Project

General

Profile

Bug #3450

WRITE permission only doesn't allow proper multi-part upload

Added by Sylvain Munaut over 11 years ago. Updated almost 11 years ago.

Status:
Won't Fix
Priority:
Normal
Assignee:
-
Target version:
-
% Done:

0%

Source:
Community (user)
Tags:
Backport:
Regression:
No
Severity:
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

In our setup we have a user who only has write permission on a bucket and we wanted to use multi-part uploads.
The problem is that before the finalize of the upload the library checks the upload status of the various parts and that goes through the RGWListMultipart which requires the READ rights.

To me it doesn't seem to make a lot of sense because that api only lists 'meta data' about the WRITE operation itself and so the user should still be able to do it.

We applied the attached patch for it to work as we expect. The downside is that WRITE users can query the status of any upload if they know the uploadID but that seems about as likely as guessing the signature ...

ceph-fix-multipart-upload-for-write-only-users.diff View - Proposed patch (684 Bytes) Sylvain Munaut, 11/07/2012 04:24 AM


Related issues

Related to rgw - Feature #4432: Develop plan for multi-user / multi-tenancy Need More Info 03/13/2013

History

#1 Updated by Sylvain Munaut over 11 years ago

As discussed on IRC, this is only the case for subusers with only WRITE permission.

Now looking at the current git, I see that S3 keys for subusers seems to be 'unsupported' (see 5db3a9e71c6b757660d0702efada40af6be63eb8 ), although you can actually still create them by other means.

I think that it's still a valid use case because it pretty much replicate the S3 IAM where you can create other keypairs under your main user and allocate fained-grained rights delegation. The only difference is that it's way more fine grained in S3 than what subusers in ceph allow but in our use we found ways to map it without much issues.

Now this multipart upload is pretty specific and we have to maintain our own branch with this patch, i can live with it, but if S3 keys for subusers support starts to be removed everywhere, it's going to get a whole lot more annoying :(

#2 Updated by Ian Colle about 11 years ago

Needs to be part of larger overall discussion about the intent of subusers.

#3 Updated by Sage Weil about 11 years ago

  • Status changed from New to 12

#4 Updated by Sage Weil almost 11 years ago

  • Status changed from 12 to Won't Fix

#5 Updated by Yehuda Sadeh almost 11 years ago

We're going to revise the whole subuser scheme as part of a bigger multi-tenancy project.

Also available in: Atom PDF