Bug #21685
closeduser creation can overwrite existing user even if different uid is given
0%
Description
Steps to Reproduce:
1. Create a user 'testx$tester' in a tenant
2. Create another user 'testx$testabc' in the same tenant with the same 'access_key' name but different 'secret_key'
Actual results:
The command succeeds, but there is no user by name u2 created. Instead, it replaces the existing u1's access-key and secret-key
Additional info:
Users before creating 'testx$testabc'
"testy$test",
"testx$test1",
"testuser",
"testy$tester",
"testx$tester",
"synchronization-user"
Existing user:
# radosgw-admin user info --tenant testx --uid tester --cluster ceph1
{
"user_id": "testx$tester",
"display_name": "Test User",
"email": "",
"suspended": 0,
"max_buckets": 1000,
"auid": 0,
"subusers": [],
"keys": [
{
"user": "testx$tester",
"access_key": "TESTER",
"secret_key": "test123"
Create new user 'testabc' with same access_key:
# radosgw-admin --tenant testx --uid testabc --display-name "Test User" --access_key TESTER --secret testabc user create --cluster ceph1
{
"user_id": "testx$tester", -------> created with a wrong user id 'tester'
"display_name": "Test User",
"email": "",
"suspended": 0,
"max_buckets": 1000,
"auid": 0,
"subusers": [],
"keys": [
{
"user": "testx$tester",
"access_key": "TESTER",
"secret_key": "testabc"
}
The output shows that a user is created. But it is actually replacing the existing user 'testx$tester' secret_key with the the new user's secret_key
# radosgw-admin user info --tenant testx --uid testabc --cluster ceph1 could not fetch user info: no user info saved
# radosgw-admin user info --tenant testx --uid tester --cluster ceph1
{
"user_id": "testx$tester",
"display_name": "Test User",
"email": "",
"suspended": 0,
"max_buckets": 1000,
"auid": 0,
"subusers": [],
"keys": [
{
"user": "testx$tester",
"access_key": "TESTER",
"secret_key": "testabc" --------> the secret_key is replaced
}
Expected result:
The user create command should have failed and not replace the secret_key of another user.
Updated by Casey Bodley over 6 years ago
Updated by Casey Bodley over 6 years ago
- Status changed from 12 to Fix Under Review
Updated by Casey Bodley over 6 years ago
- Status changed from Fix Under Review to Pending Backport
Updated by Nathan Cutler over 6 years ago
- Copied to Backport #21789: luminous: user creation can overwrite existing user even if different uid is given added
Updated by Casey Bodley over 6 years ago
- Related to Bug #22685: create user, but uid error added
Updated by Casey Bodley over 6 years ago
- Backport changed from luminous to luminous jewel
@Nathan Cutler It looks like this is affecting jewel as well, according to http://tracker.ceph.com/issues/22685
Updated by Nathan Cutler over 6 years ago
- Copied to Backport #22772: jewel: user creation can overwrite existing user even if different uid is given added
Updated by Nathan Cutler about 6 years ago
- Related to deleted (Bug #22685: create user, but uid error)
Updated by Nathan Cutler about 6 years ago
- Has duplicate Bug #22685: create user, but uid error added
Updated by Nathan Cutler about 6 years ago
- Status changed from Pending Backport to Resolved