InvalidBucketName expected in more cases: uppercase, adjacent chars, underscores
Reported for v12.2.8 Luminous here:
With rgw_relaxed_s3_bucket_names=false, the following bucket names are presently permitted by RGW and should be disallowed.
bucketname-UPPERCASE bucketname-.adjacent-period-dot bucketname.-adjacent-dot-period bucketname_underscore
Note that AWS S3 has moved to stricter enforcement of bucket names for all regions as of 2018/03/01.
us-east-1 now disallows creation of a bucket unless it matches the strict naming requirements.
us-west-1 still allows access to an existing bucket that only matched the relaxed requirements.
#2 Updated by Yehuda Sadeh almost 3 years ago
@tmsn sure, you're welcome to take it. I do think that we need to overhaul a bit the way we control the bucket names constraints. We should have a way to globally configure it. I think that having a configurable in the Period config that would specify the type of constraints makes more sense. The ceph.conf configurable should still exist for backward compatibility but would be used to override it. Potentially we could have the ability to override it per zonegroup. We should also still be backward compatible, so imo by default we shouldn't be stricter than we were before.
#3 Updated by Tomohiro Misono almost 3 years ago
Thanks for the comment. so, it more than just updating valid_s3_bucket_name().
What you mean is:
1. add entry for bucket name rule in RGWPeriodConfig
2. initialize the entry using the value of ceph.conf (i.e. rgw_relaxed_s3_bucket_names)
3. add command to radosgw-admin to set/get bucket name rule (3 type: current relaxed, current default, strict)
4. update valid_s3_bucket_name(). We need to consider op in order to allow to get illegal bucket name in strict mode.
Am I understanding correct?
#4 Updated by Yehuda Sadeh almost 3 years ago
After discussing it a bit more with Casey:
Leave current rgw_relaxed_s3_bucket_names configurable as is. If it is true then it's relaxed.
RGWPeriodConfig should have a a new bucket name rule as suggested. Default value for it would be current default. If rgw_relaxed_s3_bucket_name=false, then follow whatever RGWPeriodConfig configurable has.
#5 Updated by Robin Johnson almost 3 years ago
We need 3 variations on validations:
1. validation per Swift rules
2. validation per S3-relaxed (old us-east-1 rules)
3. validation per S3-strict
I previously proposed similar functionality to AWS, that would permit access to buckets that already exist at a given validation level, but require creation of new buckets to be stricter.