Project

General

Profile

Actions
Copy link

Bug #59495

open

sts: every AssumeRole writes to the RGWUserInfo

Added by Casey Bodley about 1 year ago. Updated about 1 year ago.

Status:
Pending Backport
Priority:
High
Assignee:
Casey Bodley
Target version:
-
% Done:

0%

Source:
Community (user)
Tags:
sts metadata backport_processed
Backport:
pacific quincy reef
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
51161
Crash signature (v1):
Crash signature (v2):

Description

RGWSTSAssumeRole::execute() calls STSService::assumeRole() calls STSService::storeARN() to save the role's ARN in RGWUserInfo::assumed_role_arn. it doesn't look that field is used anywhere. it also doesn't make sense to store a role ARN on the user, because that would prevent us from assuming multiple roles at the same time

metadata writes are expensive because they invalidate the metadata cache, and we rely heavily on that cache for things like request authorization. in multisite, every metadata write also triggers metadata sync from each peer zone

Related issues 3 (1 open2 closed)

Copied to rgw - Backport #59610: pacific: sts: every AssumeRole writes to the RGWUserInfoResolvedMykola GolubActions
Copied to rgw - Backport #59611: reef: sts: every AssumeRole writes to the RGWUserInfoResolvedCasey BodleyActions
Copied to rgw - Backport #59612: quincy: sts: every AssumeRole writes to the RGWUserInfoIn ProgressMykola GolubActions
Actions
Copy link

Also available in: Atom PDF