Reviewed: https://review.opendev.org/c/openstack/swift/+/966068 Committed: https://opendev.org/openstack/swift/commit/ec975b1c74760421f1c25bdd0982f6ecf3eeb0ee Submitter: "Zuul (22348)" Branch: unmaintained/2024.1
commit ec975b1c74760421f1c25bdd0982f6ecf3eeb0ee Author: Tim Burke <[email protected]> Date: Fri Oct 31 09:11:39 2025 -0700 s3token: Pass service auth token to Keystone Recent versions of Keystone require auth tokens when accessing the /v3/s3tokens endpoint to prevent exposure of a lot of information that a user who just has a presigned URL should not be able to see. UpgradeImpact ============= The s3token middleware now requires Keystone auth credentials to be configured. If secret_cache_duration is enabled, these credentials should already be configured. Without these credentials, Keystone users will no longer be able to make S3 API requests. Closes-Bug: #2119646 Change-Id: Ie80bc33d0d9de17ca6eaad3b43628724538001f6 Signed-off-by: Tim Burke <[email protected]> -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2119646 Title: presigned S3 URLs can be used to obtain a full access to the keystone account To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/2119646/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
