Actions
Bug #66177
openrgw: implement ConfirmRemoveSelfBucketAccess header for bucket policy
% Done:
0%
Source:
Community (dev)
Backport:
squid reef
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Tags (freeform):
backport_processed
Merge Commit:
Fixed In:
v20.0.0-603-g3674e92f8d
Released In:
v20.2.0~815
Upkeep Timestamp:
2025-11-22T00:46:30+00:00
Description
According to https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketPolicy.html
To ensure that bucket owners don't inadvertently lock themselves out of their own buckets, the root principal in a bucket owner's AWS account can perform the GetBucketPolicy, PutBucketPolicy, and DeleteBucketPolicy API actions, even if their bucket policy explicitly denies the root principal's access. Bucket owner root principals can only be blocked from performing these API actions by VPC endpoint policies and AWS Organizations policies.
By implementing the `x-amz-confirm-remove-self-bucket-access` header this privilege can also be dropped from the root user.
Updated by Seena Fallah almost 2 years ago
Updated by Casey Bodley about 1 year ago
- Status changed from New to Pending Backport
- Assignee set to Seena Fallah
Updated by Upkeep Bot about 1 year ago
- Copied to Backport #70564: squid: rgw: implement ConfirmRemoveSelfBucketAccess header for bucket policy added
Updated by Upkeep Bot about 1 year ago
- Copied to Backport #70565: reef: rgw: implement ConfirmRemoveSelfBucketAccess header for bucket policy added
Updated by Upkeep Bot about 1 year ago
- Tags (freeform) set to backport_processed
Updated by Konstantin Shalygin 6 months ago
- Tracker changed from Feature to Bug
- Source set to Community (dev)
- Pull request ID set to 57629
- Regression set to No
- Severity set to 3 - minor
Updated by Upkeep Bot 6 months ago
- Merge Commit set to 3674e92f8d1e75151513c1e89637ea2a458d910e
- Fixed In set to v20.0.0-603-g3674e92f8d
- Released In set to v20.2.0~815
- Upkeep Timestamp set to 2025-11-22T00:46:30+00:00
Actions