Bug 1430536
Summary: | RGW: using swift CLI create/update container ACL failed with keystone | ||
---|---|---|---|
Product: | [Red Hat Storage] Red Hat Ceph Storage | Reporter: | Vikhyat Umrao <vumrao> |
Component: | RGW | Assignee: | Marcus Watts <mwatts> |
Status: | CLOSED ERRATA | QA Contact: | Vidushi Mishra <vimishra> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 1.3.3 | CC: | anharris, cbodley, ceph-eng-bugs, hnallurv, jbrier, kbader, kdreyer, linuxkidd, mbenjamin, mwatts, owasserm, rfreire, sweil, tchandra, tserlin |
Target Milestone: | rc | Keywords: | TestOnly, Triaged |
Target Release: | 3.1 | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | RHEL: ceph-12.2.4-10.el7cp Ubuntu: ceph_12.2.4-14redhat1 | Doc Type: | Enhancement |
Doc Text: |
.Improved Swift container ACL conformance has been added
Previously, {product} did not support certain ACL use cases, including setting of container ACLs whose subject is a Keystone project/tenant.
With this update of Ceph, many Swift container ACLs which were previously unsupported are now supported.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2018-09-26 18:16:41 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1584264 | ||
Attachments: |
Description
Vikhyat Umrao
2017-03-08 21:36:48 UTC
# swift post testcontainer --read-acl ".r:*" --write-acl "*:*" Logs from my reproducer: http://pastebin.test.redhat.com/462785 (debug_rgw=20). # swift stat testcontainer Account: v1 Container: testcontainer Objects: 0 Bytes: 0 Read ACL: .r:* Write ACL: Sync To: Sync Key: Accept-Ranges: bytes X-Trans-Id: tx000000000000000000029-0058c07cf1-1ca4db2-default X-Storage-Policy: default-placement X-Container-Bytes-Used-Actual: 0 X-Timestamp: 1489009784.00000 Content-Type: text/plain; charset=utf-8 Created attachment 1261390 [details]
logs for command: swift post testcontainer --read-acl ".r:*" --write-acl "*:*"
I tested with specific user setting that and in that both read and write ACLs are not working. # openstack user show testswift +----------+----------------------------------+ | Field | Value | +----------+----------------------------------+ | email | None | | enabled | True | | id | 25ff852798de400891613b271320d2b7 | | name | testswift | | username | testswift | +----------+----------------------------------+ # swift post newtestcontainer1 -r "25ff852798de400891613b271320d2b7:*" # swift post newtestcontainer2 -w "25ff852798de400891613b271320d2b7:*" # swift stat newtestcontainer1 Account: v1 Container: newtestcontainer1 Objects: 0 Bytes: 0 Read ACL: Write ACL: Sync To: Sync Key: Accept-Ranges: bytes X-Storage-Policy: default-placement X-Container-Bytes-Used-Actual: 0 X-Timestamp: 1489010742.00000 X-Trans-Id: tx00000000000000000002f-0058c080d1-1ca4db2-default Content-Type: text/plain; charset=utf-8 # swift stat newtestcontainer2 Account: v1 Container: newtestcontainer2 Objects: 0 Bytes: 0 Read ACL: Write ACL: Sync To: Sync Key: Accept-Ranges: bytes X-Storage-Policy: default-placement X-Container-Bytes-Used-Actual: 0 X-Timestamp: 1489010756.00000 X-Trans-Id: tx000000000000000000030-0058c080d4-1ca4db2-default Content-Type: text/plain; charset=utf-8 Created attachment 1261392 [details]
# swift post newtestcontainer1 -r "25ff852798de400891613b271320d2b7:*" # swift post newtestcontainer2 -w "25ff852798de400891613b271320d2b7:*"
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:2819 |