Bug #59474
openCannot delete object using multi-delete operation on a bucket with policy
0%
Description
Attempt to execute multi-object delete, event with a single object key results in AccessDenied error when bucket has a policy granting user permission to delete.
This is true both for AWS Java SDK and aws cli tool.
Originally the problem was described here https://tracker.ceph.com/issues/46567 with a test case (still valid) provided by Chris Palmer.
That issue has been marked as Resolved but the problem is not fixed on 16.2.7, 17.2.5 and likely in newer versions.
Updated by Chris Palmer about 1 year ago
Thanks for raising this again Daniel. Coincidentally it was on my to-do list for today to do the same. This is still a problem for me on 17.2.5, and I don't know why it was ever marked as resolved.
Updated by Daniel Iwan about 1 year ago
Possibly it had something to do with work done for https://tracker.ceph.com/issues/47586 and https://github.com/ceph/ceph/pull/41031.
It seems it was merged into 15.2.14 but I could not find any reference of in newer releases.
Possibly this was not carried over due to rewrite of that part of the code, so essentially fix may not be there.
This is of course assuming that changes also fixed the problem we are facing.
It would be interesting to check if it works in Octopus but I have no way to check that at the moment.
Updated by J. Eric Ivancich about 1 year ago
- Related to Bug #47586: Able to circumvent S3 Object Lock using deleteobjects command added
Updated by Casey Bodley about 1 year ago
- Backport set to pacific quincy reef
- Regression changed from No to Yes
Updated by Casey Bodley about 1 year ago
- Related to Bug #46567: Access denied for multi-object-delete by non-bucket-owner added