Actions
Bug #21013
closedRGW: Get Bucket ACL does not honor the s3:GetBucketACL action
% Done:
0%
Source:
Tags:
Backport:
luminous
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
We seem to use GetObjectACL for both object and bucket acl and not support GetBucketACL
import boto3 import json from botocore.client import Config if __name__ == "__main__": s3 = boto3.client('s3','us-east-1', endpoint_url='http://localhost:8000', aws_access_key_id = 'access1', aws_secret_access_key = 'secret1', # config = Config(signature_version='s3') ) s3_2 = boto3.client('s3','us-east-1', endpoint_url='http://localhost:8000', aws_access_key_id = 'access2', aws_secret_access_key = 'secret2', # config = Config(signature_version='s3') ) bucket_name = 'policytest' b = s3.create_bucket(Bucket = bucket_name) bucket_policy = { 'Version': '2012-10-17', 'Statement': [{ 'Sid': 'AddPerm', 'Effect': 'Allow', 'Principal': '*', 'Action': ['s3:GetBucketAcl'], 'Resource': "arn:aws:s3:::%s" % bucket_name, }] } bucket_policy = json.dumps(bucket_policy) s3.put_bucket_policy(Bucket=bucket_name, Policy=bucket_policy) orig_bucket_acl = s3.get_bucket_acl(Bucket=bucket_name) print ("original acl") print (json.dumps(orig_bucket_acl, indent=2)) bucket_acl = s3_2.get_bucket_acl(Bucket=bucket_name) print (json.dumps(bucket_acl, indent=2))
This would error out currently and pass if we change the conditional to `s3:GetObjectACL` instead
Actions