Bug #59474
open
Cannot delete object using multi-delete operation on a bucket with policy
Added by Daniel Iwan about 1 year ago.
Updated 6 months ago.
Backport:
pacific quincy reef
Description
Attempt to execute multi-object delete, event with a single object key results in AccessDenied error when bucket has a policy granting user permission to delete.
This is true both for AWS Java SDK and aws cli tool.
Originally the problem was described here https://tracker.ceph.com/issues/46567 with a test case (still valid) provided by Chris Palmer.
That issue has been marked as Resolved but the problem is not fixed on 16.2.7, 17.2.5 and likely in newer versions.
Thanks for raising this again Daniel. Coincidentally it was on my to-do list for today to do the same. This is still a problem for me on 17.2.5, and I don't know why it was ever marked as resolved.
Possibly it had something to do with work done for https://tracker.ceph.com/issues/47586 and https://github.com/ceph/ceph/pull/41031.
It seems it was merged into 15.2.14 but I could not find any reference of in newer releases.
Possibly this was not carried over due to rewrite of that part of the code, so essentially fix may not be there.
This is of course assuming that changes also fixed the problem we are facing.
It would be interesting to check if it works in Octopus but I have no way to check that at the moment.
- Related to Bug #47586: Able to circumvent S3 Object Lock using deleteobjects command added
- Backport set to pacific quincy reef
- Regression changed from No to Yes
- Related to Bug #46567: Access denied for multi-object-delete by non-bucket-owner added
Confirmed this is also broken in 16.2.13
Running into the same issue in 18.2.0.
Also available in: Atom
PDF