Project

General

Profile

Actions
Copy link

Bug #42786

open

User use doscli can not get、info or put objects in other buckets within ":" in those objects even the user have the permission.

Added by he huang over 4 years ago. Updated over 2 years ago.

Status:
Triaged
Priority:
Normal
Assignee:
Pritha Srivastava
Target version:
Ceph - v15.0.0
% Done:

0%

Source:
Community (dev)
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
rgw
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

Problem recurrence steps
[Test Details]
1. Create two users A and B
2. Set bucket policy of user A and grant full access to user B.
3. Upload an object with a ":" in the name to the bucket of user A, such as "AAA: BBB", and then use user B try to info and get the object.
4. Use user B to try to put a new object with ":" in the name into the bucket of user A.
[Expected Results]
1. Steps 3 and 4 are successful
[Actual Results]
1. Steps 3 and 4: error reported and rejected

The cause of the problem: S3 resource description statement is "arn: aws: S3::: bucket / object". When matching the bucket policy, we will first match the S3 resource description statement with regular expression "arn: ([^:] ): ([^:] *): ([^:] *): ([^:] *): (. *)" . Finally, when comparing the "bucket / object" with the actual value, we will match the style with ":", such as the style "" and the actual value "bucket01 / aa: aa / " If they are divided into "", "bucket01 / aa" and "aa", they will not match.

Actions
Copy link
 #1

Updated by Casey Bodley over 4 years ago

  • Status changed from New to Triaged
  • Assignee set to Adam Emerson

@Adam DC949, does this look like a parsing bug?

Actions
Copy link
 #2

Updated by Adam Emerson over 2 years ago

  • Assignee changed from Adam Emerson to Pritha Srivastava
Actions
Copy link

Also available in: Atom PDF