2268234 – [rgw][s3-tests]: test_list_buckets_invalid_auth and test_list_buckets_bad_auth both failed with "AccessDenied" error code but it is expecting "InvalidAccessKeyId" and "SignatureDoesNotMatch"

Bug 2268234 - [rgw][s3-tests]: test_list_buckets_invalid_auth and test_list_buckets_bad_auth both failed with "AccessDenied" error code but it is expecting "InvalidAccessKeyId" and "SignatureDoesNotMatch"

Summary: [rgw][s3-tests]: test_list_buckets_invalid_auth and test_list_buckets_bad_aut...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Ceph Storage
Classification:	Red Hat Storage
Component:	RGW
Sub Component:
Version:	7.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	8.0
Assignee:	Matt Benjamin (redhat)
QA Contact:	Chaithra
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2311625 2317218
TreeView+	depends on / blocked

Reported:	2024-03-06 18:40 UTC by Hemanth Sai
Modified:	2025-03-26 04:25 UTC (History)
CC List:	7 users (show)
Fixed In Version:	ceph-19.1.0-68.el9cp
Doc Type:	Bug Fix
Doc Text:	.Error code of local authentication engine is now returned correctly Previously, incorrect error codes were returned when the local authentication engine was specified last in the authentication order and when the previous authentication engines were not applicable. As a result, incorrect error codes were returned. With this fix, the code returns the error code of the local authentication engine in case the previous external authentication engines are not applicable for authenticating a request and correct error codes are returned.
Clone Of:
Clones:	2311625 (view as bug list)
Environment:
Last Closed:	2024-11-25 09:00:43 UTC
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	RHCEPH-8457	0	None	None	None	2024-03-06 18:41:36 UTC
Red Hat Product Errata	RHBA-2024:10216	0	None	None	None	2024-11-25 09:00:52 UTC

Description Hemanth Sai 2024-03-06 18:40:37 UTC

Description of problem:
[rgw][s3-tests]: test_list_buckets_invalid_auth and test_list_buckets_bad_auth both failed with "AccessDenied" error code but it is expecting "InvalidAccessKeyId" and "SignatureDoesNotMatch" respectively


2024-02-12 14:07:14,393 (cephci.test_s3) [DEBUG] - cephci.Weekly.rgw.23.cephci.ceph.ceph.py:1528 - b'________________________ test_list_buckets_invalid_auth ________________________'
2024-02-12 14:07:14,393 (cephci.test_s3) [DEBUG] - cephci.Weekly.rgw.23.cephci.ceph.ceph.py:1528 - b''
2024-02-12 14:07:14,394 (cephci.test_s3) [DEBUG] - cephci.Weekly.rgw.23.cephci.ceph.ceph.py:1528 - b'    def test_list_buckets_invalid_auth():'
2024-02-12 14:07:14,394 (cephci.test_s3) [DEBUG] - cephci.Weekly.rgw.23.cephci.ceph.ceph.py:1528 - b'        bad_auth_client = get_bad_auth_client()'
2024-02-12 14:07:14,395 (cephci.test_s3) [DEBUG] - cephci.Weekly.rgw.23.cephci.ceph.ceph.py:1528 - b'        e = assert_r'
2024-02-12 14:07:14,395 (cephci.test_s3) [DEBUG] - cephci.Weekly.rgw.23.cephci.ceph.ceph.py:1528 - b'aises(ClientError, bad_auth_client.list_buckets)'
2024-02-12 14:07:14,396 (cephci.test_s3) [DEBUG] - cephci.Weekly.rgw.23.cephci.ceph.ceph.py:1528 - b'        status, error_code = _get_status_and_error_code(e.response)'
2024-02-12 14:07:14,397 (cephci.test_s3) [DEBUG] - cephci.Weekly.rgw.23.cephci.ceph.ceph.py:1528 - b'        assert status == 403'
2024-02-12 14:07:14,397 (cephci.test_s3) [DEBUG] - cephci.Weekly.rgw.23.cephci.ceph.ceph.py:1528 - b">       assert error_code == 'InvalidAccessKeyId'"
2024-02-12 14:07:14,398 (cephci.test_s3) [DEBUG] - cephci.Weekly.rgw.23.cephci.ceph.ceph.py:1528 - b"E       AssertionError: assert 'AccessDenied' == 'InvalidAccessKeyId'"
2024-02-12 14:07:14,399 (cephci.test_s3) [DEBUG] - cephci.Weekly.rgw.23.cephci.ceph.ceph.py:1528 - b'E         '
2024-02-12 14:07:14,399 (cephci.test_s3) [DEBUG] - cephci.Weekly.rgw.23.cephci.ceph.ceph.py:1528 - b'E         - InvalidAccessKeyId'
2024-02-12 14:07:14,400 (cephci.test_s3) [DEBUG] - cephci.Weekly.rgw.23.cephci.ceph.ceph.py:1528 - b'E         + AccessDenied'
2024-02-12 14:07:14,400 (cephci.test_s3) [DEBUG] - cephci.Weekly.rgw.23.cephci.ceph.ceph.py:1528 - b''
2024-02-12 14:07:14,401 (cephci.test_s3) [DEBUG] - cephci.Weekly.rgw.23.cephci.ceph.ceph.py:1528 - b's3tests_boto3/functional/test_s3.py:5174: AssertionError'
2024-02-12 14:07:14,401 (cephci.test_s3) [DEBUG] - cephci.Weekly.rgw.23.cephci.ceph.ceph.py:1528 - b'--------------------------- Captured stdout teardown ---------------------------'
2024-02-12 14:07:14,402 (cephci.test_s3) [DEBUG] - cephci.Weekly.rgw.23.cephci.ceph.ceph.py:1528 - b'Done with cleanup of buckets in tests.'
2024-02-12 14:07:14,402 (cephci.test_s3) [DEBUG] - cephci.Weekly.rgw.23.cephci.ceph.ceph.py:1528 - b'Done with cleanup of buckets in tests.'
2024-02-12 14:07:14,403 (cephci.test_s3) [DEBUG] - cephci.Weekly.rgw.23.cephci.ceph.ceph.py:1528 - b'Done with cleanup of buckets in tests.'
2024-02-12 14:07:14,404 (cephci.test_s3) [DEBUG] - cephci.Weekly.rgw.23.cephci.ceph.ceph.py:1528 - b'__________________________ test_list_buckets_bad_auth __________________________'
2024-02-12 14:07:14,404 (cephci.test_s3) [DEBUG] - cephci.Weekly.rgw.23.cephci.ceph.ceph.py:1528 - b''
2024-02-12 14:07:14,405 (cephci.test_s3) [DEBUG] - cephci.Weekly.rgw.23.cephci.ceph.ceph.py:1528 - b'    def test_list_buckets_bad_auth():'
2024-02-12 14:07:14,405 (cephci.test_s3) [DEBUG] - cephci.Weekly.rgw.23.cephci.ceph.ceph.py:1528 - b'        main_access_key = get_main_aws_access_key()'
2024-02-12 14:07:14,406 (cephci.test_s3) [DEBUG] - cephci.Weekly.rgw.23.cephci.ceph.ceph.py:1528 - b'        bad_auth_client = get_bad_auth_client(aws_access_key_id=main_access_key)'
2024-02-12 14:07:14,407 (cephci.test_s3) [DEBUG] - cephci.Weekly.rgw.23.cephci.ceph.ceph.py:1528 - b'        e = assert_raises(ClientError, bad_auth_client.list_buckets)'
2024-02-12 14:07:14,407 (cephci.test_s3) [DEBUG] - cephci.Weekly.rgw.23.cephci.ceph.ceph.py:1528 - b'        status, error_code = _get_status_and_error_code(e.response)'
2024-02-12 14:07:14,408 (cephci.test_s3) [DEBUG] - cephci.Weekly.rgw.23.cephci.ceph.ceph.py:1528 - b'        assert status == 403'
2024-02-12 14:07:14,408 (cephci.test_s3) [DEBUG] - cephci.Weekly.rgw.23.cephci.ceph.ceph.py:1528 - b'>       assert e'
2024-02-12 14:07:14,409 (cephci.test_s3) [DEBUG] - cephci.Weekly.rgw.23.cephci.ceph.ceph.py:1528 - b"rror_code == 'SignatureDoesNotMatch'"
2024-02-12 14:07:14,409 (cephci.test_s3) [DEBUG] - cephci.Weekly.rgw.23.cephci.ceph.ceph.py:1528 - b"E       AssertionError: assert 'AccessDenied' == 'SignatureDoesNotMatch'"
2024-02-12 14:07:14,410 (cephci.test_s3) [DEBUG] - cephci.Weekly.rgw.23.cephci.ceph.ceph.py:1528 - b'E         '
2024-02-12 14:07:14,411 (cephci.test_s3) [DEBUG] - cephci.Weekly.rgw.23.cephci.ceph.ceph.py:1528 - b'E         - SignatureDoesNotMatch'
2024-02-12 14:07:14,411 (cephci.test_s3) [DEBUG] - cephci.Weekly.rgw.23.cephci.ceph.ceph.py:1528 - b'E         + AccessDenied'
2024-02-12 14:07:14,412 (cephci.test_s3) [DEBUG] - cephci.Weekly.rgw.23.cephci.ceph.ceph.py:1528 - b''
2024-02-12 14:07:14,412 (cephci.test_s3) [DEBUG] - cephci.Weekly.rgw.23.cephci.ceph.ceph.py:1528 - b's3tests_boto3/functional/test_s3.py:5182: AssertionError'



automation fail logs on 7.0z1 and 7.1:

http://magna002.ceph.redhat.com/cephci-jenkins/test-runs/18.2.0-153/Weekly/rgw/27/tier-2_ssl_rgw_ecpool_test/execute_s3tests_0.log

http://magna002.ceph.redhat.com/cephci-jenkins/test-runs/18.2.1-11/Weekly/rgw/23/sanity_rgw/execute_s3tests_0.log




these tests passed on pacific and quincy
pass logs on pacific and quincy:

http://magna002.ceph.redhat.com/cephci-jenkins/test-runs/16.2.10-248/Weekly/rgw/11/tier-2_rgw_ssl_s3tests/execute_s3tests_0.log

http://magna002.ceph.redhat.com/cephci-jenkins/test-runs/16.2.10-248/Weekly/rgw/11/tier-2_rgw_regression/execute_s3tests_0.log

http://magna002.ceph.redhat.com/cephci-jenkins/test-runs/17.2.6-196/Weekly/rgw/24/tier-2_rgw_regression/execute_s3tests_0.log

http://magna002.ceph.redhat.com/cephci-jenkins/test-runs/17.2.6-196/Weekly/rgw/24/tier-2_rgw_ssl_s3tests/execute_s3tests_0.log


Version-Release number of selected component (if applicable):
ceph version 18.2.0-153

How reproducible:
always

Steps to Reproduce:
1.deploy rhcs cluster 7.0 with rgw daemon
2.clone and configure s3tests repo
3.execute s3tests

Actual results:
test_list_buckets_invalid_auth and test_list_buckets_bad_auth both failed with "AccessDenied" error code

Expected results:
expected error code for test_list_buckets_invalid_auth and test_list_buckets_bad_auth are "InvalidAccessKeyId" and "SignatureDoesNotMatch" respectively

Additional info:

Comment 8 errata-xmlrpc 2024-11-25 09:00:43 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat Ceph Storage 8.0 security, bug fix, and enhancement updates), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2024:10216

Comment 9 Red Hat Bugzilla 2025-03-26 04:25:24 UTC

The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days

Note You need to log in before you can comment on or make changes to this bug.