rgw/logging: bucket logging policy#634
Conversation
Signed-off-by: Yuval Lifshitz <ylifshit@ibm.com>
this commit needed to be able to run bucket logging regression against: ceph/ceph#62284 since target bucket requires policy for bucket logging to work this only covers the positive cases from bucket logging policy perspective Signed-off-by: Yuval Lifshitz <ylifshit@ibm.com>
this is to cover these checks: * source bucket ownership * "requester pays" on log bucket that were added in: ceph/ceph#62284 Signed-off-by: Yuval Lifshitz <ylifshit@ibm.com>
this is to cover new functionality added in: ceph/ceph#62284 Signed-off-by: Yuval Lifshitz <ylifshit@ibm.com>
b4b8570 to
37f188c
Compare
tests were failing in teuthology since the tenanted user name already have the tenant in its name Signed-off-by: Yuval Lifshitz <ylifshit@ibm.com>
| "Action": ["s3:PutObject"], | ||
| "Resource": "arn:aws:s3::{}:{}/{}".format(log_tenant, log_bucket_name, prefix), | ||
| "Condition": { | ||
| "ArnLike": {"aws:SourceArn": "arn:aws:s3::{}:{}".format(src_tenant, src_buckets[j])}, |
There was a problem hiding this comment.
if the goal is to test cross-tenant access, that's being deprecated in T:
- use of tenant names instead of accounts in IAM policy documents
- S3 API support for cross-tenant names such as
Bucket='tenant:bucketname'
|
bucket logging teuthology test is passing: https://pulpito.ceph.com/yuvalif-2025-03-28_13:54:20-rgw:bucket-logging-wip-yuval-70086-distro-default-smithi/ |
|
|
||
| # tenant user_id set in vstart.sh | ||
| user_id = 9876543210abcdef0123456789abcdef0123456789abcdef0123456789abcdef | ||
| user_id = testx$9876543210abcdef0123456789abcdef0123456789abcdef0123456789abcdef |
There was a problem hiding this comment.
does this not break other tests?
if you need this tenant-user's tenant name for a test case, that's exposed by get_tenant_name()
There was a problem hiding this comment.
this is what i did, but in teuthology the user id had the tenant name in it (similar to my change), and when a added it again it appeared twice there and failed the test
There was a problem hiding this comment.
ok, thanks. so i guess this change makes vstart testing consistent with teuthology 👍
Signed-off-by: Yuval Lifshitz <ylifshit@ibm.com>
|
passing with account tests: https://pulpito.ceph.com/yuvalif-2025-03-31_18:17:42-rgw:bucket-logging-wip-yuval-70086-distro-default-smithi/ |
|
@yuvalif i tried to cherry-pick these to ceph-master but had conflicts. are there other bucket logging-related commits on master that aren't on ceph-master? could i ask you to please do the cherry-picks? |
No description provided.