Bug 2105950
| Summary: | [RHOS17][RFE] RGW does not support get object with temp_url using SHA256 digest (required for FIPS) | ||
|---|---|---|---|
| Product: | [Red Hat Storage] Red Hat Ceph Storage | Reporter: | bkopilov <bkopilov> |
| Component: | RGW | Assignee: | Marcus Watts <mwatts> |
| Status: | CLOSED ERRATA | QA Contact: | Hemanth Sai <hmaheswa> |
| Severity: | high | Docs Contact: | Akash Raj <akraj> |
| Priority: | unspecified | ||
| Version: | 5.0 | CC: | akraj, apevec, cbodley, ceph-eng-bugs, cephqe-warriors, cschwede, derekh, fpantano, gfidente, hmaheswa, johfulto, kbader, kkeithle, mbenjamin, mwatts, vereddy, zaitcev |
| Target Milestone: | --- | Keywords: | FutureFeature |
| Target Release: | 6.1 | Flags: | mbenjamin:
needinfo?
(mwatts) mbenjamin: needinfo? (mwatts) akraj: needinfo? (mwatts) hmaheswa: needinfo? (mwatts) hmaheswa: needinfo? (bkopilov) hmaheswa: needinfo? (mbenjamin) |
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Enhancement | |
| Doc Text: |
.Swift object storage dialect now includes support for `SHA-256` and `SHA-512` digest algorithms
Previously, support for digest algorithms was added by OpenStack Swift in 2022, but Ceph Object Gateway had not implemented them.
With this release, Ceph Object Gateway’s Swift object storage dialect now includes support for `SHA-256` and `SHA-512` digest methods in `tempurl` operations. Ceph Object Gateway can now correctly handle `tempurl` operations by recent OpenStack Swift clients.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-06-15 09:15:33 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 2071977, 2107098, 2192813 | ||
Please specify the severity of this bug. Severity is defined here: https://bugzilla.redhat.com/page.cgi?id=fields.html#bug_severity. ceph.conf: [root@controller-0 ceph-admin]# more assimilate_ceph.conf [global] fsid = dd5fa3bb-4c1e-50c7-be91-2b4b46578e21 mon host = 172.17.3.104 osd_pool_default_pg_num = 32 osd_pool_default_pgp_num = 32 osd_pool_default_size = 3 rgw_keystone_accepted_admin_roles = ResellerAdmin, swiftoperator rgw_keystone_accepted_roles = member, Member, admin rgw_keystone_admin_domain = default rgw_keystone_admin_password = vnFDtT0dztNZ50GMOWDg02oSX rgw_keystone_admin_project = service rgw_keystone_admin_user = swift rgw_keystone_api_version = 3 rgw_keystone_implicit_tenants = true rgw_keystone_revocation_interval = 0 rgw_keystone_url = http://172.17.1.101:5000 rgw_max_attr_name_len = 128 rgw_max_attr_size = 256 rgw_max_attrs_num_in_req = 90 rgw_s3_auth_use_keystone = true rgw_swift_account_in_url = true rgw_swift_enforce_content_length = true rgw_swift_versioning_enabled = true rgw_trust_forwarded_https = true Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: Red Hat Ceph Storage 6.1 security and bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2023:3623 |
Description of problem: Rhos17 , ceph backend with radosgw tempest tests failed due to permissions. tempest.api.object_storage.test_object_temp_url.ObjectTempUrlTest.test_get_object_using_temp_url[id-f91c96d4-1230-4bba-8eb9-84476d18d991] tempest.api.object_storage.test_object_temp_url.ObjectTempUrlTest.test_get_object_using_temp_url_key_2[id-671f9583-86bd-4128-a034-be282a68c5d8] tempest.api.object_storage.test_object_temp_url.ObjectTempUrlTest.test_get_object_using_temp_url_with_inline_query_parameter[id-9d9cfd90-708b-465d-802c-e4a8090b823d] tempest.api.object_storage.test_object_temp_url.ObjectTempUrlTest.test_head_object_using_temp_url[id-249a0111-5ad3-4534-86a7-1993d55f9185] tempest.api.object_storage.test_object_temp_url.ObjectTempUrlTest.test_put_object_using_temp_url[id-9b08dade-3571-4152-8a4f-a4f2a873a735] Looks like the problem related to object get action when temp_url is used. the time synced between undercloud and the overcloud. Traceback from tempest side : testtools.testresult.real._StringException: pythonlogging:'': {{{ 2022-07-08 21:36:13,542 107319 INFO [tempest.lib.common.rest_client] Request (ObjectTempUrlTest:setUp): 204 HEAD https://10.0.0.112:13808/swift/v1/AUTH_426e6a1c8a7344fc987bc5dde93c9b37 0.009s 2022-07-08 21:36:13,543 107319 DEBUG [tempest.lib.common.rest_client] Request - Headers: {'Content-Type': 'application/json', 'Accept': 'application/json', 'X-Auth-Token': '<omitted>'} Body: None Response - Headers: {'x-timestamp': '1657316173.54163', 'x-account-container-count': '1', 'x-account-object-count': '1', 'x-account-bytes-used': '1024', 'x-account-bytes-used-actual': '4096', 'x-account-storage-policy-default-placement-container-count': '1', 'x-account-storage-policy-default-placement-object-count': '1', 'x-account-storage-policy-default-placement-bytes-used': '1024', 'x-account-storage-policy-default-placement-bytes-used-actual': '4096', 'x-account-meta-temp-url-key': 'Meta', 'x-trans-id': 'tx0000093d99e4118e564fc-0062c8a34d-37a2-default', 'x-openstack-request-id': 'tx0000093d99e4118e564fc-0062c8a34d-37a2-default', 'accept-ranges': 'bytes', 'content-type': 'application/json; charset=utf-8', 'date': 'Fri, 08 Jul 2022 21:36:13 GMT', 'connection': 'close', 'status': '204', 'content-location': 'https://10.0.0.112:13808/swift/v1/AUTH_426e6a1c8a7344fc987bc5dde93c9b37'} Body: b'' 2022-07-08 21:36:13,551 107319 INFO [tempest.lib.common.rest_client] Request (ObjectTempUrlTest:test_get_object_using_temp_url): 403 GET https://10.0.0.112:13808/swift/v1/AUTH_426e6a1c8a7344fc987bc5dde93c9b37/tempest-TestContainer-1109999474/tempest-TestObject-1968150659?temp_url_sig=1238e7330e4aa963381dc833eedcd05a9b7de9465e6b5d16483ba91afe2f0654&temp_url_expires=1657317173 0.008s 2022-07-08 21:36:13,551 107319 DEBUG [tempest.lib.common.rest_client] Request - Headers: {'Content-Type': 'application/json', 'Accept': 'application/json', 'X-Auth-Token': '<omitted>'} Body: None Response - Headers: {'content-length': '117', 'x-trans-id': 'tx00000839b0fbb63e18f96-0062c8a34d-37a2-default', 'x-openstack-request-id': 'tx00000839b0fbb63e18f96-0062c8a34d-37a2-default', 'accept-ranges': 'bytes', 'content-type': 'application/json; charset=utf-8', 'date': 'Fri, 08 Jul 2022 21:36:13 GMT', 'connection': 'close', 'status': '403', 'content-location': 'https://10.0.0.112:13808/swift/v1/AUTH_426e6a1c8a7344fc987bc5dde93c9b37/tempest-TestContainer-1109999474/tempest-TestObject-1968150659?temp_url_sig=1238e7330e4aa963381dc833eedcd05a9b7de9465e6b5d16483ba91afe2f0654&temp_url_expires=1657317173'} Body: b'{"Code":"AccessDenied","RequestId":"tx00000839b0fbb63e18f96-0062c8a34d-37a2-default","HostId":"37a2-default-default"}' }}} Traceback (most recent call last): File "/usr/lib/python3.9/site-packages/tempest/common/utils/__init__.py", line 89, in wrapper return func(*func_args, **func_kwargs) File "/usr/lib/python3.9/site-packages/tempest/api/object_storage/test_object_temp_url.py", line 102, in test_get_object_using_temp_url resp, body = self.object_client.get(url) File "/usr/lib/python3.9/site-packages/tempest/lib/common/rest_client.py", line 314, in get return self.request('GET', url, extra_headers, headers) File "/usr/lib/python3.9/site-packages/tempest/lib/common/rest_client.py", line 720, in request self._error_checker(resp, resp_body) File "/usr/lib/python3.9/site-packages/tempest/lib/common/rest_client.py", line 821, in _error_checker raise exceptions.Forbidden(resp_body, resp=resp) tempest.lib.exceptions.Forbidden: Forbidden Details: {'Code': 'AccessDenied', 'RequestId': 'tx00000839b0fbb63e18f96-0062c8a34d-37a2-default', 'HostId': '37a2-default-default'} Version-Release number of selected component (if applicable): How reproducible: with radosgw . Steps to Reproduce: Actual results: Expected results: Additional info: