[ceph-users] Re: owner locked out of bucket via bucket policy

2023-11-08 Thread Jayanth Reddy
we identified that there were bucket >> policies set from the initial days; we were in v16.2.12. >> >>>> We upgraded the cluster to v17.2.7 two days ago and it seems obvious >> that the IAM error logs are generated the next minute rgw daemon upgraded >> from v16.2.1

[ceph-users] Re: owner locked out of bucket via bucket policy

2023-11-08 Thread Siddhit Renake
Hello Casey, Our Production buckets are impacted due to this issue. We have downgraded Ceph version from 17.2.7 to 17.2.6 but still we are getting "bucket policy parsing" error while accessing the buckets. rgw_policy_reject_invalid_principals is not present in 17.2.6 as configurable parameter.

[ceph-users] Re: owner locked out of bucket via bucket policy

2023-11-08 Thread Jayanth Reddy
minute rgw daemon upgraded > from v16.2.12 to v17.2.7. Looks like there is some issue with parsing. > >>>> > >>>> I'm thinking to downgrade back to v17.2.6 and earlier, please let me > know if this is a good option for now. > >>>> > >>>&g

[ceph-users] Re: owner locked out of bucket via bucket policy

2023-11-08 Thread Casey Bodley
e cluster to v17.2.7 two days ago and it seems obvious that >>>> the IAM error logs are generated the next minute rgw daemon upgraded from >>>> v16.2.12 to v17.2.7. Looks like there is some issue with parsing. >>>> >>>> I'm thinking to downgrade back

[ceph-users] Re: owner locked out of bucket via bucket policy

2023-11-08 Thread Jayanth Reddy
know if this is a good option for now. >>> >>> Thanks, >>> Jayanth >>> ------ >>> *From:* Jayanth Reddy >>> *Sent:* Tuesday, November 7, 2023 11:59:38 PM >>> *To:* Casey Bodley >>> *Cc:* Wesley Di

[ceph-users] Re: owner locked out of bucket via bucket policy

2023-11-08 Thread Wesley Dillingham
>> Thanks, >> Jayanth >> -- >> *From:* Jayanth Reddy >> *Sent:* Tuesday, November 7, 2023 11:59:38 PM >> *To:* Casey Bodley >> *Cc:* Wesley Dillingham ; ceph-users < >> ceph-users@ceph.io>; Adam Emerson >

[ceph-users] Re: owner locked out of bucket via bucket policy

2023-11-08 Thread Jayanth Reddy
:* Jayanth Reddy > *Sent:* Tuesday, November 7, 2023 11:59:38 PM > *To:* Casey Bodley > *Cc:* Wesley Dillingham ; ceph-users < > ceph-users@ceph.io>; Adam Emerson > *Subject:* Re: [ceph-users] Re: owner locked out of bucket via bucket >

[ceph-users] Re: owner locked out of bucket via bucket policy

2023-11-07 Thread Jayanth Reddy
: Wesley Dillingham ; ceph-users ; Adam Emerson Subject: Re: [ceph-users] Re: owner locked out of bucket via bucket policy Hello Casey, Thank you for the quick response. I see `rgw_policy_reject_invalid_principals` is not present in v17.2.7. Please let me know. Regards Jayanth On Tue, Nov 7

[ceph-users] Re: owner locked out of bucket via bucket policy

2023-11-07 Thread Jayanth Reddy
Hello Casey, Thank you for the quick response. I see `rgw_policy_reject_invalid_principals` is not present in v17.2.7. Please let me know. Regards Jayanth On Tue, Nov 7, 2023 at 11:50 PM Casey Bodley wrote: > On Tue, Nov 7, 2023 at 12:41 PM Jayanth Reddy > wrote: > > > > Hello Wesley and

[ceph-users] Re: owner locked out of bucket via bucket policy

2023-11-07 Thread Casey Bodley
On Tue, Nov 7, 2023 at 12:41 PM Jayanth Reddy wrote: > > Hello Wesley and Casey, > > We've ended up with the same issue and here it appears that even the user > with "--admin" isn't able to do anything. We're now unable to figure out if > it is due to bucket policies, ACLs or IAM of some sort.

[ceph-users] Re: owner locked out of bucket via bucket policy

2023-11-07 Thread Jayanth Reddy
Hello Wesley and Casey, We've ended up with the same issue and here it appears that even the user with "--admin" isn't able to do anything. We're now unable to figure out if it is due to bucket policies, ACLs or IAM of some sort. I'm seeing these IAM errors in the logs ``` Nov 7 00:02:00

[ceph-users] Re: owner locked out of bucket via bucket policy

2023-10-26 Thread Wesley Dillingham
Thank you, this has worked to remove the policy. Respectfully, *Wes Dillingham* w...@wesdillingham.com LinkedIn On Wed, Oct 25, 2023 at 5:10 PM Casey Bodley wrote: > On Wed, Oct 25, 2023 at 4:59 PM Wesley Dillingham > wrote: > > > > Thank you, I

[ceph-users] Re: owner locked out of bucket via bucket policy

2023-10-25 Thread Casey Bodley
On Wed, Oct 25, 2023 at 4:59 PM Wesley Dillingham wrote: > > Thank you, I am not sure (inherited cluster). I presume such an admin user > created after-the-fact would work? yes > Is there a good way to discover an admin user other than iterate over all > users and retrieve user information?

[ceph-users] Re: owner locked out of bucket via bucket policy

2023-10-25 Thread Wesley Dillingham
Thank you, I am not sure (inherited cluster). I presume such an admin user created after-the-fact would work? Is there a good way to discover an admin user other than iterate over all users and retrieve user information? (I presume radosgw-admin user info --uid=" would illustrate such

[ceph-users] Re: owner locked out of bucket via bucket policy

2023-10-25 Thread Casey Bodley
if you have an administrative user (created with --admin), you should be able to use its credentials with awscli to delete or overwrite this bucket policy On Wed, Oct 25, 2023 at 4:11 PM Wesley Dillingham wrote: > > I have a bucket which got injected with bucket policy which locks the > bucket