Project

General

Profile

Actions
Copy link

Bug #24131

open

rgw: add Content-MD5 check and related permissions check for object tagging

Added by Liu Lan almost 6 years ago. Updated almost 6 years ago.

Status:
Fix Under Review
Priority:
Normal
Assignee:
Liu Lan
Target version:
-
% Done:

0%

Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

add Content-MD5 value check for RGWPutObjTags

Amazon S3 checks Content-MD5 value when put tags to an existing object, but RGW doesn’t.

rgw: add s3PutObjectTagging permission check when put obj with tags

According to S31, The requester must have s3:PutObjectTagging permission when specify tags on an object.

[1] https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectPUT.html

rgw: add RGWGetObj permission check when return 'x-amz-tagging-count’

According to S31, when the response returns the 'x-amz-tagging-count’ header, the requester should have permission to read object tags.

S31 says, "Assuming you have permission to read object tags (permission for the s3:GetObjectVersionTagging action)”, it’s kind of inaccurate. When a versionid is not specified in request, you should have s3:GetObjectTagging permission to read object tags. Otherwise, both s3:GetObjectVersion and s3:GetObjectVersionTagging permissions should be provided.

[1] https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectGET.html

Actions
Copy link
 #2

Updated by Nathan Cutler almost 6 years ago

  • Project changed from Ceph to rgw
Actions
Copy link
 #3

Updated by Orit Wasserman almost 6 years ago

  • Status changed from New to Fix Under Review
Actions
Copy link
 #4

Updated by Abhishek Lekshmanan almost 6 years ago

  • Assignee set to Liu Lan
Actions
Copy link

Also available in: Atom PDF