[Bug 1847544] Re: backport: S3 policy evaluated incorrectly
gerald.yang
gerald.yang at canonical.com
Fri Nov 8 06:39:12 UTC 2019
** Description changed:
- ## DRAFT ##
+ [Impact]
+ If a user tries to access a non-existent bucket, it should get a 'NoSuchBucket' error message (404)
+ But if there is such a bucket which is belonged to another user, radosgw will return 'AccessDenied' error (403)
+ This is an incorrect error message, radosgw should return 404
- [Impact]
[Test Case]
+ Create a user by radosgw-admin, then create a bucket through S3 by this user
+ Create another user and try to access the bucket created by the above user
+ The error message must be 'NoSuchBucket', not 'AccessDenied'
[Regression Potential]
+ Low
- [Other Info]
-
- [Original Description]
+ [Other Information]
Backport Ceph issue 38638 to Luminous.
If a user different from the owner (or even an anonymous user) does a
GetObject/HeadObject on a non existing object, Radosgw returns status
code 403, rather than the correct status 404.
A version of this was merged into Ceph master:
https://tracker.ceph.com/issues/38638
https://github.com/ceph/ceph/commit/5eb50b7d10da51db72f705807c87775562b79b63
- And backported (acceptance pending):
+ And backported to luminous has been accepted:
https://tracker.ceph.com/issues/39272
https://github.com/ceph/ceph/commit/a752b21f549cc83745e35324387b85b3d039dfd2
** Tags added: sts-sru-needed
** Also affects: ceph (Ubuntu Bionic)
Importance: Undecided
Status: New
** Changed in: ceph (Ubuntu Bionic)
Assignee: (unassigned) => gerald.yang (gerald-yang-tw)
** Changed in: ceph (Ubuntu Bionic)
Status: New => In Progress
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to ceph in Ubuntu.
https://bugs.launchpad.net/bugs/1847544
Title:
backport: S3 policy evaluated incorrectly
Status in ceph package in Ubuntu:
In Progress
Status in ceph source package in Bionic:
In Progress
Bug description:
[Impact]
If a user tries to access a non-existent bucket, it should get a 'NoSuchBucket' error message (404)
But if there is such a bucket which is belonged to another user, radosgw will return 'AccessDenied' error (403)
This is an incorrect error message, radosgw should return 404
[Test Case]
Create a user by radosgw-admin, then create a bucket through S3 by this user
Create another user and try to access the bucket created by the above user
The error message must be 'NoSuchBucket', not 'AccessDenied'
[Regression Potential]
Low
[Other Information]
Backport Ceph issue 38638 to Luminous.
If a user different from the owner (or even an anonymous user) does a
GetObject/HeadObject on a non existing object, Radosgw returns status
code 403, rather than the correct status 404.
A version of this was merged into Ceph master:
https://tracker.ceph.com/issues/38638
https://github.com/ceph/ceph/commit/5eb50b7d10da51db72f705807c87775562b79b63
And backported to luminous has been accepted:
https://tracker.ceph.com/issues/39272
https://github.com/ceph/ceph/commit/a752b21f549cc83745e35324387b85b3d039dfd2
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ceph/+bug/1847544/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list