2327402 – User metadata replicated from a pre-8.0 zone defaults to inactive access keys

Bug 2327402 - User metadata replicated from a pre-8.0 zone defaults to inactive access keys

Summary: User metadata replicated from a pre-8.0 zone defaults to inactive access keys

Keywords:
Status:	VERIFIED
Alias:	None
Product:	Red Hat Ceph Storage
Classification:	Red Hat Storage
Component:	RGW-Multisite
Sub Component:
Version:	8.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	urgent
Target Milestone:	---
Target Release:	8.1
Assignee:	Matt Benjamin (redhat)
QA Contact:	Manisha
Docs Contact:	Rivka Pollack
URL:
Whiteboard:
Depends On:
Blocks:	2351689 2358517 2317218
TreeView+	depends on / blocked

Reported:	2024-11-19 19:33 UTC by Casey Bodley
Modified:	2025-06-09 09:27 UTC (History)
CC List:	5 users (show)
Fixed In Version:	ceph-19.2.1-114.el9cp
Doc Type:	Bug Fix
Doc Text:	.Replicating metadata from earlier versions of Red Hat Ceph Storage no longer renders user access keys as “inactive” Previously, when a secondary zone running Red Hat Ceph Storage 8.0 replicated user metadata from a pre-8.0 metadata master zone, the access keys of those users were erroneously marked as "inactive". Inactive keys cannot be used to authenticate requests, so those users are denied access to the secondary zone. With this fix, secondary zone storage replication works as expected and access keys can still authenticate requests.
Clone Of:
Clones:	2358517 (view as bug list)
Environment:
Last Closed:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Ceph Project Bug Tracker	68985	None	None	None	2024-11-19 19:33:22 UTC
Github	ceph ceph pull 60775	None	open	rgw: RGWAccessKey::decode_json() preserves default value of 'active'	2024-11-19 19:33:22 UTC
Red Hat Issue Tracker	RHCEPH-10262	None	None	None	2024-11-19 19:34:55 UTC

Description Casey Bodley 2024-11-19 19:33:22 UTC

When a secondary zone running RHCS 8.0 replicates user metadata from a pre-8.0 metadata master zone, the access keys of those users are erroneously marked as "inactive". Inactive keys cannot be used to authenticate requests, so those users are denied access to the secondary zone.

Comment 1 Storage PM bot 2024-11-19 19:33:34 UTC

Please specify the severity of this bug. Severity is defined here:
https://bugzilla.redhat.com/page.cgi?id=fields.html#bug_severity.

Note You need to log in before you can comment on or make changes to this bug.