Actions
Bug #59495
opensts: every AssumeRole writes to the RGWUserInfo
% Done:
0%
Source:
Community (user)
Tags:
sts metadata backport_processed
Backport:
pacific quincy reef
Regression:
No
Severity:
3 - minor
Reviewed:
Description
RGWSTSAssumeRole::execute()
calls STSService::assumeRole()
calls STSService::storeARN()
to save the role's ARN in RGWUserInfo::assumed_role_arn
. it doesn't look that field is used anywhere. it also doesn't make sense to store a role ARN on the user, because that would prevent us from assuming multiple roles at the same time
metadata writes are expensive because they invalidate the metadata cache, and we rely heavily on that cache for things like request authorization. in multisite, every metadata write also triggers metadata sync from each peer zone
Updated by Casey Bodley about 1 year ago
- Status changed from New to Fix Under Review
- Assignee set to Casey Bodley
- Pull request ID set to 51161
Updated by Casey Bodley about 1 year ago
- Status changed from Fix Under Review to Pending Backport
Updated by Backport Bot about 1 year ago
- Copied to Backport #59610: pacific: sts: every AssumeRole writes to the RGWUserInfo added
Updated by Backport Bot about 1 year ago
- Copied to Backport #59611: reef: sts: every AssumeRole writes to the RGWUserInfo added
Updated by Backport Bot about 1 year ago
- Copied to Backport #59612: quincy: sts: every AssumeRole writes to the RGWUserInfo added
Updated by Backport Bot about 1 year ago
- Tags changed from sts metadata to sts metadata backport_processed
Actions