Project

General

Profile

Actions
Copy link

Bug #21013

closed

RGW: Get Bucket ACL does not honor the s3:GetBucketACL action

Added by Abhishek Lekshmanan over 6 years ago. Updated over 6 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Abhishek Lekshmanan
Target version:
-
% Done:

0%

Source:
Tags:
Backport:
luminous
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

We seem to use GetObjectACL for both object and bucket acl and not support GetBucketACL

import boto3
import json

from botocore.client import Config
if __name__ == "__main__":
    s3 = boto3.client('s3','us-east-1', endpoint_url='http://localhost:8000',
                      aws_access_key_id = 'access1',
                      aws_secret_access_key = 'secret1',
    #                  config = Config(signature_version='s3')
    )

    s3_2 = boto3.client('s3','us-east-1', endpoint_url='http://localhost:8000',
                      aws_access_key_id = 'access2',
                      aws_secret_access_key = 'secret2',
    #                  config = Config(signature_version='s3')
    )

    bucket_name = 'policytest'
    b = s3.create_bucket(Bucket = bucket_name)
    bucket_policy = {
    'Version': '2012-10-17',
    'Statement': [{
        'Sid': 'AddPerm',
        'Effect': 'Allow',
        'Principal': '*',
        'Action': ['s3:GetBucketAcl'],
        'Resource': "arn:aws:s3:::%s" % bucket_name,
    }]
    }

    bucket_policy = json.dumps(bucket_policy)
    s3.put_bucket_policy(Bucket=bucket_name, Policy=bucket_policy)
    orig_bucket_acl = s3.get_bucket_acl(Bucket=bucket_name)
    print ("original acl")
    print (json.dumps(orig_bucket_acl, indent=2))
    bucket_acl = s3_2.get_bucket_acl(Bucket=bucket_name)
    print (json.dumps(bucket_acl, indent=2))

This would error out currently and pass if we change the conditional to `s3:GetObjectACL` instead

Related issues 1 (0 open1 closed)

Copied to rgw - Backport #21056: RGW: Get Bucket ACL does not honor the s3:GetBucketACL action ResolvedAbhishek LekshmananActions
Actions
Copy link
 #1

Updated by Abhishek Lekshmanan over 6 years ago

  • Description updated (diff)
Actions
Copy link
 #3

Updated by Abhishek Lekshmanan over 6 years ago

  • Status changed from New to Fix Under Review
Actions
Copy link
 #4

Updated by Abhishek Lekshmanan over 6 years ago

  • Status changed from Fix Under Review to 17
Actions
Copy link
 #5

Updated by Yuri Weinstein over 6 years ago

Abhishek Lekshmanan wrote:

master pr: https://github.com/ceph/ceph/pull/17050

merged

Actions
Copy link
 #6

Updated by Abhishek Lekshmanan over 6 years ago

  • Status changed from 17 to Pending Backport
Actions
Copy link
 #7

Updated by Abhishek Lekshmanan over 6 years ago

  • Copied to Backport #21056: RGW: Get Bucket ACL does not honor the s3:GetBucketACL action added
Actions
Copy link
 #8

Updated by Nathan Cutler over 6 years ago

  • Backport changed from Luminous to luminous
Actions
Copy link
 #9

Updated by Abhishek Lekshmanan over 6 years ago

  • Status changed from Pending Backport to Resolved
Actions
Copy link

Also available in: Atom PDF