Bug 2302281
| Summary: | [7.1z backport] [CEE]CORS ACL's prevents access to buckets with presigned PUT URI's | ||
|---|---|---|---|
| Product: | [Red Hat Storage] Red Hat Ceph Storage | Reporter: | Matt Benjamin (redhat) <mbenjamin> |
| Component: | RGW | Assignee: | Matt Benjamin (redhat) <mbenjamin> |
| Status: | CLOSED ERRATA | QA Contact: | Hemanth Sai <hmaheswa> |
| Severity: | urgent | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.1 | CC: | bkunal, ceph-eng-bugs, cephqe-warriors, ckulal, dwalveka, mcaldeir, milang, mkasturi, tserlin |
| Target Milestone: | --- | ||
| Target Release: | 7.1z2 | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | ceph-18.2.1-235.el9cp | Doc Type: | Bug Fix |
| Doc Text: |
Previously, a change in processing of HTTP option requests containing CORS changed the implied AWSv4 request signature calculation for some pre-signed URLs when authentication was done through Keystone EC2 (implies Swift S3 emulation). As a result, the properly constructed pre-signed HTTP PUT urls failed unexpectedly with a 403/Access Denied error.
With this fix, a new workflow for CORS HTTP options is introduced for the Keystone EC2 case and the pre-signed URLs are not unexpectedly denied.
|
Story Points: | --- |
| Clone Of: | 2299642 | Environment: | |
| Last Closed: | 2024-11-07 14:39:36 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2299642 | ||
| Bug Blocks: | |||
|
Description
Matt Benjamin (redhat)
2024-08-01 16:23:25 UTC
Please see KCS Article #7084669, (https://access.redhat.com/solutions/7084669) regarding this issue. BR Manny Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Red Hat Ceph Storage 7.1 security, bug fix, and enhancement updates), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2024:9010 The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days |