.Swift object storage dialect now includes support for `SHA-256` and `SHA-512` digest algorithms
Previously, support for digest algorithms was added by OpenStack Swift in 2022, but Ceph Object Gateway had not implemented them.
With this release, Ceph Object Gateway’s Swift object storage dialect now includes support for `SHA-256` and `SHA-512` digest methods in `tempurl` operations. Ceph Object Gateway can now correctly handle `tempurl` operations by recent OpenStack Swift clients.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (Moderate: Red Hat Ceph Storage 6.1 security and bug fix update), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHSA-2023:3623
Comment 48Red Hat Bugzilla
2023-10-14 04:25:21 UTC
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days
Description of problem: Rhos17 , ceph backend with radosgw tempest tests failed due to permissions. tempest.api.object_storage.test_object_temp_url.ObjectTempUrlTest.test_get_object_using_temp_url[id-f91c96d4-1230-4bba-8eb9-84476d18d991] tempest.api.object_storage.test_object_temp_url.ObjectTempUrlTest.test_get_object_using_temp_url_key_2[id-671f9583-86bd-4128-a034-be282a68c5d8] tempest.api.object_storage.test_object_temp_url.ObjectTempUrlTest.test_get_object_using_temp_url_with_inline_query_parameter[id-9d9cfd90-708b-465d-802c-e4a8090b823d] tempest.api.object_storage.test_object_temp_url.ObjectTempUrlTest.test_head_object_using_temp_url[id-249a0111-5ad3-4534-86a7-1993d55f9185] tempest.api.object_storage.test_object_temp_url.ObjectTempUrlTest.test_put_object_using_temp_url[id-9b08dade-3571-4152-8a4f-a4f2a873a735] Looks like the problem related to object get action when temp_url is used. the time synced between undercloud and the overcloud. Traceback from tempest side : testtools.testresult.real._StringException: pythonlogging:'': {{{ 2022-07-08 21:36:13,542 107319 INFO [tempest.lib.common.rest_client] Request (ObjectTempUrlTest:setUp): 204 HEAD https://10.0.0.112:13808/swift/v1/AUTH_426e6a1c8a7344fc987bc5dde93c9b37 0.009s 2022-07-08 21:36:13,543 107319 DEBUG [tempest.lib.common.rest_client] Request - Headers: {'Content-Type': 'application/json', 'Accept': 'application/json', 'X-Auth-Token': '<omitted>'} Body: None Response - Headers: {'x-timestamp': '1657316173.54163', 'x-account-container-count': '1', 'x-account-object-count': '1', 'x-account-bytes-used': '1024', 'x-account-bytes-used-actual': '4096', 'x-account-storage-policy-default-placement-container-count': '1', 'x-account-storage-policy-default-placement-object-count': '1', 'x-account-storage-policy-default-placement-bytes-used': '1024', 'x-account-storage-policy-default-placement-bytes-used-actual': '4096', 'x-account-meta-temp-url-key': 'Meta', 'x-trans-id': 'tx0000093d99e4118e564fc-0062c8a34d-37a2-default', 'x-openstack-request-id': 'tx0000093d99e4118e564fc-0062c8a34d-37a2-default', 'accept-ranges': 'bytes', 'content-type': 'application/json; charset=utf-8', 'date': 'Fri, 08 Jul 2022 21:36:13 GMT', 'connection': 'close', 'status': '204', 'content-location': 'https://10.0.0.112:13808/swift/v1/AUTH_426e6a1c8a7344fc987bc5dde93c9b37'} Body: b'' 2022-07-08 21:36:13,551 107319 INFO [tempest.lib.common.rest_client] Request (ObjectTempUrlTest:test_get_object_using_temp_url): 403 GET https://10.0.0.112:13808/swift/v1/AUTH_426e6a1c8a7344fc987bc5dde93c9b37/tempest-TestContainer-1109999474/tempest-TestObject-1968150659?temp_url_sig=1238e7330e4aa963381dc833eedcd05a9b7de9465e6b5d16483ba91afe2f0654&temp_url_expires=1657317173 0.008s 2022-07-08 21:36:13,551 107319 DEBUG [tempest.lib.common.rest_client] Request - Headers: {'Content-Type': 'application/json', 'Accept': 'application/json', 'X-Auth-Token': '<omitted>'} Body: None Response - Headers: {'content-length': '117', 'x-trans-id': 'tx00000839b0fbb63e18f96-0062c8a34d-37a2-default', 'x-openstack-request-id': 'tx00000839b0fbb63e18f96-0062c8a34d-37a2-default', 'accept-ranges': 'bytes', 'content-type': 'application/json; charset=utf-8', 'date': 'Fri, 08 Jul 2022 21:36:13 GMT', 'connection': 'close', 'status': '403', 'content-location': 'https://10.0.0.112:13808/swift/v1/AUTH_426e6a1c8a7344fc987bc5dde93c9b37/tempest-TestContainer-1109999474/tempest-TestObject-1968150659?temp_url_sig=1238e7330e4aa963381dc833eedcd05a9b7de9465e6b5d16483ba91afe2f0654&temp_url_expires=1657317173'} Body: b'{"Code":"AccessDenied","RequestId":"tx00000839b0fbb63e18f96-0062c8a34d-37a2-default","HostId":"37a2-default-default"}' }}} Traceback (most recent call last): File "/usr/lib/python3.9/site-packages/tempest/common/utils/__init__.py", line 89, in wrapper return func(*func_args, **func_kwargs) File "/usr/lib/python3.9/site-packages/tempest/api/object_storage/test_object_temp_url.py", line 102, in test_get_object_using_temp_url resp, body = self.object_client.get(url) File "/usr/lib/python3.9/site-packages/tempest/lib/common/rest_client.py", line 314, in get return self.request('GET', url, extra_headers, headers) File "/usr/lib/python3.9/site-packages/tempest/lib/common/rest_client.py", line 720, in request self._error_checker(resp, resp_body) File "/usr/lib/python3.9/site-packages/tempest/lib/common/rest_client.py", line 821, in _error_checker raise exceptions.Forbidden(resp_body, resp=resp) tempest.lib.exceptions.Forbidden: Forbidden Details: {'Code': 'AccessDenied', 'RequestId': 'tx00000839b0fbb63e18f96-0062c8a34d-37a2-default', 'HostId': '37a2-default-default'} Version-Release number of selected component (if applicable): How reproducible: with radosgw . Steps to Reproduce: Actual results: Expected results: Additional info: