Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix policy version validation in PUT Bucket Policy #911

Merged
merged 2 commits into from
Jul 15, 2014
Merged

Fix policy version validation in PUT Bucket Policy #911

merged 2 commits into from
Jul 15, 2014

Conversation

kuenishi
Copy link
Contributor

@kuenishi kuenishi commented Jul 7, 2014

CS 1.4 does not validate the version of policy json when the policy
is being put, but validates when 'using' it (=anytime when you touch
anything in that bucket). This commit adds validation in WM resource
of PUT Bucket policy and related error codes.

There might be invalid policy versions in already upload buckets,
this commit also validates only version "2012-10-17" and "2008-10-17"
which are also valid in S3. Other invalid version strings continue
to be invalid. With existing buckets created at 1.3 and 1.4 with
invalid version strings, any operations on that bucket or on objects
in that bucket can't be touched and refused with 403.

Tests and workaround to fixup those buckets will follow.

@kuenishi kuenishi added the Bug label Jul 7, 2014
@kuenishi kuenishi added this to the 1.5.0 milestone Jul 7, 2014
@kuenishi
Copy link
Contributor Author

kuenishi commented Jul 7, 2014

Example in docs are already in 2012 while we still live in 2008. http://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html

@kuenishi
Fix policy version validation in PUT Bucket Policy
809727e 
CS 1.4 does not validate the version of policy json when the policy
is being put, but validates when 'using' it (=anytime when you touch
anything in that bucket). This commit adds validation in WM resource
of PUT Bucket policy and related error codes.

There might be invalid policy versions in already upload buckets,
this commit also validates only version "2012-10-17" and "2008-10-17"
which are also valid in S3. Other invalid version strings continue
to be invalid. With existing buckets created at 1.3 and 1.4 with
invalid version strings, any operations on that bucket or on objects
in that bucket can't be touched and refused with 403.

Tests and workaround to fixup those buckets will follow.
@kuenishi
Add regression check testcase to boto_test.py and small dialyzer fixes
d356c6c
borshop added a commit that referenced this pull request Jul 15, 2014
@borshop
Merge pull request #911 from basho/bugfix/bad-policy-version
6fba568 
Fix policy version validation in PUT Bucket Policy

Reviewed-by: shino
@shino
Copy link
Contributor

shino commented Jul 15, 2014

@borshop merge

@borshop borshop merged commit d356c6c into release/1.5 Jul 15, 2014
@shino shino deleted the bugfix/bad-policy-version branch July 15, 2014 06:27
@shino shino mentioned this pull request Sep 25, 2014
Closed
@shino
Copy link
Contributor

shino commented Sep 25, 2014

Oops, the above mention from the issue 977 was wrong. Please ignore it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@shino shino

Labels
Bug Kanban-Backlog ready-to-pull
Projects
None yet
Milestone
1.5.0
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@kuenishi @shino @borshop