Project

General

Profile

Bug #24011

[rgw] Bucket Policy - not works with object tags

Added by Aleksandr Rudenko almost 6 years ago. Updated almost 6 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Target version:
% Done:

0%

Source:
Community (user)
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

On this page http://docs.ceph.com/docs/master/radosgw/s3/#features-support i see:

Object Tagging     Supported     Not supported in bucket policy/LC rules

But in this doc - https://github.com/ceph/ceph/blob/master/doc/radosgw/bucketpolicy.rst in "Object Related Operations" section i see that tags condition is supported in policy.

I try to use it:

object tags:

{
    "TagSet": [
        {
            "Value": "true",
            "Key": "pub" 
        }
    ]
}

policy:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetObject" 
      ],
      "Resource": [
        "arn:aws:s3:::test/*" 
      ],
      "Condition": {
        "StringEquals": {
          "s3:ExistingObjectTag/pub": "true" 
        }
      }
    }
  ]
}

but it's not working.

History

#1 Updated by Abhishek Lekshmanan almost 6 years ago

This is only supported in mimic as of now, and not in Luminous yet

#2 Updated by Orit Wasserman almost 6 years ago

  • Status changed from New to Resolved

#3 Updated by Orit Wasserman almost 6 years ago

We decided not to backport the support to luminous

Also available in: Atom PDF