Bug #52716
closedincorrect multipart upload owner, access denied when listing parts of multipart upload by bucket owner
100%
Description
Hello!
When receiving information about the owner of a multipart upload, an incorrect owner is displayed. The user under whom the information was requested as the owner is displayed. Here are some examples:
I created multipart upload by user 10021_r1, but when I get information about this multipart upload by another user - 10021 (bucket owner) I get this user as the owner:
$ aws s3api list-multipart-uploads --bucket test-r1
{
"Uploads": [
{
"UploadId": "2~O2mADkKD31FWs_DYa95z4f2Aa-aAtEk",
"Key": "ubuntu-20.04.1-desktop-amd64.iso",
"Initiated": "2021-09-22T05:25:54.039000+00:00",
"StorageClass": "STANDARD",
"Owner": {
"DisplayName": "10021",
"ID": "1aee1bc35a500632a0ae8a828a70be72"
},
"Initiator": {
"ID": "1aee1bc35a500632a0ae8a828a70be72",
"DisplayName": "10021"
}
},
When I get same information with user 10021_r1 I get this info:
$ aws s3api list-multipart-uploads --bucket test-r1
{
"Uploads": [
{
"UploadId": "2~O2mADkKD31FWs_DYa95z4f2Aa-aAtEk",
"Key": "ubuntu-20.04.1-desktop-amd64.iso",
"Initiated": "2021-09-22T05:25:54.039000+00:00",
"StorageClass": "STANDARD",
"Owner": {
"DisplayName": "10021_r1",
"ID": "ec97fbcff9b95c0fe33749970e470f15"
},
"Initiator": {
"ID": "ec97fbcff9b95c0fe33749970e470f15",
"DisplayName": "10021_r1"
}
},
There is no such problem with non-multipart objects, owner always displays correctly.
Second issue. Parts of multipart upload cannot be listed with bucket owner (user 10021 in my case), but multipart uploads lists fine. Some examples:
I can list multipart uploads (but with incorrect owner):
$ aws s3api list-multipart-uploads --bucket test-r1
{
"Uploads": [
{
"UploadId": "2~O2mADkKD31FWs_DYa95z4f2Aa-aAtEk",
"Key": "ubuntu-20.04.1-desktop-amd64.iso",
"Initiated": "2021-09-22T05:25:54.039000+00:00",
"StorageClass": "STANDARD",
"Owner": {
"DisplayName": "10021",
"ID": "1aee1bc35a500632a0ae8a828a70be72"
},
"Initiator": {
"ID": "1aee1bc35a500632a0ae8a828a70be72",
"DisplayName": "10021"
}
},
And I can't list it's parts:
$ aws s3api list-parts --bucket test-r1 --key ubuntu-20.04.1-desktop-amd64.iso --upload-id 2~O2mADkKD31FWs_DYa95z4f2Aa-aAtEk An error occurred (AccessDenied) when calling the ListParts operation: Unknown
Updated by Casey Bodley over 2 years ago
ok, i see that list-multipart-uploads is just printing the requesting user as both 'Owner' and 'Initiator', instead of reading it from each upload
https://github.com/ceph/ceph/blob/0788833/src/rgw/rgw_rest_s3.cc#L3904-L3905:
dump_owner(s, s->user->get_id(), s->user->get_display_name(), "Initiator");
dump_owner(s, s->user->get_id(), s->user->get_display_name());
Updated by Casey Bodley over 2 years ago
And I can't list it's parts:
$ aws s3api list-parts --bucket test-r1 --key ubuntu-20.04.1-desktop-amd64.iso --upload-id 2~O2mADkKD31FWs_DYa95z4f2Aa-aAtEk
An error occurred (AccessDenied) when calling the ListParts operation: Unknown
this sounds like it might be the correct behavior, if the requesting user is different from the user that started the upload
Updated by Casey Bodley over 2 years ago
- Status changed from New to Fix Under Review
- Tags set to multipart
- Pull request ID set to 43715
Updated by Casey Bodley over 2 years ago
- Status changed from Fix Under Review to Pending Backport
- Backport set to octopus pacific
Updated by Backport Bot over 2 years ago
- Copied to Backport #53146: octopus: incorrect multipart upload owner, access denied when listing parts of multipart upload by bucket owner added
Updated by Backport Bot over 2 years ago
- Copied to Backport #53147: pacific: incorrect multipart upload owner, access denied when listing parts of multipart upload by bucket owner added
Updated by Backport Bot over 1 year ago
- Tags changed from multipart to multipart backport_processed
Updated by Konstantin Shalygin about 1 month ago
- Status changed from Pending Backport to Resolved
- % Done changed from 0 to 100
- Source set to Community (user)