Bug #21597
closeds3:GetBucketWebsite/PutBucketWebsite fails with 403
0%
Description
From https://bugzilla.redhat.com/show_bug.cgi?id=1493896
Description of problem:
After setting the policy, configure_website() and get_website_configuration() fail to work.
Version-Release number of selected component (if applicable):
ceph-radosgw-12.2.0-2.el7cp.x86_64
How reproducible:
Always
Steps to Reproduce:
1. Create a bucket with tenant user testx$tester
2. Write a bucket policy providing s3:GetBucketWebsite/s3:PutBucketWebsite to another user in the same or different tenant
3. After setting the policy, try enabling/getting static website configuration on the bucket
Actual results:
S3ResponseError: 403 Forbidden
Expected results:
Website configuration should work
Additional info:
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Principal": {"AWS": ["arn:aws:iam::testy:user/u2"]},
"Action": ["s3:ListBucket", "s3:PutObject", "s3:GetBucketWebsite", "s3:PutBucketWebsite"],
"Resource": [
"arn:aws:s3::*:s3website",
"arn:aws:s3::*:s3website/*"
]
}]
}
- s3cmd -c s3test.cfg setpolicy getwebsite s3://s3website
#s3website.py
website_bucket = conn.get_bucket("testx:s3website")
index_key = website_bucket.new_key('index.html')
index_key.content_type = 'text/html'
index_key.set_contents_from_filename('index.html',policy='public-read')
website_bucket.configure_website('index.html')
website_bucket.get_website_configuration()
Updated by Adam Emerson over 6 years ago
Updated by Ken Dreyer over 6 years ago
- Status changed from In Progress to Fix Under Review
Updated by Matt Benjamin over 6 years ago
- Status changed from Fix Under Review to Pending Backport
Updated by Nathan Cutler over 6 years ago
- Copied to Backport #21633: luminous: s3:GetBucketWebsite/PutBucketWebsite fails with 403 added
Updated by Adam Emerson over 6 years ago
- Status changed from Pending Backport to Resolved