Bug 2406837
| Summary: | [RGW]GetBucketLocation fails in Ceph 8.1 when bucket owner assumes a role (ownership check skipped for non account users) | |||
|---|---|---|---|---|
| Product: | [Red Hat Storage] Red Hat Ceph Storage | Reporter: | Vidushi Mishra <vimishra> | |
| Component: | RGW | Assignee: | Matt Benjamin (redhat) <mbenjamin> | |
| Status: | CLOSED ERRATA | QA Contact: | Tejas <tchandra> | |
| Severity: | high | Docs Contact: | Rivka Pollack <rpollack> | |
| Priority: | unspecified | |||
| Version: | 8.1 | CC: | bkunal, cbodley, ceph-eng-bugs, cephqe-warriors, mkasturi, prsrivas, rpollack, tchandra, tserlin | |
| Target Milestone: | --- | Flags: | mkasturi:
needinfo+
|
|
| Target Release: | 9.0 | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | ceph-20.1.0-104 | Doc Type: | Bug Fix | |
| Doc Text: |
.ACL checks after `AssumeRole` are now correctly enforced
Previously, incorrect logic failed to verify ACLs after an `AssumeRole` operation. As a result, checks for explicit ACL grants failed incorrectly.
With this fix, `RoleApplier::get_perms_from_aclspec()` now calls `rgw_perms_from_aclspec_default_strategy()` to check for matching ACL grants. Additionally, missing `RoleApplier` support has been added to grant access based on ACLs.
|
Story Points: | --- | |
| Clone Of: | ||||
| : | 2416101 (view as bug list) | Environment: | ||
| Last Closed: | 2026-01-29 07:02:48 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 2388233, 2416101 | |||
|
Comment 8
errata-xmlrpc
2026-01-29 07:02:48 UTC
|