Project

General

Profile

Actions
Copy link

Bug #20252

closed

RGW:RGWPutBucketPolicy error when set BucketPolicy again without delete pre set Policy

Added by joke lee almost 7 years ago. Updated over 5 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Target version:
-
% Done:

0%

Source:
Tags:
Backport:
jewel
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

hi,when i create a bucket and set policy to the bucket,use

s3cmd setpolicy 2-referpolicy  s3://test1
it set policy success. but when i rerun
s3cmd setpolicy 2-referpolicy  s3://test1
and
then

s3cmd ls s3://test1
and it return 403 access deny,

and i found it is rapidjson::KParseErrorDocumentRootNotSigngular error,

and i found the policy turn to be

"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [{\n \"Effect\": \"Allow\",\n \"Principal\": \"*\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": [\n \"arn:aws:s3:::test3/*\"\n ],\n \"Condition\": {\n \"StringLike\": {\n \"aws:Referer\": \"http://www.baidu.com\"\n }\n }\n }]\n}\n{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":\"*\",\"Action\":\"s3:GetObject\",\"Resource\":[\"arn:aws:s3:::test3/*\"],\"Condition\":{\"StringLike\":{\"aws:Referer\":\"http://www.baidu.com\"}}}]}\n"

yes, it append to the pre set policy, rather to take place of it.

so, we need to clear() before append

https://github.com/ceph/ceph/pull/15617 this pr fix the problem

Related issues 1 (0 open1 closed)

Copied to rgw - Backport #20406: jewel: RGW:RGWPutBucketPolicy error when set BucketPolicy again without delete pre set PolicyRejectedActions
Actions
Copy link
 #1

Updated by Nathan Cutler almost 7 years ago

  • Status changed from New to Fix Under Review
Actions
Copy link
 #2

Updated by joke lee almost 7 years ago

can this pr backport to jewel

Actions
Copy link
 #3

Updated by Nathan Cutler almost 7 years ago

  • Status changed from Fix Under Review to Pending Backport
  • Backport set to jewel
Actions
Copy link
 #4

Updated by Nathan Cutler almost 7 years ago

  • Copied to Backport #20406: jewel: RGW:RGWPutBucketPolicy error when set BucketPolicy again without delete pre set Policy added
Actions
Copy link
 #5

Updated by Nathan Cutler over 6 years ago

joke lee wrote:

can this pr backport to jewel

Hi joke lee - I tried to backport this bugfix to jewel, but the feature it is fixing - https://github.com/ceph/ceph/pull/14307 - is not in jewel at all.

It's quite late in the jewel release cycle to be adding features, but if you can convince the rgw developers to do it... ?

Actions
Copy link
 #6

Updated by Nathan Cutler over 6 years ago

  • Status changed from Pending Backport to Need More Info
Actions
Copy link
 #7

Updated by Nathan Cutler over 5 years ago

  • Status changed from Need More Info to Resolved
Actions
Copy link

Also available in: Atom PDF