Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1526222 - radosgw ACL are not correctly working with Swift CLI
Summary: radosgw ACL are not correctly working with Swift CLI
Keywords:
Status: CLOSED DUPLICATE of bug 1516099
Alias: None
Product: Red Hat Ceph Storage
Classification: Red Hat
Component: RGW
Version: 2.4
Hardware: x86_64
OS: Linux
high
high
Target Milestone: rc
: 2.5
Assignee: Marcus Watts
QA Contact: ceph-qe-bugs
URL:
Whiteboard:
Depends On: 1516099 1552234
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-12-15 03:14 UTC by Gregory Meno
Modified: 2018-06-26 23:45 UTC (History)
17 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1516099
Environment:
Last Closed: 2017-12-20 21:57:23 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Gregory Meno 2017-12-15 03:14:32 UTC
+++ This bug was initially created as a clone of Bug #1516099 +++

Description of problem:
Setting an ACL when posting with Swift ACL is not always working correctly.

Version-Release number of selected component (if applicable):
OSP11

How reproducible:
Every time

Steps to Reproduce:
1. swift post TESTCONTAINER
2. swift stat TESTCONTAINER
3. swift post -r '.r:*,.rlistings' -w '*:*' TESTCONTAINER
4. swift stat TESTCONTAINER

Actual results:
swift stat TESTCONTAINER
                      Account: v1
                    Container: TESTCONTAINER
                      Objects: 0
                        Bytes: 0
                     Read ACL: .r:*
                    Write ACL:
                      Sync To:
                     Sync Key:
                Accept-Ranges: bytes
                   X-Trans-Id: tx0000000000000000000ef-005a14f88c-2d0d0-def=
ault
             X-Storage-Policy: default-placement
X-Container-Bytes-Used-Actual: 0
                  X-Timestamp: 1511323785.72340
                 Content-Type: text/plain; charset=3Dutf-8

Expected results (with proper Swift):
swift stat TESTCONTAINER
               Account: AUTH_ef90a334c2e744038f8b93eeec17dd7f
             Container: TESTCONTAINER
               Objects: 0
                 Bytes: 0
              Read ACL: .r:*,.rlistings
             Write ACL: *:*
               Sync To:
              Sync Key:
         Accept-Ranges: bytes
            X-Trans-Id: tx52a54224918248e4821f6-005a14f7f1
      X-Storage-Policy: Policy-0
         Last-Modified: Wed, 22 Nov 2017 04:07:13 GMT
           X-Timestamp: 1511323628.00466
          Content-Type: text/plain; charset=3Dutf-8
X-Openstack-Request-Id: tx52a54224918248e4821f6-005a14f7f1

Additional info:
The Ceph doc at http://docs.ceph.com/docs/master/radosgw/swift/containerops=
/#update-a-container-s-acls says:

"You may also specify * in the X-Container-Read or X-Container-Write settin=
gs, which effectively enables all users to either read from or write to the=
 container. Setting * makes the container public."

However that doesn't work either:

$ swift post -r '*' -w '*' TESTCONTAINER ; swift stat TESTCONTAINER
                      Account: v1
                    Container: TESTCONTAINER
                      Objects: 0
                        Bytes: 0
                     Read ACL:
                    Write ACL:
                      Sync To:
                     Sync Key:
                Accept-Ranges: bytes
             X-Storage-Policy: default-placement
X-Container-Bytes-Used-Actual: 0
                  X-Timestamp: 1511323785.72340
                   X-Trans-Id: tx000000000000000000172-005a14f8e3-2abe4-def=
ault
                 Content-Type: text/plain; charset=3Dutf-8

--- Additional comment from Keith Schincke on 2017-12-06 23:00:32 EST ---

Performed the following tests with OSP11/Ocata using example command from (1):

* Set read and write(world writeable) ACLs on a bucket:
stack@undercloud ~]$ swift post --read-acl ".r:*" --write-acl "*:*" my_test
[stack@undercloud ~]$ echo $?
0
[stack@undercloud ~]$ swift stat my_test
                      Account: v1
                    Container: my_test
                      Objects: 0
                        Bytes: 0
                     Read ACL: .r:*
                    Write ACL:
                      Sync To:
                     Sync Key:
                Accept-Ranges: bytes
                   X-Trans-Id: tx00000000000000000000b-005a28b987-5e48-default
             X-Storage-Policy: default-placement
X-Container-Bytes-Used-Actual: 0
                  X-Timestamp: 1512618054.03552
                 Content-Type: text/plain; charset=utf-8

* Set project writable on a bucket:
[stack@undercloud ~]$ swift post --read-acl ".r:*" --write-acl "admin" my_test
[stack@undercloud ~]$ swift stat my_test
                      Account: v1
                    Container: my_test
                      Objects: 0
                        Bytes: 0
                     Read ACL: .r:*
                    Write ACL:
                      Sync To:
                     Sync Key:
                Accept-Ranges: bytes
                   X-Trans-Id: tx00000000000000000000d-005a28ba1d-5e48-default
             X-Storage-Policy: default-placement
X-Container-Bytes-Used-Actual: 0
                  X-Timestamp: 1512618054.03552
                 Content-Type: text/plain; charset=utf-8

Performed the following test with OSP latest and Ceph Luminous:

* set world writable acl on bucket:
(overcloud) [stack@undercloud ~]$ swift list
(overcloud) [stack@undercloud ~]$ swift post my_test2
(overcloud) [stack@undercloud ~]$ swift stat my_test2
                      Account: v1
                    Container: my_test2
                      Objects: 0
                        Bytes: 0
                     Read ACL:
                    Write ACL:
                      Sync To:
                     Sync Key:
                Accept-Ranges: bytes
             X-Storage-Policy: default-placement
X-Container-Bytes-Used-Actual: 0
                  X-Timestamp: 1512577698.94967
                   X-Trans-Id: tx000000000000000000601-005a281aac-1021-default
                 Content-Type: text/plain; charset=utf-8
       X-Openstack-Request-Id: tx000000000000000000601-005a281aac-1021-default
(overcloud) [stack@undercloud ~]$ swift post --write-acl '*:*' my_test2
(overcloud) [stack@undercloud ~]$ swift stat my_test2
                      Account: v1
                    Container: my_test2
                      Objects: 0
                        Bytes: 0
                     Read ACL:
                    Write ACL: *:*
                      Sync To:
                     Sync Key:
                Accept-Ranges: bytes
             X-Storage-Policy: default-placement
X-Container-Bytes-Used-Actual: 0
                  X-Timestamp: 1512577698.94967
                   X-Trans-Id: tx000000000000000000618-005a281ad7-1021-default
                 Content-Type: text/plain; charset=utf-8
       X-Openstack-Request-Id: tx000000000000000000618-005a281ad7-1021-default


We will talk about this issue on the team and recommend additional action or reassignment of this BZ. 
 

1: https://docs.openstack.org/swift/latest/overview_acl.html

Comment 7 Matt Benjamin (redhat) 2017-12-20 21:57:23 UTC

*** This bug has been marked as a duplicate of bug 1516099 ***


Note You need to log in before you can comment on or make changes to this bug.