2321568 – [8.0][rgw] put-bucket-logging on a bucket with TargetBucket pointing to itself in the policy is not denied

Bug 2321568 - [8.0][rgw] put-bucket-logging on a bucket with TargetBucket pointing to itself in the policy is not denied

Summary: [8.0][rgw] put-bucket-logging on a bucket with TargetBucket pointing to itsel...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Ceph Storage
Classification:	Red Hat Storage
Component:	RGW
Sub Component:
Version:	8.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	8.1
Assignee:	Yuval Lifshitz
QA Contact:	Hemanth Sai
Docs Contact:	Rivka Pollack
URL:
Whiteboard:
Depends On:
Blocks:	2351689
TreeView+	depends on / blocked

Reported:	2024-10-24 18:14 UTC by Hemanth Sai
Modified:	2025-08-07 15:39 UTC (History)
CC List:	5 users (show)
Fixed In Version:	ceph-19.2.1-3.el9cp
Doc Type:	Bug Fix
Doc Text:	.Bucket logging configurations no longer allow setting the same source and target buckets Previously, there was no check in place when setting a bucket logging configuration, verifying that the source and target buckets were different. With this fix, bucket logging configuration settings are rejected when the source and destination are the same, as expected.
Clone Of:
Environment:
Last Closed:	2025-06-26 12:18:02 UTC
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	RHCEPH-10123	0	None	None	None	2024-10-24 18:14:40 UTC
Red Hat Product Errata	RHSA-2025:9775	0	None	None	None	2025-06-26 12:18:10 UTC

Description Hemanth Sai 2024-10-24 18:14:18 UTC

Description of problem:
put-bucket-logging with target being the same bucket in the policy is not denied. and log objects also delivered to the same bucket

[root@magna016 ~]# aws --endpoint-url http://10.8.128.16:81 --profile hsm s3api put-bucket-logging --bucket src-bkt1 --bucket-logging-status file://logging.json
[root@magna016 ~]# 
[root@magna016 ~]# aws --endpoint-url http://10.8.128.16:81 --profile hsm s3api get-bucket-logging --bucket src-bkt1
{
    "LoggingEnabled": {
        "TargetBucket": "src-bkt1",
        "TargetPrefix": "src-bkt1-logs/",
        "TargetObjectKeyFormat": {
            "PartitionedPrefix": {
                "PartitionDateSource": "DeliveryTime"
            }
        }
    }
}
[root@magna016 ~]# 



Version-Release number of selected component (if applicable):
ceph version 19.2.0-19.el9cp

How reproducible:
always

Steps to Reproduce:
1.deploy rhcs8.0 with rgw daemon
2.create a bucket
3.put-bucket-logging on the bucket with TargetBucket as the same bucket in the policy. it is not denying the request

Actual results:
put-bucket-logging with target being the same bucket is allowed.

Expected results:
put-bucket-logging with target being the same bucket should be denied.

Additional info:
https://docs.google.com/document/d/1R9Qol5tNXwNXFQJLpagUdBSyNp7U11YJR67aym_thvg/edit?tab=t.0#heading=h.bkxdrlysjrzd

Comment 5 errata-xmlrpc 2025-06-26 12:18:02 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Red Hat Ceph Storage 8.1 security, bug fix, and enhancement updates), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2025:9775

Note You need to log in before you can comment on or make changes to this bug.