luminous: rgw: bucket policy evaluation logical error #19810
Conversation
Since some operations check the user against the bucket owner in the absence of a policy, rather than open-coding that everywhere, act like a proper computer scientist and abstract it. Fixes: http://tracker.ceph.com/issues/21896 Signed-off-by: Adam C. Emerson <aemerson@redhat.com> (cherry picked from commit 8818a0c)
I spent some more time looking through the documentation of how work is evaluated, and the examples on <http://docs.aws.amazon.com/AmazonS3/latest/dev/ access-control-auth-workflow-bucket-operation.html> Have convinced me that the behavior that was requested is more correct than what we were doing before. Fixes: http://tracker.ceph.com/issues/21901 Signed-off-by: Adam C. Emerson <aemerson@redhat.com> (cherry picked from commit 343a25a)
adamemerson
force-pushed
the
wip-luminous-21901
branch
from
051904b
to
5b9f128
Compare
|
Jenkins, retest this please. |
adamemerson
requested review from
theanalyst and
smithfarm
and removed request for
mattbenjamin
smithfarm
changed the title
|
@adamemerson Thanks for the backport (again)! The workflow for backport PRs is different than for PRs targeting master. Whereas in master the idea is to get a positive review first, and then proceed with testing, for backports this is reversed: first the backport PR undergoes integration testing (we gang them up for this), and then it is reviewed. It can be reviewed by anyone, but the only reviews that "count" are ones from either the component lead or from the person who merged the corresponding master PR that is being cherry-picked. (It would be great if someone helped with testing rgw backports PRs. . . like I said, they can be ganged up and tested in batches.) |
|
@adamemerson @smithfarm @theanalyst @cbodley ready for merge |
http://tracker.ceph.com/issues/22214
http://tracker.ceph.com/issues/22602