Description of problem: S3 operations like DeleteBucket/PutObject are denied for the user mentioned as the Principal in the assume role policy doc. Version-Release number of selected component (if applicable): ceph version 12.2.8-31redhat1xenial How reproducible: 3/3 Steps to Reproduce: 1. Create a RGW user(TESTER) and assign admin caps to it for Role creation. 2. Create a role and allow another RGW user (TESTER1) to assume that role. 3. Attach a permission policy to the role which allows all s3 operation for all resources. 4. Do AssumeRole API call using TESTER1 credentials and perform some s3 operations. Actual results: S3 operations should not fail for the user that has assumed role and has permission policy for allowing all s3 operations. Expected results: S3 ops like deleteBucket and PutObject fail
In the description of this BZ, please consider the Actual Results as Expected results and Expected results as Actual results.
Surely, I'll be happy to.
Matt, Adam, I am already looking into this. This is related to User Policy commits not there in downstream Luminous and few other bugs in user policy code.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:0020