Fixes: #6678
We don't want to allow regular users to write to secondary zones,
otherwise we'd end up with data inconsistencies.
Signed-off-by: Yehuda Sadeh <yehuda@inktank.com>
(cherry picked from commit
6961b5254f16ac3362c3a51f5490328d23640dbf)
Conflicts:
src/rgw/rgw_rados.h
return -EPERM;
}
+ if (!s->system_request &&
+ (required_mask & (RGW_OP_TYPE_WRITE | RGW_OP_TYPE_DELETE)) &&
+ !store->zone.is_master) {
+ ldout(s->cct, 5) << "NOTICE: modify request to a non-master zone by a non-system user, permission denied" << dendl;
+ return -EPERM;
+ }
+
return 0;
}
return -EIO;
}
+ is_master = (name == region.master_zone) || (region.master_zone.empty() && name == "default");
+
+ ldout(cct, 2) << "zone " << name << " is " << (is_master ? "" : "NOT ") << "master" << dendl;
+
return 0;
}
rgw_bucket user_uid_pool;
string name;
+ bool is_master;
RGWAccessKey system_key;
map<string, RGWZonePlacementInfo> placement_pools;
+ RGWZoneParams() : is_master(false) {}
+
static string get_pool_name(CephContext *cct);
void init_name(CephContext *cct, RGWRegion& region);
int init(CephContext *cct, RGWRados *store, RGWRegion& region);
projects / ceph.git / commitdiff