Project

General

Profile

Bug #20252

RGW:RGWPutBucketPolicy error when set BucketPolicy again without delete pre set Policy

Added by joke lee over 1 year ago. Updated about 1 year ago.

Status:
Need More Info
Priority:
Normal
Assignee:
-
Target version:
-
Start date:
06/12/2017
Due date:
% Done:

0%

Source:
Tags:
Backport:
jewel
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:

Description

hi,when i create a bucket and set policy to the bucket,use

s3cmd setpolicy 2-referpolicy  s3://test1
it set policy success. but when i rerun
s3cmd setpolicy 2-referpolicy  s3://test1
and
then

s3cmd ls s3://test1
and it return 403 access deny,

and i found it is rapidjson::KParseErrorDocumentRootNotSigngular error,

and i found the policy turn to be

"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [{\n \"Effect\": \"Allow\",\n \"Principal\": \"*\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": [\n \"arn:aws:s3:::test3/*\"\n ],\n \"Condition\": {\n \"StringLike\": {\n \"aws:Referer\": \"http://www.baidu.com\"\n }\n }\n }]\n}\n{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":\"*\",\"Action\":\"s3:GetObject\",\"Resource\":[\"arn:aws:s3:::test3/*\"],\"Condition\":{\"StringLike\":{\"aws:Referer\":\"http://www.baidu.com\"}}}]}\n"

yes, it append to the pre set policy, rather to take place of it.

so, we need to clear() before append

https://github.com/ceph/ceph/pull/15617 this pr fix the problem


Related issues

Copied to rgw - Backport #20406: jewel: RGW:RGWPutBucketPolicy error when set BucketPolicy again without delete pre set Policy Need More Info

History

#1 Updated by Nathan Cutler over 1 year ago

  • Status changed from New to Need Review

#2 Updated by joke lee over 1 year ago

can this pr backport to jewel

#3 Updated by Nathan Cutler over 1 year ago

  • Status changed from Need Review to Pending Backport
  • Backport set to jewel

#4 Updated by Nathan Cutler over 1 year ago

  • Copied to Backport #20406: jewel: RGW:RGWPutBucketPolicy error when set BucketPolicy again without delete pre set Policy added

#5 Updated by Nathan Cutler about 1 year ago

joke lee wrote:

can this pr backport to jewel

Hi joke lee - I tried to backport this bugfix to jewel, but the feature it is fixing - https://github.com/ceph/ceph/pull/14307 - is not in jewel at all.

It's quite late in the jewel release cycle to be adding features, but if you can convince the rgw developers to do it... ?

#6 Updated by Nathan Cutler about 1 year ago

  • Status changed from Pending Backport to Need More Info

Also available in: Atom PDF