Bug #64232
openGetting an RGW service Segfault when assigning an attribute to an IAM role
0%
Description
The current implementation of RGWTagRole, which inherits RGWRestRole::verify_permission() from its base class, encounters a critical issue when loading RGWRole from storage and initializing the RGWRestRole::_role member variable.To address this issue and ensure that errors in initialization are appropriately handled, it is proposed to separate the initialization logic from the permission-checking logic.
Reproducer:
1. Create a rgw user
./bin/radosgw-admin user create --uid user2 --access-key 1234 --secret 1234 --display-name user2
2. Add role capabilities
./bin/radosgw-admin caps add --uid user2 --caps="roles=*"
3. Add admin flag to the user
./bin/radosgw-admin user modify --uid user2 --access-key 1234 --secret 1234 --display-name user2 --admin
aws configure --profile user2
aws --profile user2 --endpoint http://localhost:8000 iam tag-role --role-name rgwabac-department --tags Key=Department,Value=Engineering
Updated by Shreyansh Sancheti 3 months ago
- Status changed from Fix Under Review to In Progress
Updated by Casey Bodley 3 months ago
- Status changed from In Progress to Pending Backport
- Tags set to sts
- Backport set to quincy reef
Updated by Backport Bot 3 months ago
- Copied to Backport #64400: reef: Getting an RGW service Segfault when assigning an attribute to an IAM role added
Updated by Backport Bot 3 months ago
- Copied to Backport #64401: quincy: Getting an RGW service Segfault when assigning an attribute to an IAM role added
Updated by Backport Bot 3 months ago
- Tags changed from sts to sts backport_processed