rgw/iam: match_policy() treats MATCH_POLICY_ARN as case-sensitive

now that the ArnLike conditions are the only user of MATCH_POLICY_ARN,
change their case-sensitivity to comply with Amazon Resource Name (ARN)
condition operators[1]

[1] https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_ARN

Signed-off-by: Casey Bodley <[email protected]>

Author: cbodley

src/rgw/rgw_common.cc

@@ -2186,7 +2186,7 @@ int rgw_parse_op_type_list(const string& str, uint32_t *perm)
 bool match_policy(const std::string& pattern, const std::string& input,
                   uint32_t flag)
 {
-  const uint32_t flag2 = flag & (MATCH_POLICY_ACTION|MATCH_POLICY_ARN) ?
+  const uint32_t flag2 = (flag & MATCH_POLICY_ACTION) ?
       MATCH_CASE_INSENSITIVE : 0;
 
   std::string_view::size_type last_pos_input = 0, last_pos_pattern = 0;

src/test/rgw/test_rgw_iam_policy.cc

@@ -1468,7 +1468,7 @@ TEST(MatchPolicy, ARN)
 {
   constexpr auto flag = MATCH_POLICY_ARN;
   EXPECT_TRUE(match_policy("a:b:c", "a:b:c", flag));
-  EXPECT_TRUE(match_policy("a:b:c", "A:B:C", flag)); // case insensitive
+  EXPECT_FALSE(match_policy("a:b:c", "A:B:C", flag)); // case sensitive
   EXPECT_TRUE(match_policy("a:*:e", "a:bcd:e", flag));
   EXPECT_FALSE(match_policy("a:*", "a:b:c", flag)); // cannot span segments
 }