-
Notifications
You must be signed in to change notification settings - Fork 5.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
rgw: compatibility issues on BucketPublicAccessBlock #55652
Conversation
do any s3test cases need to be updated? it would be nice to add test coverage for these changed behaviors
you're sure that aws returns this specific "NoSuchPublicAccessBlockConfiguration" error for buckets that haven't set one? i didn't see that listed in https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html |
Yes, it was confusing for me as well but seems in practice it is. Also here is another reference to it: boto/boto3#3627 I'll add s3 tests for the coverage. |
Make sure NoSuchPublicAccessBlockConfiguration is returned when no public block is configured on bucket: Refs: ceph/ceph#55652 Signed-off-by: Seena Fallah <seenafallah@gmail.com>
Make sure 403 is returned when access is denied via s3:GetBucketPublicAccessBlock action on GetBucketPublicAccessBlock Refs: ceph/ceph#55652 Signed-off-by: Seena Fallah <seenafallah@gmail.com>
@cbodley Please take a look at this: ceph/s3-tests#551 |
Make sure NoSuchPublicAccessBlockConfiguration is returned when no public block is configured on bucket: Refs: ceph/ceph#55652 Signed-off-by: Seena Fallah <seenafallah@gmail.com>
Make sure 403 is returned when access is denied via s3:GetBucketPublicAccessBlock action on GetBucketPublicAccessBlock Refs: ceph/ceph#55652 Signed-off-by: Seena Fallah <seenafallah@gmail.com>
From the AWS doc (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetPublicAccessBlock.html) it needs to be PublicAccessBlockConfiguration. Fixes: https://tracker.ceph.com/issues/64492 Signed-off-by: Seena Fallah <seenafallah@gmail.com>
s3GetBucketPublicAccessBlock needs to be checked for RGWGetBucketPublicAccessBlock operation. Fixes: https://tracker.ceph.com/issues/64492 Signed-off-by: Seena Fallah <seenafallah@gmail.com>
Return 404 when there is no public access block on the bucket. Fixes: https://tracker.ceph.com/issues/64492 Signed-off-by: Seena Fallah <seenafallah@gmail.com>
According to AWS doc (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeletePublicAccessBlock.html#API_DeletePublicAccessBlock_ResponseSyntax) 204 shall be returned on delete request. Fixes: https://tracker.ceph.com/issues/64492 Signed-off-by: Seena Fallah <seenafallah@gmail.com>
26aa2c8
to
48a4549
Compare
jenkins test this please |
Make sure NoSuchPublicAccessBlockConfiguration is returned when no public block is configured on bucket: Refs: ceph/ceph#55652 Signed-off-by: Seena Fallah <seenafallah@gmail.com> (cherry picked from commit 3056e6d)
Make sure 403 is returned when access is denied via s3:GetBucketPublicAccessBlock action on GetBucketPublicAccessBlock Refs: ceph/ceph#55652 Signed-off-by: Seena Fallah <seenafallah@gmail.com> (cherry picked from commit 3af4231)
Make sure NoSuchPublicAccessBlockConfiguration is returned when no public block is configured on bucket: Refs: ceph/ceph#55652 Signed-off-by: Seena Fallah <seenafallah@gmail.com> (cherry picked from commit 3056e6d)
Make sure 403 is returned when access is denied via s3:GetBucketPublicAccessBlock action on GetBucketPublicAccessBlock Refs: ceph/ceph#55652 Signed-off-by: Seena Fallah <seenafallah@gmail.com> (cherry picked from commit 3af4231)
Fixes: https://tracker.ceph.com/issues/64492