Project

General

Profile

Bug #10698

rgw: not failing POST requests if keystone not configured

Added by Yehuda Sadeh about 6 years ago. Updated about 6 years ago.

Status:
Resolved
Priority:
Urgent
Assignee:
-
Target version:
-
% Done:

0%

Source:
Community (user)
Tags:
Backport:
giant, firefly
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

It will most likely fail later on due to access permissions on the bucket, unless bucket has a public write permission set (in which case it will behave similar to the anonymous user). This is a recent regression, introduced at commit:8b3dfc9472022ea45ad24e02e0aa21dfdad798f8.

Related issues

Related to rgw - Bug #10062: s3-test failures using keystone authentication Resolved 11/11/2014

Associated revisions

Revision cbf0691b (diff)
Added by Yehuda Sadeh about 6 years ago

rgw: fail s3 POST auth if keystone not configured

Fixes: #10698
This fixes issue introduced in 8b3dfc9472022ea45ad24e02e0aa21dfdad798f8,
where if user does not exist, we try keystone authentication. However,
if keystone is not configured we justt fall through without failing.
This would have failed later on due to bucket permissions, unless bucket
had a public write permissions.

Reported-by: Valery Tschopp <>
Signed-off-by: Yehuda Sadeh <>

Revision 8a25a51e (diff)
Added by Yehuda Sadeh about 6 years ago

rgw: fail s3 POST auth if keystone not configured

Fixes: #10698
This fixes issue introduced in 8b3dfc9472022ea45ad24e02e0aa21dfdad798f8,
where if user does not exist, we try keystone authentication. However,
if keystone is not configured we justt fall through without failing.
This would have failed later on due to bucket permissions, unless bucket
had a public write permissions.

Backports: Firefly
Reported-by: Valery Tschopp <>
Signed-off-by: Yehuda Sadeh <>

Conflicts:
src/rgw/rgw_rest_s3.cc

History

#1 Updated by Yehuda Sadeh about 6 years ago

  • Source changed from other to Community (user)

#2 Updated by Yehuda Sadeh about 6 years ago

  • Status changed from 12 to Fix Under Review

#3 Updated by Yehuda Sadeh about 6 years ago

  • Status changed from Fix Under Review to Resolved

#4 Updated by Yehuda Sadeh about 6 years ago

  • Status changed from Resolved to Pending Backport
  • Backport set to giant, firefly

#5 Updated by Loïc Dachary about 6 years ago

The code in firefly looks quite different and rgw: fail s3 POST auth if keystone not configured may not be necessary. If this is confirmed firefly can be removed from the Backport field.

#6 Updated by Valery Tschopp about 6 years ago

Not from what I've experienced, and the patch is required for firefly too.
Here at SWITCH, we apply the patch directly in debian firefly trusty source package, rebuilt it and install it. We have to do this because our customers need the S3 browser POST functionality.

#7 Updated by Sage Weil about 6 years ago

  • Status changed from Pending Backport to Resolved

Also available in: Atom PDF