Bug #36293
closedInvalidBucketName expected in more cases: uppercase, adjacent chars, underscores
0%
Description
Reported for v12.2.8 Luminous here:
http://lists.ceph.com/pipermail/ceph-users-ceph.com/2018-October/030207.html
With rgw_relaxed_s3_bucket_names=false, the following bucket names are presently permitted by RGW and should be disallowed.
bucketname-UPPERCASE bucketname-.adjacent-period-dot bucketname.-adjacent-dot-period bucketname_underscore
Note that AWS S3 has moved to stricter enforcement of bucket names for all regions as of 2018/03/01.
us-east-1 now disallows creation of a bucket unless it matches the strict naming requirements.
us-west-1 still allows access to an existing bucket that only matched the relaxed requirements.
Updated by Tomohiro Misono over 5 years ago
Hello, I am new to ceph and want to start some contribution.
Can I take this issue as it seems simple and good start point to understand dev process?
Updated by Yehuda Sadeh over 5 years ago
@Tomohiro Misono sure, you're welcome to take it. I do think that we need to overhaul a bit the way we control the bucket names constraints. We should have a way to globally configure it. I think that having a configurable in the Period config that would specify the type of constraints makes more sense. The ceph.conf configurable should still exist for backward compatibility but would be used to override it. Potentially we could have the ability to override it per zonegroup. We should also still be backward compatible, so imo by default we shouldn't be stricter than we were before.
Updated by Tomohiro Misono over 5 years ago
Thanks for the comment. so, it more than just updating valid_s3_bucket_name().
What you mean is:
1. add entry for bucket name rule in RGWPeriodConfig
2. initialize the entry using the value of ceph.conf (i.e. rgw_relaxed_s3_bucket_names)
3. add command to radosgw-admin to set/get bucket name rule (3 type: current relaxed, current default, strict)
4. update valid_s3_bucket_name(). We need to consider op in order to allow to get illegal bucket name in strict mode.
Am I understanding correct?
Updated by Yehuda Sadeh over 5 years ago
After discussing it a bit more with Casey:
Leave current rgw_relaxed_s3_bucket_names configurable as is. If it is true then it's relaxed.
RGWPeriodConfig should have a a new bucket name rule as suggested. Default value for it would be current default. If rgw_relaxed_s3_bucket_name=false, then follow whatever RGWPeriodConfig configurable has.
Updated by Robin Johnson over 5 years ago
We need 3 variations on validations:
1. validation per Swift rules
2. validation per S3-relaxed (old us-east-1 rules)
3. validation per S3-strict
I previously proposed similar functionality to AWS, that would permit access to buckets that already exist at a given validation level, but require creation of new buckets to be stricter.
Updated by Tomohiro Misono over 5 years ago
sorry, but I'm becoming busy for other things and don't have much time to look how period config should be changed.
Please someone interested takes this issue. Thanks.
Updated by Soumya Koduri about 5 years ago
- Assignee set to Soumya Koduri
Hi,
I am new to ceph project and taken up this bug to start with. I have submitted https://github.com/ceph/ceph/pull/26787 addressing the issue originally posted in the description. Kindly review the changes.
Updated by Casey Bodley about 5 years ago
- Status changed from New to Fix Under Review
Updated by Casey Bodley almost 5 years ago
- Backport changed from luminous, mimic to luminous, mimic, nautilus
Updated by Casey Bodley almost 5 years ago
- Status changed from Fix Under Review to 7
Updated by Casey Bodley over 4 years ago
- Status changed from 7 to Resolved
- Backport deleted (
luminous, mimic, nautilus)
this is an intrusive policy change and, given the number of issues it uncovered in our test infrastructure, feels too risky to backport without further discussion
Updated by Nathan Cutler almost 4 years ago
- Status changed from Resolved to Pending Backport
- Backport set to nautilus
Updated by Nathan Cutler almost 4 years ago
- Copied to Backport #46392: nautilus: InvalidBucketName expected in more cases: uppercase, adjacent chars, underscores added
Updated by Nathan Cutler almost 4 years ago
- Status changed from Pending Backport to Resolved