Actions
Bug #17175
openwhen setting payer of bucket to Requester, the ceph also could get object by anonymous account.
Status:
New
Priority:
Normal
Assignee:
-
Target version:
-
% Done:
0%
Source:
other
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
When setting bucket's payer to requester, anonymous account could also get object by setting the value of optional parameter RequestPayer to requester. This action is not allowed in AWS S3. If the optional parameter is not set, the phenomenon is the same as AWS S3. As a matter of fact, the access to get object by anonymous account is not denied.
The blow is the get object API of boto3 and the last parameter is optional.get_object(Bucket=bucket_name, Key=key, RequestPayer=requester)
Actions