2406837 – [RGW]GetBucketLocation fails in Ceph 8.1 when bucket owner assumes a role (ownership check skipped for non account users)

This project is now read‑only. Starting Monday, February 2, please use Jira Cloud for all bug tracking management.

Bug 2406837 - [RGW]GetBucketLocation fails in Ceph 8.1 when bucket owner assumes a role (ownership check skipped for non account users)

Summary: [RGW]GetBucketLocation fails in Ceph 8.1 when bucket owner assumes a role (ow...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Ceph Storage
Classification:	Red Hat Storage
Component:	RGW
Sub Component:
Version:	8.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	9.0
Assignee:	Matt Benjamin (redhat)
QA Contact:	Tejas
Docs Contact:	Rivka Pollack
URL:
Whiteboard:
Depends On:
Blocks:	2388233 2416101
TreeView+	depends on / blocked

Reported:	2025-10-28 15:27 UTC by Vidushi Mishra
Modified:	2026-01-29 07:04 UTC (History)
CC List:	9 users (show)
Fixed In Version:	ceph-20.1.0-104
Doc Type:	Bug Fix
Doc Text:	.ACL checks after `AssumeRole` are now correctly enforced Previously, incorrect logic failed to verify ACLs after an `AssumeRole` operation. As a result, checks for explicit ACL grants failed incorrectly. With this fix, `RoleApplier::get_perms_from_aclspec()` now calls `rgw_perms_from_aclspec_default_strategy()` to check for matching ACL grants. Additionally, missing `RoleApplier` support has been added to grant access based on ACLs.
Clone Of:
Clones:	2416101 (view as bug list)
Environment:
Last Closed:	2026-01-29 07:02:48 UTC
Embargoed:
Dependent Products:
Flags:	mkasturi: needinfo+

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Ceph Project Bug Tracker	73659	None	None	None	2025-10-28 17:39:00 UTC
Github	ceph ceph pull 66078	None	open	rgw/sts: RoleApplier respects ACL grants	2025-10-28 17:39:00 UTC
Red Hat Issue Tracker	RHCEPH-12953	None	None	None	2026-01-29 07:04:29 UTC
Red Hat Product Errata	RHSA-2026:1536	None	None	None	2026-01-29 07:03:04 UTC

Comment 8 errata-xmlrpc 2026-01-29 07:02:48 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: Red Hat Ceph Storage 9.0 Security and Enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2026:1536

Note You need to log in before you can comment on or make changes to this bug.