Project

General

Profile

Actions
Copy link

Bug #59136

open

Support bucket notification with bucket policy

Added by Anuchaithra Rao about 1 year ago. Updated about 1 year ago.

Status:
Pending Backport
Priority:
Normal
Assignee:
Yuval Lifshitz
Target version:
-
% Done:

0%

Source:
Q/A
Tags:
notifications backport_processed
Backport:
reef, quincy
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
Ceph - v17.2.5
ceph-qa-suite:
Pull request ID:
50684
Crash signature (v1):
Crash signature (v2):

Description

1. Create 2 user(user1 and user2) for tenant1
2. create bucket using user1 of tenant1
3. putbucket notification to created bucket using user1 of tenant1
4. Create 2 user(user1 and user2) for tenant2
5. setbucketpolicy to bucket, so that it will be accesible to all user to perfrom all action (bucket_policy_generated:{'Version': '2012-10-17', 'Statement': [{'Action': ['s3:*'], 'Principal': {'AWS': '*'}, 'Resource': ['arn:aws:s3:::usera225e5b42efa45f3-bucky-4637-0', 'arn:aws:s3:::usera225e5b42efa45f3-bucky-4637-0/*'], 'Effect': 'Allow', 'Sid': 'statement'}]})
6. perform getbucketnotification from all user ---> getting failed with access denied for user1 of tenat1 and user1,user2 of tenant2

tried put with all user --> its working fine

Note: bucket notification feature is not supported with bucket policy observing AccessDenied

Related issues 2 (1 open1 closed)

Copied to rgw - Backport #59232: reef: Support bucket notification with bucket policyResolvedYuval LifshitzActions
Copied to rgw - Backport #59233: quincy: Support bucket notification with bucket policyNewYuval LifshitzActions
Actions
Copy link

Also available in: Atom PDF