Bug 2321568

Summary: [8.0][rgw] put-bucket-logging on a bucket with TargetBucket pointing to itself in the policy is not denied
Product: [Red Hat Storage] Red Hat Ceph Storage Reporter: Hemanth Sai <hmaheswa>
Component: RGWAssignee: Yuval Lifshitz <ylifshit>
Status: VERIFIED --- QA Contact: Hemanth Sai <hmaheswa>
Severity: high Docs Contact: Rivka Pollack <rpollack>
Priority: unspecified    
Version: 8.0CC: ceph-eng-bugs, cephqe-warriors, rpollack, tserlin, ylifshit
Target Milestone: ---   
Target Release: 8.1   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ceph-19.2.1-3.el9cp Doc Type: Bug Fix
Doc Text:
.Bucket logging configurations no longer allow setting the same source and target buckets Previously, there was no check in place when setting a bucket logging configuration, verifying that the source and target buckets were different. With this fix, bucket logging configuration settings are rejected when the source and destination are the same, as expected.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2351689    

Description Hemanth Sai 2024-10-24 18:14:18 UTC 
Description of problem:
put-bucket-logging with target being the same bucket in the policy is not denied. and log objects also delivered to the same bucket

[root@magna016 ~]# aws --endpoint-url http://10.8.128.16:81 --profile hsm s3api put-bucket-logging --bucket src-bkt1 --bucket-logging-status file://logging.json
[root@magna016 ~]# 
[root@magna016 ~]# aws --endpoint-url http://10.8.128.16:81 --profile hsm s3api get-bucket-logging --bucket src-bkt1
{
    "LoggingEnabled": {
        "TargetBucket": "src-bkt1",
        "TargetPrefix": "src-bkt1-logs/",
        "TargetObjectKeyFormat": {
            "PartitionedPrefix": {
                "PartitionDateSource": "DeliveryTime"
            }
        }
    }
}
[root@magna016 ~]# 



Version-Release number of selected component (if applicable):
ceph version 19.2.0-19.el9cp

How reproducible:
always

Steps to Reproduce:
1.deploy rhcs8.0 with rgw daemon
2.create a bucket
3.put-bucket-logging on the bucket with TargetBucket as the same bucket in the policy. it is not denying the request

Actual results:
put-bucket-logging with target being the same bucket is allowed.

Expected results:
put-bucket-logging with target being the same bucket should be denied.

Additional info:
https://docs.google.com/document/d/1R9Qol5tNXwNXFQJLpagUdBSyNp7U11YJR67aym_thvg/edit?tab=t.0#heading=h.bkxdrlysjrzd