2327402 – User metadata replicated from a pre-8.0 zone defaults to inactive access keys

Bug 2327402 - User metadata replicated from a pre-8.0 zone defaults to inactive access keys

Summary: User metadata replicated from a pre-8.0 zone defaults to inactive access keys

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Ceph Storage
Classification:	Red Hat Storage
Component:	RGW-Multisite
Sub Component:
Version:	8.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	urgent
Target Milestone:	---
Target Release:	8.1
Assignee:	Matt Benjamin (redhat)
QA Contact:	Manisha
Docs Contact:	Rivka Pollack
URL:
Whiteboard:
Depends On:
Blocks:	2358517 2317218 2351689
TreeView+	depends on / blocked

Reported:	2024-11-19 19:33 UTC by Casey Bodley
Modified:	2025-06-26 12:19 UTC (History)
CC List:	5 users (show)
Fixed In Version:	ceph-19.2.1-114.el9cp
Doc Type:	Bug Fix
Doc Text:	.Replicating metadata from earlier versions of Red Hat Ceph Storage no longer renders user access keys as “inactive” Previously, when a secondary zone running Red Hat Ceph Storage 8.0 replicated user metadata from a pre-8.0 metadata master zone, the access keys of those users were erroneously marked as "inactive". Inactive keys cannot be used to authenticate requests, so those users are denied access to the secondary zone. With this fix, secondary zone storage replication works as expected and access keys can still authenticate requests.
Clone Of:
Clones:	2358517 (view as bug list)
Environment:
Last Closed:	2025-06-26 12:19:24 UTC
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Ceph Project Bug Tracker	68985	None	None	None	2024-11-19 19:33:22 UTC
Github	ceph ceph pull 60775	None	open	rgw: RGWAccessKey::decode_json() preserves default value of 'active'	2024-11-19 19:33:22 UTC
Red Hat Issue Tracker	RHCEPH-10262	None	None	None	2024-11-19 19:34:55 UTC
Red Hat Product Errata	RHSA-2025:9775	None	None	None	2025-06-26 12:19:39 UTC

Description Casey Bodley 2024-11-19 19:33:22 UTC

When a secondary zone running RHCS 8.0 replicates user metadata from a pre-8.0 metadata master zone, the access keys of those users are erroneously marked as "inactive". Inactive keys cannot be used to authenticate requests, so those users are denied access to the secondary zone.

Comment 1 Storage PM bot 2024-11-19 19:33:34 UTC

Please specify the severity of this bug. Severity is defined here:
https://bugzilla.redhat.com/page.cgi?id=fields.html#bug_severity.

Comment 11 errata-xmlrpc 2025-06-26 12:19:24 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Red Hat Ceph Storage 8.1 security, bug fix, and enhancement updates), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2025:9775

Note You need to log in before you can comment on or make changes to this bug.