Actions
Bug #58594
openMultiPart Upload with Bucket Policy Fails
% Done:
0%
Source:
Tags:
post multipart policy sse backport_processed
Backport:
quincy reef
Regression:
No
Severity:
3 - minor
Reviewed:
Description
When configuring a bucket with the following policy, any multi-part uploads are rejected:
{"Sid":"DenyUnencryptedUploads","Effect":"Deny","Principal":"*","Action":"s3:PutObject","Resource":"BUCKET_ARN/*","Condition":{"Null":{"s3:x-amz-server-side-encryption":"true"}}}
From some digging it would appear the authorization checks found in `RGWPutObj::verify_permission` are not replicated in the `RGWPostObj::verify_permission` function and thus the `x-amz-server-side-encryption` header is never added to the authorization environment using `rgw_add_to_iam_environment`, currently `src/rgw/rgw_op.cc`:3697 on the main branch.
Updated by Casey Bodley over 1 year ago
- Assignee set to Marcus Watts
- Tags set to multipart policy sse
- Backport set to quincy
Updated by Casey Bodley about 1 year ago
- Status changed from New to Fix Under Review
- Assignee changed from Marcus Watts to Casey Bodley
- Tags changed from multipart policy sse to post multipart policy sse
- Backport changed from quincy to quincy reef
- Pull request ID set to 50924
Updated by Casey Bodley about 1 year ago
- Status changed from Fix Under Review to Pending Backport
Updated by Backport Bot about 1 year ago
- Copied to Backport #59608: quincy: MultiPart Upload with Bucket Policy Fails added
Updated by Backport Bot about 1 year ago
- Copied to Backport #59609: reef: MultiPart Upload with Bucket Policy Fails added
Updated by Backport Bot about 1 year ago
- Tags changed from post multipart policy sse to post multipart policy sse backport_processed
Actions