Project

General

Profile

Actions
Copy link

Bug #64124

closed

diff users in the tenant, create the same name topic, rgw topic is covered

Added by zhipeng li 3 months ago. Updated 3 months ago.

Status:
Resolved
Priority:
High
Assignee:
-
Target version:
Ceph - v19.0.0
% Done:

0%

Source:
Tags:
notifications
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
Ceph - v17.0.0
ceph-qa-suite:
Pull request ID:
55275
Crash signature (v1):
Crash signature (v2):

Description

[root@node106 ~]# cat .aws/credentials
[default]
aws_access_key_id = key11
aws_secret_access_key = sec11
[root@node106 ~]# aws --endpoint-url http://192.168.56.106:8009 sns create-topic --name=mytopic1 --attributes='{"push-endpoint": "kafka://node5:9092"}' {
"TopicArn": "arn:aws:sns:default:beijing:mytopic1"
}
[root@node106 ~]# radosgw-admin topic list --topic=mytopic1 --tenant=beijing {
"topics": [ {
"user": "beijing",
"name": "mytopic1",
"dest": {
"push_endpoint": "kafka://node5:9092",
"push_endpoint_args": "Version=2010-03-31&push-endpoint=kafka://node5:9092",
"push_endpoint_topic": "mytopic1",
"stored_secret": false,
"persistent": false
},
"arn": "arn:aws:sns:default:beijing:mytopic1",
"opaqueData": ""
}
]
}
[root@node106 ~]# vi .aws/credentials
[root@node106 ~]# cat .aws/credentials
[default]
aws_access_key_id = key44
aws_secret_access_key = sec44
[root@node106 ~]# aws --endpoint-url http://192.168.56.106:8009 sns create-topic --name=mytopic1 --attributes='{"push-endpoint": "kafka://node6:9092"}' {
"TopicArn": "arn:aws:sns:default:beijing:mytopic1"
}
[root@node106 ~]# radosgw-admin topic list --topic=mytopic1 --tenant=beijing {
"topics": [ {
"user": "beijing",
"name": "mytopic1",
"dest": {
"push_endpoint": "kafka://node6:9092",
"push_endpoint_args": "Version=2010-03-31&push-endpoint=kafka://node6:9092",
"push_endpoint_topic": "mytopic1",
"stored_secret": false,
"persistent": false
},
"arn": "arn:aws:sns:default:beijing:mytopic1",
"opaqueData": ""
}
]
}

Actions
Copy link
 #2

Updated by Yuval Lifshitz 3 months ago

  • Tags set to notifications

the restrictions should not be on the user name that created the topic.
when changing (or overriding) an existing topic, we should verify the action acording to the topic's policy.
see: verify_topic_owner_or_policy() in rgw_rest_pubsub.cc
in theory, if granted permissions by the owner, a different user may override the topic.

Actions
Copy link
 #3

Updated by Casey Bodley 3 months ago

  • Priority changed from Normal to High
Actions
Copy link
 #4

Updated by Casey Bodley 3 months ago

  • Status changed from New to In Progress
  • Target version set to v19.0.0
  • Pull request ID set to 55275
Actions
Copy link
 #5

Updated by Casey Bodley 3 months ago

  • Status changed from In Progress to Fix Under Review
Actions
Copy link
 #6

Updated by Casey Bodley 3 months ago

  • Status changed from Fix Under Review to Resolved
Actions
Copy link

Also available in: Atom PDF