Bug #48472
openrgw crash when get none exist role policy
0%
Description
rgw will crash when get put delete pocliy to a none exist role
import boto3, json
import botocore
botocore.session.Session().set_debug_logger()
access_key = 'admin'
secret_key = 'admin'
#
configuration = boto3.session.Config(connect_timeout=3000000, read_timeout=3000000, retries={'max_attempts': 0})
#
iam_client = boto3.client('iam',
aws_access_key_id=access_key,
aws_secret_access_key=secret_key,
endpoint_url='http://127.0.0.1:7401',
region_name='',
use_ssl = False,
config = configuration,
)
- iam_client.put_role_policy(
- RoleName='none_exist_role',
- PolicyName='abc',
- PolicyDocument=json.dumps(policy, separators=(',', ':')).strip()
- )
- iam_client.delete_role_policy(
- RoleName='none_exist_role',
- PolicyName='abc'
- )
iam_client.get_role_policy(
RoleName='none_exist_role',
PolicyName='abc',
)
Updated by Casey Bodley over 3 years ago
- Assignee set to Pritha Srivastava
- Tags set to sts
Updated by Pritha Srivastava over 3 years ago
Hi @joke lee,
I tried the following:
radosgw-admin user create --tenant t1tenant --uid t1user --display-name t1user --access_key t1user --secret t1userpass
radosgw-admin caps add --tenant='t1tenant' --uid='t1user' --caps="roles=*" (tried with and without this step)
And my script is as follows:
logging.basicConfig(filename="boto.log", level=logging.DEBUG)
from botocore.handlers import validate_bucket_name
assume_role = True
get_session_token = False
access_key = 't1user'
secret_key = 't1userpass'
iam_client = boto3.client('iam',
aws_access_key_id=access_key,
aws_secret_access_key=secret_key,
endpoint_url='http://s3.us-east.localhost:8000',
region_name=''
)
role_policy = "{\"Version\":\"2012-10-17\",\"Statement\":{\"Effect\":\"Allow\",\"Action\":\"s3:*\",\"Resource\":\"arn:aws:s3:::*\"}}"
response = iam_client.put_role_policy(
RoleName='non_exist_role',
PolicyName='Policy1',
PolicyDocument=role_policy
)
response = iam_client.delete_role_policy(
RoleName="non_exist_role",
PolicyName="Policy1")
print response
response = iam_client.get_role_policy(
RoleName="non_exist_role",
PolicyName="Policy1")
But I do not see a crash, I see an error (which is expected) from PutRolePolicy: 2020-12-11T10:53:31.924+0530 7f120d1ce700 0 ERROR: failed reading role name from pool: default.rgw.meta: non_exist_role: (2) No such file or directory
Can you provide more specific steps to reproduce the crash and also the version on which you tried these steps.
Updated by Casey Bodley over 3 years ago
- Status changed from New to Need More Info
Updated by joke lee over 3 years ago
when use user created will --system, and use the user to put_role_policy on none exist role will cause crash