Bug 2253258

Summary: rgw: object lock: governance mode override can be bypassed for multipart upload objects
Product: [Red Hat Storage] Red Hat Ceph Storage Reporter: Matt Benjamin (redhat) <mbenjamin>
Component: RGWAssignee: Matt Benjamin (redhat) <mbenjamin>
Status: CLOSED ERRATA QA Contact: Tejas <tchandra>
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.0CC: ceph-eng-bugs, cephqe-warriors, mkasturi, rmandyam, rpollack, tchandra, tserlin
Target Milestone: ---Keywords: Automation
Target Release: 7.0z1Flags: rpollack: needinfo-
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ceph-18.2.0-152.el9cp Doc Type: Bug Fix
Doc Text:
Previously, the requested object lock governance information that was provided with new multipart uploads were not persisted with the uploaded part information. This allowed the governance to be bypassed after the upload completed. As a result, there was the possibility of data retention policy violations for multipart uploaded objects. With this fix, object lock parameters are persisted with partial upload information and checked upon completion. This leaves no window to bypass governance.
 Story Points: ---
Clone Of: 2252792 Environment:
Last Closed: 2024-03-07 11:40:20 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2252792    
Bug Blocks: 2260311    

Description Matt Benjamin (redhat) 2023-12-06 16:18:06 UTC 
+++ This bug was initially created as a clone of Bug #2252792 +++

Description of problem:

As in tracker.

"The result of the script is as follows. Even if object locks are set on the bucket, objects uploaded through multipart upload can still be deleted"

--- Additional comment from RHEL Program Management on 2023-12-04 17:46:11 UTC ---

Please specify the severity of this bug. Severity is defined here:
https://bugzilla.redhat.com/page.cgi?id=fields.html#bug_severity.
Comment 10 errata-xmlrpc 2024-03-07 11:40:20 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat Ceph Storage 7.0 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2024:1214