New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

rgw: fix RGWPutBucketPolicy error when set BucketPolicy again without delete pre set Policy #15617

Merged
merged 1 commit into from Jun 15, 2017

Conversation

Projects
None yet
4 participants
@joke-lee
Contributor

joke-lee commented Jun 12, 2017

hi,when i create a bucket and set policy to the bucket,use

 s3cmd setpolicy 2-referpolicy  s3://test1

it set policy success. but when i rerun

 s3cmd setpolicy 2-referpolicy  s3://test1

and
then

s3cmd ls  s3://test1

and it return 403 access deny,

and i found it is rapidjson::KParseErrorDocumentRootNotSigngular error,

and i found the policy turn to be

"{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [{\n    \"Effect\": \"Allow\",\n    \"Principal\": \"*\",\n    \"Action\": \"s3:GetObject\",\n    \"Resource\": [\n      \"arn:aws:s3:::test3/*\"\n    ],\n    \"Condition\": {\n        \"StringLike\": {\n          \"aws:Referer\": \"http://www.baidu.com\"\n        }\n      }\n  }]\n}\n{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":\"*\",\"Action\":\"s3:GetObject\",\"Resource\":[\"arn:aws:s3:::test3/*\"],\"Condition\":{\"StringLike\":{\"aws:Referer\":\"http://www.baidu.com\"}}}]}\n"

yes, it append to the pre set policy, rather to take place of it.
so, we need to clear() before append

Signed-off-by: yuliyang yuliyang@cmss.chinamobile.com

@joke-lee

This comment has been minimized.

Contributor

joke-lee commented Jun 12, 2017

@smithfarm smithfarm added the rgw label Jun 12, 2017

@smithfarm

This comment has been minimized.

Contributor

smithfarm commented Jun 12, 2017

@joke-lee Can you add Fixes: http://tracker.ceph.com/issues/20252 to the commit message? Right above the Signed-off-by: line.

rgw: fix RGWPutBucketPolicy error when set BucketPolicy again without…
… delete pre set Policy

Fixes: http://tracker.ceph.com/issues/20252

Signed-off-by: yuliyang <yuliyang@cmss.chinamobile.com>
@tchaikov

This comment has been minimized.

Contributor

tchaikov commented Jun 12, 2017

retest this please.

@joke-lee

This comment has been minimized.

Contributor

joke-lee commented Jun 15, 2017

hi, @cbodley would you mind merge this pr ?

@cbodley

This comment has been minimized.

Contributor

cbodley commented Jun 15, 2017

sure @joke-lee - there are some broken s3tests on master, so i haven't been able to get a clean teuthology run. but this one's obviously correct. thanks 👍

@cbodley cbodley merged commit 4b33603 into ceph:master Jun 15, 2017

3 checks passed

Signed-off-by all commits in this PR are signed
Details
Unmodified Submodules submodules for project are unmodified
Details
make check make check succeeded
Details

@joke-lee joke-lee deleted the joke-lee:fix_put_bucket_policy_when_set_again branch Jun 15, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment