Bucket validation cannot handle project:bucketname syntax for openstack type of s3 #3092

danielFlemstrom · 2023-12-21T07:00:36Z

Describe the bug

When using openstack s3 and accessing buckets of one project by another project, buckets are specified as
:. The current validation in botocore.handlers.VALID_BUCKET does not allow this pattern.

Expected Behavior

response = s3_client.list_objects(Bucket=bucket_name)
where bucket name is e.g. "125f138b33redacted0e638bc:mybucket" should list the objects
(mybucket is the bucket name you would use if running ceph, but swift uses the project id as the highest leve as I understand it)

Current Behavior

Error accessing bucket: Parameter validation failed:
Invalid bucket name "d49b125f138b4dd9b225925950e638bc\eodata": Bucket name must match the regex "^[a-zA-Z0-9.-_]{1,255}$" or be an ARN matching the regex "^arn:(aws).:(s3|s3-object-lambda):[a-z-0-9]:[0-9]{12}:accesspoint[/:][a-zA-Z0-9-.]{1,63}$|^arn:(aws).*:s3-outposts:[a-z-0-9]+:[0-9]{12}:outpost[/:][a-zA-Z0-9-]{1,63}[/:]accesspoint[/:][a-zA-Z0-9-]{1,63}$"

Reproduction Steps

Create two projects in openstack
create a bucket in project 1
allow access to that bucket from project 2
try to access bucket with credentials of project 2 as shown

Possible Solution

Adding the colon (":") sign to row 89:ish in botocore/handlers.py would fix this
Below snippet shows how:

botocore.handlers.VALID_BUCKET = re.compile(r'^[a-zA-Z0-9.\-_:]{1,255}$')

Additional Information/Context

We checked the latest code in the repo and the pattern still lacks the colon sign.

SDK version used

latest

Environment details (OS name and version, etc.)

mac, linux, kubernets, same for all

The text was updated successfully, but these errors were encountered:

RyanFitzSimmonsAK · 2024-01-04T21:23:13Z

Hi @danielFlemstrom, thanks for reaching out. The AWS SDKs are intended to work with AWS Services directly. AWS S3 does not allow slashes or colons in the names of buckets, and the parameter validation has to reflect that. If you can reproduce this issue with AWS S3, please feel free to reopen this issue.

github-actions · 2024-01-04T21:51:32Z

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

danielFlemstrom added bug This issue is a confirmed bug. needs-triage This issue or PR still needs to be triaged. labels Dec 21, 2023

danielFlemstrom changed the title ~~(short issue description)~~ Bucket validation cannot handle project:bucketname syntax for openstack type of s3 Dec 21, 2023

RyanFitzSimmonsAK self-assigned this Jan 2, 2024

RyanFitzSimmonsAK added investigating This issue is being investigated and/or work is in progress to resolve the issue. s3 p3 This is a minor priority issue and removed needs-triage This issue or PR still needs to be triaged. labels Jan 2, 2024

RyanFitzSimmonsAK closed this as not planned Won't fix, can't repro, duplicate, stale Jan 4, 2024

RyanFitzSimmonsAK removed the investigating This issue is being investigated and/or work is in progress to resolve the issue. label Jan 4, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bucket validation cannot handle project:bucketname syntax for openstack type of s3 #3092

Bucket validation cannot handle project:bucketname syntax for openstack type of s3 #3092

danielFlemstrom commented Dec 21, 2023

RyanFitzSimmonsAK commented Jan 4, 2024

github-actions bot commented Jan 4, 2024