Project

General

Profile

Actions
Copy link

Bug #20797

closed

rgw: putting X-Object-Manifest via TempURL should be prohibited

Added by Radoslaw Zarzynski over 6 years ago. Updated over 4 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Radoslaw Zarzynski
Target version:
-
% Done:

0%

Source:
Development
Tags:
Backport:
luminous mimic nautilus
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
16659
Crash signature (v1):
Crash signature (v2):

Description

test.functional.test_tempurl:TestTempURLPrefix.test_PUT_manifest_access of Swift's functional tests enforces that.

It seems RadosGW lacks this check even in Hammer. Traffic dump made on quite recent master:

######
T 127.0.0.1:58976 -> 127.0.0.1:8000 [AP]
PUT /v1/AUTH_test/713f16de3c1c4f03b9c52ec57ffd1c2f/004f0bcd1e17405797685b2178d1fa2d?temp_url_prefix=004f&temp_url_expires=1501256279&temp_url_sig=ac9a0e60b29705a645b092ad203973b625b2555a HTTP/1.1.
Host: 127.0.0.1:8000.
Accept-Encoding: identity.
Content-Length: 0.
x-object-manifest: some_random_container/foo.
Content-Type: application/octet-stream.
.

####
T 127.0.0.1:8000 -> 127.0.0.1:58976 [AP]
HTTP/1.1 201 Created.
etag: d41d8cd98f00b204e9800998ecf8427e.
Last-Modified: Thu, 27 Jul 2017 15:38:00 GMT.
X-Trans-Id: tx0000000000000000000ab-00597a08d7-1112-default.
X-Openstack-Request-Id: tx0000000000000000000ab-00597a08d7-1112-default.
Content-Type: text/plain; charset=utf-8.
Content-Length: 0.
Date: Thu, 27 Jul 2017 15:38:00 GMT.
.

Related issues 3 (0 open3 closed)

Copied to rgw - Backport #40132: luminous: rgw: putting X-Object-Manifest via TempURL should be prohibitedResolvedNathan CutlerActions
Copied to rgw - Backport #40133: mimic: rgw: putting X-Object-Manifest via TempURL should be prohibitedResolvedPrashant DActions
Copied to rgw - Backport #40134: nautilus: rgw: putting X-Object-Manifest via TempURL should be prohibitedResolvedPrashant DActions
Actions
Copy link
 #1

Updated by Radoslaw Zarzynski over 6 years ago

  • Status changed from New to In Progress
Actions
Copy link
 #2

Updated by Radoslaw Zarzynski over 6 years ago

  • Status changed from In Progress to Fix Under Review
Actions
Copy link
 #3

Updated by Casey Bodley almost 5 years ago

  • Status changed from Fix Under Review to Pending Backport
  • Backport set to luminous mimic nautilus
Actions
Copy link
 #4

Updated by Nathan Cutler almost 5 years ago

  • Copied to Backport #40132: luminous: rgw: putting X-Object-Manifest via TempURL should be prohibited added
Actions
Copy link
 #5

Updated by Nathan Cutler almost 5 years ago

  • Copied to Backport #40133: mimic: rgw: putting X-Object-Manifest via TempURL should be prohibited added
Actions
Copy link
 #6

Updated by Nathan Cutler almost 5 years ago

  • Copied to Backport #40134: nautilus: rgw: putting X-Object-Manifest via TempURL should be prohibited added
Actions
Copy link
 #7

Updated by Nathan Cutler over 4 years ago

  • Pull request ID set to 16659
Actions
Copy link
 #8

Updated by Nathan Cutler over 4 years ago

  • Status changed from Pending Backport to Resolved

While running with --resolve-parent, the script "backport-create-issue" noticed that all backports of this issue are in status "Resolved" or "Rejected".

Actions
Copy link

Also available in: Atom PDF