Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
This project is now read‑only. Starting Monday, February 2, please use https://ibm-ceph.atlassian.net/ for all bug tracking management.

Bug 2313801

Summary: [rgw] support for s3:GetObjectVersionAttributes as bucket policy action
Product: [Red Hat Storage] Red Hat Ceph Storage Reporter: Hemanth Sai <hmaheswa>
Component: RGWAssignee: Matt Benjamin (redhat) <mbenjamin>
Status: CLOSED ERRATA QA Contact: Yuva Teja Sree Gayam <ygayam>
Severity: medium Docs Contact: Rivka Pollack <rpollack>
Priority: unspecified    
Version: 8.0CC: ceph-eng-bugs, cephqe-warriors, rpollack, tserlin
Target Milestone: ---   
Target Release: 9.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ceph-20.1.0-26 Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2026-01-29 06:52:25 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2416106    

Description Hemanth Sai 2024-09-20 15:39:22 UTC 
Description of problem:
please add support for s3:GetObjectVersionAttributes as bucket policy action thats currently failing with 'not a valid action' with PutBucketPolicy


as per below aws document:
https://docs.aws.amazon.com/cli/latest/reference/s3api/get-object-attributes.html

"If the bucket is versioned, you need both the s3:GetObjectVersion and s3:GetObjectVersionAttributes permissions for this operation"


log snippet:

[cephuser@ceph-pri-hsm-squid-ms-fqoqnn-node6 ~]$ cat bkt_policy_versioned.json 
{
   "Statement": [
      {
         "Effect": "Allow",
         "Principal": "*",
         "Action": ["s3:GetObjectVersionAttributes"],
         "Resource": "arn:aws:s3:::*"
      }
   ]
}

[cephuser@ceph-pri-hsm-squid-ms-fqoqnn-node6 ~]$ 
[cephuser@ceph-pri-hsm-squid-ms-fqoqnn-node6 ~]$ aws --endpoint-url http://10.0.67.48:80 --profile hsm s3api put-bucket-policy --bucket versioned-bkt1  --policy file://bkt_policy_versioned.json

An error occurred (InvalidArgument) when calling the PutBucketPolicy operation: At character offset 134, `s3:GetObjectVersionAttributes` is not a valid action.
[cephuser@ceph-pri-hsm-squid-ms-fqoqnn-node6 ~]$ 



Version-Release number of selected component (if applicable):
ceph version 19.1.1-42.el9cp

How reproducible:
always

Steps to Reproduce:
1.deploy cluster on 8.0 with rgw daemon
2.create a bucket
3.PutBucketPolicy with s3:GetObjectVersionAttributes in the action list is failing with not a valid action.

Actual results:
PutBucketPolicy fails with 's3:GetObjectVersionAttributes is not a valid action'

Expected results:
Expected s3:GetObjectAttributes is also a valid bucket policy action

Additional info:
Comment 6 errata-xmlrpc 2026-01-29 06:52:25 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: Red Hat Ceph Storage 9.0 Security and Enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2026:1536