Project

General

Profile

Bug #21983

rgw: modify s3 type subuser access permission fail

Added by joke lee over 1 year ago. Updated over 1 year ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Target version:
Start date:
10/31/2017
Due date:
% Done:

0%

Source:
Tags:
Backport:
jewel luminous
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:

Description

hi, in master branch

i create a s3 type subuser as follow command:

radosgw-admin subuser create --uid=tdktest01 --subuser=read-tdktest01 --access-key=read-tdktest01 --secret=read-tdktest01 --key-type=s3 --access=read

and modify the access permission through admin rest api(radosgw-admin user create --uid=admin --display-name=admin --access-key=admin --secret-key=admin --caps="users=*;buckets=*;metadata=*;usage=*;zone=*")

< POST /admin/user?subuser&format=json&uid=tdktest01&subuser=read-tdktest01&key-type=s3&access=write HTTP/1.1
< Host: 127.0.0.1:8000
< Content-Length: 0
< Accept-Encoding: gzip, deflate
< Accept: */*
< User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-327.el7.x86_64
< Connection: keep-alive
< date: Tue, 31 Oct 2017 05:36:15 GMT
< Authorization: AWS admin:+G5HWWklSbZNVkSyqSxJUEuvfks=
<

> HTTP/1.1 403 Forbidden
> content-length: 123
> accept-ranges: bytes
> connection: Keep-Alive
> x-amz-request-id: tx000000000000000000002-0059f80bcf-1010-default
> date: Tue, 31 Oct 2017 05:43:57 GMT
> content-type: application/json
>
{"Code":"InvalidAccessKeyId","RequestId":"tx000000000000000000002-0059f80bcf-1010-default","HostId":"1010-default-default"}

but in jewel

< POST /admin/user?subuser&format=json&uid=yly&subuser=yly2&key-type=s3&access=read HTTP/1.1
< Host: 127.0.0.1:80
< Content-Length: 0
< Accept-Encoding: gzip, deflate
< Accept: */*
< User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-514.el7.x86_64
< Connection: keep-alive
< date: Tue, 31 Oct 2017 06:16:53 GMT
< Authorization: AWS yly:t5JLf9zObOH+iIniiRAQm472WwE=
<

> HTTP/1.1 200 OK
> date: Tue, 31 Oct 2017 06:16:53 GMT
> content-length: 78
> x-amz-request-id: tx000000000000000000008-0059f81555-107b-oNest2-zgp1-z1
> connection: Keep-Alive
>
[{"id":"yly:yly","permissions":"read"},{"id":"yly:yly2","permissions":"read"}]


Related issues

Copied to rgw - Backport #22021: luminous: rgw: modify s3 type subuser access permission fail Resolved
Copied to rgw - Backport #22022: jewel: rgw: modify s3 type subuser access permission fail Rejected

History

#1 Updated by joke lee over 1 year ago

https://github.com/ceph/ceph/pull/18641 this pull request fix the problem

#2 Updated by Casey Bodley over 1 year ago

  • Status changed from New to Pending Backport
  • Backport set to jewel luminous

#3 Updated by Nathan Cutler over 1 year ago

  • Copied to Backport #22021: luminous: rgw: modify s3 type subuser access permission fail added

#4 Updated by Nathan Cutler over 1 year ago

  • Copied to Backport #22022: jewel: rgw: modify s3 type subuser access permission fail added

#5 Updated by Nathan Cutler over 1 year ago

  • Status changed from Pending Backport to Resolved

Jewel backport was rejected because the regression this is fixing was introduced post-jewel.

Also available in: Atom PDF