parent 95acefb2f5
4 changed files with 5 additions and 6 deletions
--- a/doc/radosgw/s3/authentication.rst
+++ b/doc/radosgw/s3/authentication.rst
@ -185,6 +185,8 @@ Internally, S3 operations are mapped to ACL permissions thus:
 +---------------------------------------+---------------+
 | ``s3:GetReplicationConfiguration``    | ``READ_ACP``  |
 +---------------------------------------+---------------+
+| ``s3:GetBucketEncryption``            | ``READ_ACP``  |
+---------------------------------------+---------------+
 | ``s3:DeleteBucketPolicy``             | ``WRITE_ACP`` |
 +---------------------------------------+---------------+
 | ``s3:DeleteBucketWebsite``            | ``WRITE_ACP`` |
@ -219,6 +221,8 @@ Internally, S3 operations are mapped to ACL permissions thus:
 +---------------------------------------+---------------+
 | ``s3:PutReplicationConfiguration``    | ``WRITE_ACP`` |
 +---------------------------------------+---------------+
+| ``s3:PutBucketEncryption``            | ``WRITE_ACP`` |
+---------------------------------------+---------------+

 Some mappings, (e.g. ``s3:CreateBucket`` to ``WRITE``) are not
 applicable to S3 operation, but are required to allow Swift and S3 to
--- a/src/rgw/rgw_bucket_encryption.cc
+++ b/src/rgw/rgw_bucket_encryption.cc
@ -24,9 +24,6 @@ void ServerSideEncryptionConfiguration::dump_xml(Formatter *f) const {

 void RGWBucketEncryptionConfig::decode_xml(XMLObj *obj) {
  rule_exist = RGWXMLDecoder::decode_xml("Rule", rule, obj);
-  if(!rule_exist) {
-    throw RGWXMLDecoder::err("rule must be present in XML");
-  }
 }

 void RGWBucketEncryptionConfig::dump_xml(Formatter *f) const {
--- a/src/rgw/rgw_common.h
+++ b/src/rgw/rgw_common.h
@ -39,7 +39,6 @@
 #include "cls/rgw/cls_rgw_types.h"
 #include "include/rados/librados.hpp"
 #include "rgw_public_access.h"
-#include "rgw_bucket_encryption.h"

 namespace ceph {
  class Formatter;
--- a/src/rgw/rgw_iam_policy.h
+++ b/src/rgw/rgw_iam_policy.h
@ -109,8 +109,7 @@ static constexpr std::uint64_t s3PutBucketPublicAccessBlock = 66;
 static constexpr std::uint64_t s3DeleteBucketPublicAccessBlock = 67;
 static constexpr std::uint64_t s3GetBucketEncryption = 68;
 static constexpr std::uint64_t s3PutBucketEncryption = 69;
-static constexpr std::uint64_t s3DeleteBucketEncryption = 70;
-static constexpr std::uint64_t s3All = 71;
+static constexpr std::uint64_t s3All = 70;

 static constexpr std::uint64_t iamPutUserPolicy = s3All + 1;
 static constexpr std::uint64_t iamGetUserPolicy = s3All + 2;