Hello everyone,
We have a ceph cluster which was recently updated from octopus(15.2.12) to
pacific(16.2.13). There has been a problem in multi part upload, which is,
when doing UPLOAD_PART_COPY from a valid and existing previously uploaded
part, it gets 403, ONLY WHEN IT'S CALLED BY SERVICE-USER. The same scenario
gets a 200 response by a full-access sub-user, and both sub-user and
service-user get 200 on the same scenario in octopus version. The policy
for service user access is as below:
{
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam:::user/wid:suserid"
},
"Action": "*",
"Resource": [
"arn:aws:s3:::bucketname",
"arn:aws:s3:::bucketname/*"
]
}
]
} Note that this very service-user can perform a multi-part upload without
any problem on both versions, only the upload_part_copy and only on
pacific, it gets 403; which makes it unlikely to be an access problem. Has
anyone encountered this issue?
I performed multi-part upload using boto3 but there has been the same issue
on other clients as well.
regards
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx
