Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nautilus: rgw/sts: read_obj_policy() consults iam_user_policies on ENOENT #41159

Open
wants to merge 1 commit into
base: nautilus
Choose a base branch
from
Open

nautilus: rgw/sts: read_obj_policy() consults iam_user_policies on ENOENT #41159

wants to merge 1 commit into from

Conversation

smithfarm
Copy link
Contributor

backport tracker: https://tracker.ceph.com/issues/50641

backport of #40631
parent tracker: https://tracker.ceph.com/issues/49780

this backport was staged using ceph-backport.sh version 16.0.0.6848
find the latest version at https://github.com/ceph/ceph/blob/master/src/script/ceph-backport.sh

@cbodley @smithfarm
rgw: read_obj_policy() consults iam_user_policies on ENOENT
2cc3a4a 
when the head object doesn't exist, read_obj_policy() has to decide
whether to return ENOENT or EACCES

when there's a bucket policy, we check whether it has s3ListBucket
permissions. when there's an assumed role, we also need to check
against the role's policies in s->iam_user_policies

Fixes: https://tracker.ceph.com/issues/49780

Signed-off-by: Casey Bodley <cbodley@redhat.com>
(cherry picked from commit 5dc9375)

Conflicts:
	src/rgw/rgw_op.cc
- nautilus uses ARN(bucket) instead of ARN(bucket->get_key())
@smithfarm smithfarm added this to the nautilus milestone May 4, 2021
@smithfarm smithfarm added the rgw label May 4, 2021
@smithfarm smithfarm requested a review from cbodley May 4, 2021 19:49
@jdurgin jdurgin changed the base branch from nautilus to nautilus-saved May 14, 2021 21:58
@jdurgin jdurgin changed the base branch from nautilus-saved to nautilus May 14, 2021 21:58
@smithfarm smithfarm added nautilus-batch-1 nautilus point releases needs-qa labels Jul 20, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cbodley cbodley Awaiting requested review from cbodley

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
nautilus-batch-1 nautilus point releases needs-qa rgw
Projects
None yet
Milestone
nautilus
2 participants
@smithfarm @cbodley