Skip to content

rgw: use effective owner in PutBucketReplication#59913

Merged
ivancich merged 1 commit intoceph:mainfrom
clwluvw:bucketreplication-uid
Feb 5, 2025
Merged

rgw: use effective owner in PutBucketReplication#59913
ivancich merged 1 commit intoceph:mainfrom
clwluvw:bucketreplication-uid

Conversation

@clwluvw
Copy link
Member

@clwluvw clwluvw commented Sep 20, 2024

As PutBucketReplication requests are forwarded to the master, it needs to use the effective owner to set the correct (client) uid for the sync pipe rather than the system user.

Fixes: https://tracker.ceph.com/issues/68172

@github-actions github-actions bot added the tests label Sep 25, 2024
@clwluvw clwluvw force-pushed the bucketreplication-uid branch 2 times, most recently from a4eb2ba to e0b639c Compare November 15, 2024 18:33
@github-actions
Copy link

github-actions bot commented Jan 3, 2025

This pull request can no longer be automatically merged: a rebase is needed and changes have to be manually resolved

@clwluvw clwluvw force-pushed the bucketreplication-uid branch from e0b639c to 4e3822d Compare January 7, 2025 16:40
@clwluvw clwluvw force-pushed the bucketreplication-uid branch from 4e3822d to cad7d7d Compare January 7, 2025 19:22
As PutBucketReplication requests are forwarded to the master, it
needs to use the effective owner to set the correct (client) as the
uid for sync pipe rather than the system user.

sync policies require a valid UID for authorization when operating in
rgw_sync_pipe_params::Mode::MODE_USER mode. Currently, when forwarding
requests to the master, rgwx-uid holds the ACLOwner string rather than
a UID, which can't be used for sync policy checks. Until this is
properly implemented, we are rejecting PutBucketReplication calls for
account holders.

Fixes: https://tracker.ceph.com/issues/68172
Signed-off-by: Seena Fallah <[email protected]>
@clwluvw clwluvw force-pushed the bucketreplication-uid branch from cad7d7d to ad51353 Compare January 7, 2025 19:41
@clwluvw clwluvw added needs-qa and removed tests labels Jan 7, 2025
@clwluvw
Copy link
Member Author

clwluvw commented Jan 8, 2025

jenkins test api

@ivancich ivancich added the wip-eric-testing-1 for ivancich testing label Jan 31, 2025
@ivancich ivancich merged commit 5131bbc into ceph:main Feb 5, 2025
4 checks passed
@ivancich ivancich removed needs-qa wip-eric-testing-1 for ivancich testing labels Mar 5, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants