Skip to content

rgw/iam: customer managed policy #646

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

rgw/iam: customer managed policy #646

wants to merge 1 commit into from

Conversation

ArbitCode
Copy link
Member

@ArbitCode ArbitCode commented May 6, 2025
edited
Loading 

s3tests_boto3/functional/test_iam.py::test_create_policy PASSED                                                                                                                                        [ 20%]
s3tests_boto3/functional/test_iam.py::test_create_duplicate_policy PASSED                                                                                                                              [ 40%]
s3tests_boto3/functional/test_iam.py::test_get_policy PASSED                                                                                                                                           [ 60%]
s3tests_boto3/functional/test_iam.py::test_delete_policy PASSED                                                                                                                                        [ 80%]
s3tests_boto3/functional/test_iam.py::test_delete_nonexistent_policy PASSED                                                                                                                            [100%]

@ArbitCode
Copy link
Member Author

ceph/ceph#62401

cbodley
cbodley reviewed May 6, 2025
View reviewed changes
Copy link
Contributor

@cbodley cbodley left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

great start 👍

s3tests_boto3/functional/test_iam.py
Comment on lines +1489 to +1490
# Cleanup
iam_root.delete_policy(PolicyArn=policy['Policy']['Arn'])
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

once we support iam:ListPolicies, we can add a nuke_policies() to the iam_root/iam_alt_root fixtures in iam.py so that test cases don't have to handle cleanup on their own

pytest.ini
@@ -53,3 +53,4 @@ markers =
user_policy
versioning
webidentity_test
policy
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we call this managed_policy?

Copy link
Member Author

@ArbitCode ArbitCode May 12, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@cbodley overall related to this SPIKE can we call managed_policy instead of policy or customer_managed_policy ?

but there is other existing features related managed_policy in will that create any confusion?
rgw_rest_user_policy.cc

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

but AWS presents it as policy while create, delete, get etc

pritha-srivastava
pritha-srivastava reviewed May 7, 2025
View reviewed changes
s3tests_boto3/functional/test_iam.py

@pytest.mark.policy
@pytest.mark.iam_account
def test_get_policy(iam_root):
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you can add a get test for a non existent policy.

@ArbitCode ArbitCode self-assigned this Jun 28, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cbodley cbodley cbodley left review comments

@pritha-srivastava pritha-srivastava pritha-srivastava left review comments

@dang dang Awaiting requested review from dang

@mattbenjamin mattbenjamin Awaiting requested review from mattbenjamin

At least 1 approving review is required to merge this pull request.

Assignees

@ArbitCode ArbitCode

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ArbitCode @cbodley @pritha-srivastava