Project

General

Profile

Bug #36293

InvalidBucketName expected in more cases: uppercase, adjacent chars, underscores

Added by Robin Johnson almost 3 years ago. Updated about 1 year ago.

Status:
Resolved
Priority:
Normal
Assignee:
Target version:
-
% Done:

0%

Source:
Community (user)
Tags:
rgw, s3
Backport:
nautilus
Regression:
Yes
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

Reported for v12.2.8 Luminous here:
http://lists.ceph.com/pipermail/ceph-users-ceph.com/2018-October/030207.html

With rgw_relaxed_s3_bucket_names=false, the following bucket names are presently permitted by RGW and should be disallowed.

bucketname-UPPERCASE
bucketname-.adjacent-period-dot
bucketname.-adjacent-dot-period
bucketname_underscore

Note that AWS S3 has moved to stricter enforcement of bucket names for all regions as of 2018/03/01.
us-east-1 now disallows creation of a bucket unless it matches the strict naming requirements.
us-west-1 still allows access to an existing bucket that only matched the relaxed requirements.


Related issues

Copied to rgw - Backport #46392: nautilus: InvalidBucketName expected in more cases: uppercase, adjacent chars, underscores Rejected

History

#1 Updated by Tomohiro Misono almost 3 years ago

Hello, I am new to ceph and want to start some contribution.
Can I take this issue as it seems simple and good start point to understand dev process?

#2 Updated by Yehuda Sadeh almost 3 years ago

@tmsn sure, you're welcome to take it. I do think that we need to overhaul a bit the way we control the bucket names constraints. We should have a way to globally configure it. I think that having a configurable in the Period config that would specify the type of constraints makes more sense. The ceph.conf configurable should still exist for backward compatibility but would be used to override it. Potentially we could have the ability to override it per zonegroup. We should also still be backward compatible, so imo by default we shouldn't be stricter than we were before.

#3 Updated by Tomohiro Misono almost 3 years ago

Thanks for the comment. so, it more than just updating valid_s3_bucket_name().

What you mean is:
1. add entry for bucket name rule in RGWPeriodConfig
2. initialize the entry using the value of ceph.conf (i.e. rgw_relaxed_s3_bucket_names)
3. add command to radosgw-admin to set/get bucket name rule (3 type: current relaxed, current default, strict)
4. update valid_s3_bucket_name(). We need to consider op in order to allow to get illegal bucket name in strict mode.
Am I understanding correct?

#4 Updated by Yehuda Sadeh almost 3 years ago

After discussing it a bit more with Casey:

Leave current rgw_relaxed_s3_bucket_names configurable as is. If it is true then it's relaxed.
RGWPeriodConfig should have a a new bucket name rule as suggested. Default value for it would be current default. If rgw_relaxed_s3_bucket_name=false, then follow whatever RGWPeriodConfig configurable has.

#5 Updated by Robin Johnson almost 3 years ago

We need 3 variations on validations:
1. validation per Swift rules
2. validation per S3-relaxed (old us-east-1 rules)
3. validation per S3-strict

I previously proposed similar functionality to AWS, that would permit access to buckets that already exist at a given validation level, but require creation of new buckets to be stricter.

#6 Updated by Tomohiro Misono almost 3 years ago

sorry, but I'm becoming busy for other things and don't have much time to look how period config should be changed.
Please someone interested takes this issue. Thanks.

#7 Updated by Casey Bodley over 2 years ago

  • Priority changed from High to Normal

#8 Updated by Soumya Koduri over 2 years ago

  • Assignee set to Soumya Koduri

Hi,

I am new to ceph project and taken up this bug to start with. I have submitted https://github.com/ceph/ceph/pull/26787 addressing the issue originally posted in the description. Kindly review the changes.

#9 Updated by Casey Bodley over 2 years ago

  • Status changed from New to Fix Under Review

#10 Updated by Nathan Cutler over 2 years ago

  • Pull request ID set to 26787

#11 Updated by Casey Bodley over 2 years ago

  • Backport changed from luminous, mimic to luminous, mimic, nautilus

#12 Updated by Casey Bodley over 2 years ago

  • Status changed from Fix Under Review to 7

#13 Updated by Casey Bodley about 2 years ago

  • Status changed from 7 to Resolved
  • Backport deleted (luminous, mimic, nautilus)

this is an intrusive policy change and, given the number of issues it uncovered in our test infrastructure, feels too risky to backport without further discussion

#14 Updated by Nathan Cutler about 1 year ago

  • Status changed from Resolved to Pending Backport
  • Backport set to nautilus

#15 Updated by Nathan Cutler about 1 year ago

  • Copied to Backport #46392: nautilus: InvalidBucketName expected in more cases: uppercase, adjacent chars, underscores added

#16 Updated by Nathan Cutler about 1 year ago

  • Status changed from Pending Backport to Resolved

Also available in: Atom PDF