Project

General

Profile

Bug #21685

user creation can overwrite existing user even if different uid is given

Added by Casey Bodley about 1 year ago. Updated 9 months ago.

Status:
Resolved
Priority:
High
Assignee:
Target version:
-
Start date:
10/05/2017
Due date:
% Done:

0%

Source:
Tags:
Backport:
luminous jewel
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:

Description

Steps to Reproduce:
1. Create a user 'testx$tester' in a tenant
2. Create another user 'testx$testabc' in the same tenant with the same 'access_key' name but different 'secret_key'

Actual results:
The command succeeds, but there is no user by name u2 created. Instead, it replaces the existing u1's access-key and secret-key

Additional info:
Users before creating 'testx$testabc'

    "testy$test",
    "testx$test1",
    "testuser",
    "testy$tester",
    "testx$tester",
    "synchronization-user" 

Existing user:

# radosgw-admin user info --tenant testx --uid tester --cluster ceph1

{
    "user_id": "testx$tester",
    "display_name": "Test User",
    "email": "",
    "suspended": 0,
    "max_buckets": 1000,
    "auid": 0,
    "subusers": [],
    "keys": [
        {
            "user": "testx$tester",
            "access_key": "TESTER",
            "secret_key": "test123" 

Create new user 'testabc' with same access_key:

# radosgw-admin --tenant testx --uid testabc --display-name "Test User" --access_key TESTER --secret testabc user create --cluster ceph1

{
    "user_id": "testx$tester", -------> created with a wrong user id 'tester'
    "display_name": "Test User",
    "email": "",
    "suspended": 0,
    "max_buckets": 1000,
    "auid": 0,
    "subusers": [],
    "keys": [
        {
            "user": "testx$tester",
            "access_key": "TESTER",
            "secret_key": "testabc" 
        }

The output shows that a user is created. But it is actually replacing the existing user 'testx$tester' secret_key with the the new user's secret_key

# radosgw-admin user info --tenant testx --uid testabc --cluster ceph1
could not fetch user info: no user info saved
# radosgw-admin user info --tenant testx --uid tester --cluster ceph1

{
    "user_id": "testx$tester",
    "display_name": "Test User",
    "email": "",
    "suspended": 0,
    "max_buckets": 1000,
    "auid": 0,
    "subusers": [],
    "keys": [
        {
            "user": "testx$tester",
            "access_key": "TESTER",
            "secret_key": "testabc" --------> the secret_key is replaced 
        }

Expected result:
The user create command should have failed and not replace the secret_key of another user.


Related issues

Duplicated by rgw - Bug #22685: create user, but uid error Duplicate 01/16/2018
Copied to rgw - Backport #21789: luminous: user creation can overwrite existing user even if different uid is given Resolved
Copied to rgw - Backport #22772: jewel: user creation can overwrite existing user even if different uid is given Resolved

History

#2 Updated by Casey Bodley about 1 year ago

  • Status changed from Verified to Need Review

#3 Updated by Casey Bodley about 1 year ago

  • Status changed from Need Review to Pending Backport

#4 Updated by Nathan Cutler about 1 year ago

  • Copied to Backport #21789: luminous: user creation can overwrite existing user even if different uid is given added

#5 Updated by Casey Bodley 9 months ago

  • Related to Bug #22685: create user, but uid error added

#6 Updated by Casey Bodley 9 months ago

  • Backport changed from luminous to luminous jewel

@smithfarm It looks like this is affecting jewel as well, according to http://tracker.ceph.com/issues/22685

#7 Updated by Nathan Cutler 9 months ago

  • Copied to Backport #22772: jewel: user creation can overwrite existing user even if different uid is given added

#8 Updated by Nathan Cutler 9 months ago

  • Related to deleted (Bug #22685: create user, but uid error)

#9 Updated by Nathan Cutler 9 months ago

  • Duplicated by Bug #22685: create user, but uid error added

#10 Updated by Nathan Cutler 9 months ago

  • Status changed from Pending Backport to Resolved

Also available in: Atom PDF