rgw: use effective owner in PutBucketReplication#59913
Merged
Conversation
cbodley
reviewed
Sep 25, 2024
clwluvw
commented
Nov 14, 2024
clwluvw
force-pushed
the
bucketreplication-uid
branch
2 times, most recently
from
a4eb2ba to
e0b639c
Compare
|
This pull request can no longer be automatically merged: a rebase is needed and changes have to be manually resolved |
clwluvw
force-pushed
the
bucketreplication-uid
branch
from
e0b639c to
4e3822d
Compare
cbodley
reviewed
Jan 7, 2025
clwluvw
force-pushed
the
bucketreplication-uid
branch
from
4e3822d to
cad7d7d
Compare
As PutBucketReplication requests are forwarded to the master, it needs to use the effective owner to set the correct (client) as the uid for sync pipe rather than the system user. sync policies require a valid UID for authorization when operating in rgw_sync_pipe_params::Mode::MODE_USER mode. Currently, when forwarding requests to the master, rgwx-uid holds the ACLOwner string rather than a UID, which can't be used for sync policy checks. Until this is properly implemented, we are rejecting PutBucketReplication calls for account holders. Fixes: https://tracker.ceph.com/issues/68172 Signed-off-by: Seena Fallah <[email protected]>
clwluvw
force-pushed
the
bucketreplication-uid
branch
from
cad7d7d to
ad51353
Compare
cbodley
approved these changes
Jan 7, 2025
Member
Author
|
jenkins test api |
Member
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
As PutBucketReplication requests are forwarded to the master, it needs to use the effective owner to set the correct (client) uid for the sync pipe rather than the system user.
Fixes: https://tracker.ceph.com/issues/68172