Project

General

Profile

Bug #19290

radosgw/swift hammer acl weirdness

Added by Marcus Watts about 7 years ago. Updated about 7 years ago.

Status:
New
Priority:
Normal
Assignee:
Target version:
-
% Done:

0%

Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

In ceph hammer, setting a swift acl with an invalid user results in puzzling behavior. The user is silently deleted from the acl. No error is sent back to the client. If valid users are also supplied in the acl, they are recorded properly.

In master, this behavior does not occur. 2 new lines are added in rgw_acl_swift.cc add_grants() after the comment "/* skipping silently */", "grant.set_canon(user, std::string(), perm);" and "acl.add_grant(&grant);".

Hammer probably needs something like this code if we want it to behave the same. Questions that should be resolved to make this change useful -- does swift allow setting invalid users like this? If the users are created after the acl is set, do they gain access?

History

#1 Updated by Marcus Watts about 7 years ago

I've tried out invalid users in swift (ocata). They definitely let you set user names that don't exist, just as we do in master. Whether we should do that is another question, but if we don't want to do that in hammer we should probably be returning an error and not silently confusing the user.

#2 Updated by Yehuda Sadeh about 7 years ago

  • Assignee set to Marcus Watts

Also available in: Atom PDF