Bug #42786
openUser use doscli can not get、info or put objects in other buckets within ":" in those objects even the user have the permission.
0%
Description
Problem recurrence steps
[Test Details]
1. Create two users A and B
2. Set bucket policy of user A and grant full access to user B.
3. Upload an object with a ":" in the name to the bucket of user A, such as "AAA: BBB", and then use user B try to info and get the object.
4. Use user B to try to put a new object with ":" in the name into the bucket of user A.
[Expected Results]
1. Steps 3 and 4 are successful
[Actual Results]
1. Steps 3 and 4: error reported and rejected
The cause of the problem: S3 resource description statement is "arn: aws: S3::: bucket / object". When matching the bucket policy, we will first match the S3 resource description statement with regular expression "arn: ([^:] ): ([^:] *): ([^:] *): ([^:] *): (. *)" . Finally, when comparing the "bucket / object" with the actual value, we will match the style with ":", such as the style "" and the actual value "bucket01 / aa: aa / " If they are divided into "", "bucket01 / aa" and "aa", they will not match.
Updated by Casey Bodley over 4 years ago
- Status changed from New to Triaged
- Assignee set to Adam Emerson
@Adam DC949, does this look like a parsing bug?
Updated by Adam Emerson almost 3 years ago
- Assignee changed from Adam Emerson to Pritha Srivastava