Bug #10698
rgw: not failing POST requests if keystone not configured
0%
Description
It will most likely fail later on due to access permissions on the bucket, unless bucket has a public write permission set (in which case it will behave similar to the anonymous user). This is a recent regression, introduced at commit:8b3dfc9472022ea45ad24e02e0aa21dfdad798f8.
Related issues
Associated revisions
rgw: fail s3 POST auth if keystone not configured
Fixes: #10698
This fixes issue introduced in 8b3dfc9472022ea45ad24e02e0aa21dfdad798f8,
where if user does not exist, we try keystone authentication. However,
if keystone is not configured we justt fall through without failing.
This would have failed later on due to bucket permissions, unless bucket
had a public write permissions.
Reported-by: Valery Tschopp <valery.tschopp@switch.ch>
Signed-off-by: Yehuda Sadeh <yehuda@redhat.com>
rgw: fail s3 POST auth if keystone not configured
Fixes: #10698
This fixes issue introduced in 8b3dfc9472022ea45ad24e02e0aa21dfdad798f8,
where if user does not exist, we try keystone authentication. However,
if keystone is not configured we justt fall through without failing.
This would have failed later on due to bucket permissions, unless bucket
had a public write permissions.
Backports: Firefly
Reported-by: Valery Tschopp <valery.tschopp@switch.ch>
Signed-off-by: Yehuda Sadeh <yehuda@redhat.com>
Conflicts:
src/rgw/rgw_rest_s3.cc
History
#1 Updated by Yehuda Sadeh about 6 years ago
- Source changed from other to Community (user)
#2 Updated by Yehuda Sadeh about 6 years ago
- Status changed from 12 to Fix Under Review
#3 Updated by Yehuda Sadeh about 6 years ago
- Status changed from Fix Under Review to Resolved
#4 Updated by Yehuda Sadeh about 6 years ago
- Status changed from Resolved to Pending Backport
- Backport set to giant, firefly
#5 Updated by Loïc Dachary about 6 years ago
The code in firefly looks quite different and rgw: fail s3 POST auth if keystone not configured may not be necessary. If this is confirmed firefly can be removed from the Backport field.
#6 Updated by Valery Tschopp about 6 years ago
Not from what I've experienced, and the patch is required for firefly too.
Here at SWITCH, we apply the patch directly in debian firefly trusty source package, rebuilt it and install it. We have to do this because our customers need the S3 browser POST functionality.
#7 Updated by Sage Weil about 6 years ago
- Status changed from Pending Backport to Resolved