Bug #19290
openradosgw/swift hammer acl weirdness
0%
Description
In ceph hammer, setting a swift acl with an invalid user results in puzzling behavior. The user is silently deleted from the acl. No error is sent back to the client. If valid users are also supplied in the acl, they are recorded properly.
In master, this behavior does not occur. 2 new lines are added in rgw_acl_swift.cc add_grants() after the comment "/* skipping silently */", "grant.set_canon(user, std::string(), perm);" and "acl.add_grant(&grant);".
Hammer probably needs something like this code if we want it to behave the same. Questions that should be resolved to make this change useful -- does swift allow setting invalid users like this? If the users are created after the acl is set, do they gain access?
Updated by Marcus Watts about 7 years ago
I've tried out invalid users in swift (ocata). They definitely let you set user names that don't exist, just as we do in master. Whether we should do that is another question, but if we don't want to do that in hammer we should probably be returning an error and not silently confusing the user.