Project

General

Profile

Bug #20797

rgw: putting X-Object-Manifest via TempURL should be prohibited

Added by Radoslaw Zarzynski about 2 years ago. Updated 4 months ago.

Status:
Pending Backport
Priority:
Normal
Target version:
-
Start date:
07/27/2017
Due date:
% Done:

0%

Source:
Development
Tags:
Backport:
luminous mimic nautilus
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:

Description

test.functional.test_tempurl:TestTempURLPrefix.test_PUT_manifest_access of Swift's functional tests enforces that.

It seems RadosGW lacks this check even in Hammer. Traffic dump made on quite recent master:

######
T 127.0.0.1:58976 -> 127.0.0.1:8000 [AP]
PUT /v1/AUTH_test/713f16de3c1c4f03b9c52ec57ffd1c2f/004f0bcd1e17405797685b2178d1fa2d?temp_url_prefix=004f&temp_url_expires=1501256279&temp_url_sig=ac9a0e60b29705a645b092ad203973b625b2555a HTTP/1.1.
Host: 127.0.0.1:8000.
Accept-Encoding: identity.
Content-Length: 0.
x-object-manifest: some_random_container/foo.
Content-Type: application/octet-stream.
.

####
T 127.0.0.1:8000 -> 127.0.0.1:58976 [AP]
HTTP/1.1 201 Created.
etag: d41d8cd98f00b204e9800998ecf8427e.
Last-Modified: Thu, 27 Jul 2017 15:38:00 GMT.
X-Trans-Id: tx0000000000000000000ab-00597a08d7-1112-default.
X-Openstack-Request-Id: tx0000000000000000000ab-00597a08d7-1112-default.
Content-Type: text/plain; charset=utf-8.
Content-Length: 0.
Date: Thu, 27 Jul 2017 15:38:00 GMT.
.


Related issues

Copied to rgw - Backport #40132: luminous: rgw: putting X-Object-Manifest via TempURL should be prohibited New
Copied to rgw - Backport #40133: mimic: rgw: putting X-Object-Manifest via TempURL should be prohibited Resolved
Copied to rgw - Backport #40134: nautilus: rgw: putting X-Object-Manifest via TempURL should be prohibited Resolved

History

#1 Updated by Radoslaw Zarzynski about 2 years ago

  • Status changed from New to In Progress

#2 Updated by Radoslaw Zarzynski about 2 years ago

  • Status changed from In Progress to Need Review

#3 Updated by Casey Bodley 4 months ago

  • Status changed from Need Review to Pending Backport
  • Backport set to luminous mimic nautilus

#4 Updated by Nathan Cutler 4 months ago

  • Copied to Backport #40132: luminous: rgw: putting X-Object-Manifest via TempURL should be prohibited added

#5 Updated by Nathan Cutler 4 months ago

  • Copied to Backport #40133: mimic: rgw: putting X-Object-Manifest via TempURL should be prohibited added

#6 Updated by Nathan Cutler 4 months ago

  • Copied to Backport #40134: nautilus: rgw: putting X-Object-Manifest via TempURL should be prohibited added

Also available in: Atom PDF