Bug #19264
closedrgw: bucket name that include slash causes public access failed
0%
Description
When bucket is created from Horizon, the bucket name will include OpenStack project ID
$ radosgw-admin bucket list [ "025e52a44acb4a058b1c36bd90b8167d\/test" ]
And then it was split into two parts because next_tok() split URL based on "/"
133015 2017-03-09 15:32:27.039645 7f345c092700 10 ver=v1 first=025e52a44acb4a058b1c36bd90b8167d req=test
133022 2017-03-09 15:32:27.039661 7f345c092700 10 s->object=test s->bucket=025e52a44acb4a058b1c36bd90b8167d
This makes user got “NoSuchBucket” when visting http://172.22.12.1:6780/swift/v1/025e52a44acb4a058b1c36bd90b8167d/test
Updated by Albert Tu about 7 years ago
Chang Liu wrote:
try to urlencode ?
It's not work because the URL will be decoded in RGWREST::preprocess()
Updated by Chang Liu about 7 years ago
Albert Tu wrote:
Chang Liu wrote:
try to urlencode ?
It's not work because the URL will be decoded in RGWREST::preprocess()
Albert, AWS's document says that bucket name contains alpha, number and '.' only. Maybe We should add more check in BucketCreate process.
Updated by Robin Johnson about 7 years ago
The swift container rules are very lax compared to S3: 256 bytes of UTF-8 characters and no slash. https://docs.openstack.org/developer/swift/api/object_api_v1_overview.html
The S3 rules are here: http://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html
Note that Ceph has previously allowed most of the AWS US-East-1 style with some strict elements.
I'll spin a patch that enforces no slash in swift containers.
Updated by Robin Johnson about 7 years ago
Updated by Chang Liu about 7 years ago
Yep, I will try to add limitation for S3 bucket name
Updated by Albert Tu about 7 years ago
The missing part.
Updated by Casey Bodley about 7 years ago
The entries returned by 'radosgw-admin bucket list' are prefixed with tenant names. If you need to refer to these buckets externally, you will need to manually parse and remove the 'tenant/' part yourself.
Updated by Nathan Cutler about 7 years ago
- Status changed from New to Fix Under Review
Updated by Daniel Gryniewicz about 4 years ago
- Status changed from Fix Under Review to Resolved