Actions
Bug #3450
closedWRITE permission only doesn't allow proper multi-part upload
Status:
Won't Fix
Priority:
Normal
Assignee:
-
Target version:
-
% Done:
0%
Source:
Community (user)
Tags:
Backport:
Regression:
Severity:
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
In our setup we have a user who only has write permission on a bucket and we wanted to use multi-part uploads.
The problem is that before the finalize of the upload the library checks the upload status of the various parts and that goes through the RGWListMultipart which requires the READ rights.
To me it doesn't seem to make a lot of sense because that api only lists 'meta data' about the WRITE operation itself and so the user should still be able to do it.
We applied the attached patch for it to work as we expect. The downside is that WRITE users can query the status of any upload if they know the uploadID but that seems about as likely as guessing the signature ...
Files
Actions