Description of problem: PutBucketPolicy for a bucket is failing with not a valid action if we specify s3:GetObjectAttributes in the actions list [cephuser@ceph-pri-hsm-squid-j9zu1f-node6 ~]$ cat bkt_policy.json { "Statement": [ { "Effect": "Allow", "Principal": "*", "Action": ["s3:GetObject", "s3:GetObjectAttributes"], "Resource": "arn:aws:s3:::*" } ] } [cephuser@ceph-pri-hsm-squid-j9zu1f-node6 ~]$ [cephuser@ceph-pri-hsm-squid-j9zu1f-node6 ~]$ aws --endpoint-url http://10.0.67.73:80 s3api put-bucket-policy --bucket bkt1 --policy file://bkt_policy.json An error occurred (InvalidArgument) when calling the PutBucketPolicy operation: At character offset 143, `s3:GetObjectAttributes` is not a valid action. [cephuser@ceph-pri-hsm-squid-j9zu1f-node6 ~]$ Version-Release number of selected component (if applicable): ceph version 19.1.0-71.el9cp How reproducible: always Steps to Reproduce: 1.deploy cluster on 8.0 with rgw daemons 2.create a bucket 3.PutBucketPolicy with s3:GetObjectAttributes as the policy action. it fails with not a valid action. Actual results: PutBucketPolicy fails with `s3:GetObjectAttributes` is not a valid action Expected results: Expected s3:GetObjectAttributes is also a valid bucket policy action Additional info:
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Red Hat Ceph Storage 8.0 security, bug fix, and enhancement updates), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2024:10216
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days