Skip to content

rgw: send self zonegroup on forward to master#59305

Closed
clwluvw wants to merge 1 commit intoceph:mainfrom
clwluvw:create-bucket-forward
Closed

rgw: send self zonegroup on forward to master#59305
clwluvw wants to merge 1 commit intoceph:mainfrom
clwluvw:create-bucket-forward

Conversation

@clwluvw
Copy link
Member

@clwluvw clwluvw commented Aug 19, 2024

When creating a bucket in the secondary zonegroup, the rgwx-zonegroup is mistakenly set to the master zonegroup when forwarding the request. Instead, it should be set to the secondary zonegroup so that the master zonegroup creates the bucket for the intended zonegroup rather than for itself.

Fixes: https://tracker.ceph.com/issues/67610

@clwluvw clwluvw requested a review from a team as a code owner August 19, 2024 12:22
@github-actions github-actions bot added the rgw label Aug 19, 2024
@clwluvw clwluvw force-pushed the create-bucket-forward branch from 1704110 to ff2e7ae Compare August 19, 2024 13:13
@adamemerson adamemerson requested a review from smanjara August 22, 2024 15:26
@adamemerson
Copy link
Contributor

@smanjara Could you take a look at this and see if it seems reasonable? Thank you.

@clwluvw clwluvw force-pushed the create-bucket-forward branch from ff2e7ae to 6fec6a4 Compare September 9, 2024 22:39
@clwluvw
Copy link
Member Author

clwluvw commented Sep 9, 2024

FYI - The signature was missing the body when it wanted to forward the request (cd43689)
CC: @cbodley

@smanjara
Copy link
Contributor

the first commit dealing with rgwx-zonegroup looks correct to me.
but the commits 6873f06 and cd43689 don't seem necessary. if there is a CreateBucketConfiguration body, the payload hash will be created on the requesting zone, making it part of the forwarded request. before #59960, this forwarded request would fail with -ERR_AMZ_CONTENT_SHA256_MISMATCH because it was treated as an empty payload and expects it to contain an empty checksum matching here due to absence of request body.
is there any other scenario I am missing?

@clwluvw
Copy link
Member Author

clwluvw commented Sep 25, 2024

When the request is being forwarded, it will be forwarded via the system account. that has a different secret/access key than the original request, So the new Authz Signature must be generated by the system account's secrets including the body (cd43689).

Regarding (6873f06), right if we have #59960 merged then that wouldn't be a problem... and I guess logically with the function name ("forward") we can eliminate the coverage of this behavior. I'll drop it.

@clwluvw clwluvw force-pushed the create-bucket-forward branch from cd43689 to bf63512 Compare September 25, 2024 22:10
When creating a bucket in the secondary zonegroup, the `rgwx-zonegroup`
is mistakenly set to the master zonegroup when forwarding the request.
Instead, it should be set to the secondary zonegroup so that the master
zonegroup creates the bucket for the intended zonegroup rather than
for itself.

Fixes: https://tracker.ceph.com/issues/67610
Signed-off-by: Seena Fallah <[email protected]>
@clwluvw clwluvw force-pushed the create-bucket-forward branch from bf63512 to 9769fb2 Compare September 25, 2024 22:12
@clwluvw
Copy link
Member Author

clwluvw commented Sep 25, 2024

I guess the third commit was a consequence of my second commit :)
I couldn't think/reproduce what I had... for now I kept the first commit here.

@clwluvw
Copy link
Member Author

clwluvw commented Oct 6, 2024

Thanks for the review @smanjara - Do we need qa on this? if so can you please add the needs-qa label so someone could pick this up on his/her next qa run?

@smanjara
Copy link
Contributor

smanjara commented Dec 3, 2024

this commit was added into #60254. closing the pr.

@smanjara smanjara closed this Dec 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants