Bug #72849
closedBucket ACLS (canned and custom) are not migrated completely once the user is migrated to account
0%
Description
in rgw, whenever a bucket is created, it stores acl (default if none provided or custom or canned acl passed during create bucket or put_acl()) as bucket attrs.
The acls are stored as RGWAccessControlPolicy The data is stored across 2 members
RGWAccessControlList acl;
ACLOwner owner;
Both these members store the uid of the bucket-owner.
Now when the uid is migrated to account using below command, following code changes the owner of bucket and its acl to account id
radosgw-admin modify user --uid <user id> --account-id <acc_id>
however the bucket acls are not completely migrated as can seen here Its only migrating one member "ACLOwner owner" but did not migrate the "RGWAccessControlList acl"
The problem with this incomplete migration is, now when the migrated user (account) tries to call the CreateBucket() again it fails with error "Cannot modify existing access control policy" because the old_policy when loaded still contains the UID whereas the new request contains the ACCOUNT_ID and there is mismatch.
Updated by Krunal Chheda 7 months ago
- Status changed from New to Fix Under Review
- Pull request ID set to 65370
Updated by Upkeep Bot 7 months ago
- Status changed from Fix Under Review to Pending Backport
- Merge Commit set to 5917c0610636d57894e7cb5f41611c528f3115f9
- Fixed In set to v20.3.0-3037-g5917c06106
- Upkeep Timestamp set to 2025-09-16T19:42:56+00:00
Updated by Upkeep Bot 7 months ago
- Copied to Backport #73055: squid: Bucket ACLS (canned and custom) are not migrated completely once the user is migrated to account added
Updated by Upkeep Bot 7 months ago
- Copied to Backport #73056: tentacle: Bucket ACLS (canned and custom) are not migrated completely once the user is migrated to account added
Updated by Krunal Chheda about 1 month ago
- Status changed from Pending Backport to Resolved