Unable to set swift container ACL's on existing containers

Bug #1322498 reported by James Page on 2014-05-23
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
ceph (Ubuntu)
High
Unassigned
Trusty
High
Unassigned
Utopic
High
Unassigned

Bug Description

[Impact]
Ceph RADOS Gateway users are unable to change ACL's on existing containers. Also breaks usage by juju.

[Test Case]
swift post -r '.r:*,.rlistings' 61853c5a-e1d4-11e3-b125-2c768a4f56ac
swift post -r '.r:*,.rlistings' 61853c5a-e1d4-11e3-b125-2c768a4f56ac
  ->
Container POST failed:
http://10.98.191.31/swift/v1/61853c5a-e1d4-11e3-b125-2c768a4f56ac 401
Unauthorized AccessDenied

[Regression Potential]
Minimal - the code change is limited in scope and is from the primary upstream developer.

[Original Bug Report]
Upstream bug: http://tracker.ceph.com/issues/8428

Setting ACL's on initial container creation works just fine:

$ swift post -r '.r:*,.rlistings' 61853c5a-e1d4-11e3-b125-2c768a4f56ac

container is created with ".r:*" read acl

but if I try to update the ACL post creation, I get a 401 unauthorized:

$ swift post -r '.r:*,.rlistings' 61853c5a-e1d4-11e3-b125-2c768a4f56ac
Container POST failed:
http://10.98.191.31/swift/v1/61853c5a-e1d4-11e3-b125-2c768a4f56ac 401
Unauthorized AccessDenied

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: radosgw 0.80.1-0ubuntu1
ProcVersionSignature: User Name 3.13.0-24.46-generic 3.13.9
Uname: Linux 3.13.0-24-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.2
Architecture: amd64
Date: Fri May 23 07:57:02 2014
ProcEnviron:
 TERM=screen-bce
 PATH=(custom, no user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: ceph
UpgradeStatus: No upgrade log present (probably fresh install)

James Page (james-page) wrote :
James Page (james-page) wrote :

Note that this is not a proposed regression - 0.79 also has this problem.

Changed in ceph (Ubuntu):
importance: Undecided → High
Changed in ceph (Ubuntu Trusty):
importance: Undecided → High
status: New → Triaged
Changed in ceph (Ubuntu Utopic):
status: New → Triaged
James Page (james-page) on 2014-05-23
description: updated
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ceph - 0.80.1-1ubuntu1

---------------
ceph (0.80.1-1ubuntu1) utopic; urgency=medium

  * Fix issue setting Swift ACL's on existing containers (LP: #1322498):
    - d/p/bug-8428.patch: Cherry pick proposed fix from upstream VCS.
 -- James Page <email address hidden> Fri, 23 May 2014 14:08:25 +0100

Changed in ceph (Ubuntu Utopic):
status: Triaged → Fix Released

Hello James, or anyone else affected,

Accepted ceph into trusty-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/ceph/0.80.1-0ubuntu1.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in ceph (Ubuntu Trusty):
status: Triaged → Fix Committed
tags: added: verification-needed
James Page (james-page) wrote :

Tested OK - marking verification-done

tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ceph - 0.80.1-0ubuntu1.1

---------------
ceph (0.80.1-0ubuntu1.1) trusty; urgency=medium

  * Fix issue setting Swift ACL's on existing containers (LP: #1322498):
    - d/p/bug-8428.patch: Cherry pick proposed fix from upstream VCS.
 -- James Page <email address hidden> Mon, 02 Jun 2014 09:09:37 +0100

Changed in ceph (Ubuntu Trusty):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for ceph has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers