-
Notifications
You must be signed in to change notification settings - Fork 516
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
mc return error when applying an acl policy on RadosGW #2393
Comments
@mldmld68 RadosGW does not support bucket policies yet. |
@kannappanr test123.html test123acl-ro.json EP=https://myserveurrunningRadiosGW. LUMINOUS AccessDenied mld-repo4tx0000000000000000002bd-005a85c9b8-377b-default377b-default-default
/usr/local/aws/lib/python2.7/site-packages/botocore/vendored/requests/packages/urllib3/connectionpool.py:768: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.org/en/latest/security.html test123Now, I can access the file test123, no more access deniedJEWELS AccessDenied mybuckettx00000000000000000334b-005a85ca60-2ac98e-default2ac98e-default-default/usr/local/aws/lib/python2.7/site-packages/botocore/vendored/requests/packages/urllib3/connectionpool.py:768: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.org/en/latest/security.html
InsecureRequestWarning) An error occurred (InvalidArgument) when calling the PutBucketPolicy operation: Unknown AccessDenied mybuckettx00000000000000000302c-005a85ca62-2c02a9-default2c02a9-default-default[
Now, I can't access the file test123, because the put-bucket failed |
i do not see http://docs.ceph.com/docs/master/radosgw/s3/ bucket policies being supported are you sure? @mldmld68 |
this error is returned by the server @mldmld68 i am not sure why it would say 200 OK and access denied. would it be possible for you to send a |
@harshavardhana Feature | Status | Remarks But on http://docs.ceph.com/docs/luminous/radosgw/s3/
I'm testing on luminous, not master. |
Debug output of ./mc policy --debug --insecure public $EPNICKNAME/$BUCKET mc: GET /mld-repo2/?location= HTTP/1.1 mc: HTTP/1.1 200 OK mc: TLS Certificate found: mc: GET /mld-repo2/?policy= HTTP/1.1 mc: HTTP/1.1 404 Not Found NoSuchBucketPolicy The bucket policy does not existmld-repo2tx000000000000000000060-005a8d3fd0-377d-default377d-default-defaultmc: TLS Certificate found:
mc: >> Country: FR mc: PUT /mld-repo2/?policy= HTTP/1.1 mc: Content-Length: 0 mc: TLS Certificate found: mc: Unable to set policy |
@mldmld68 Thanks for the output. If you look at the output,
Ceph is returning If you look at the sample response, you can see that the returned status is Ceph should be returning |
@mldmld68 Closing this issue as answered. Please feel to reopen if you feel otherwise. |
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Expected behaviour
No error while doing
./mc policy public service/bucket --insecure
on jewels and luminous Rados Gateway
Actual behaviour
On jewels :
mc: Unable to set policy
public
forservice/bucket
. invalid character '<' looking for beginning of value=> ACL is NOT modified
On luminous :
mc: Unable to set policy
public
forservice/bucket
. 200 OK=> ACL is modified even with this error message
#./mc --insecure policy service/bucket
Access permission for
service/bucket
ispublic
Steps to reproduce the behaviour
EP=https://myserver
BUCKET=mybucket
EPMCNICKNAME=mybucketnickname
EP=https://myserver
mc rm --recursive --force --insecure $EPMCNICKNAME/$BUCKET
mc mb $EPMCNICKNAME/$BUCKET --insecure
mc policy $EPMCNICKNAME/$BUCKET --insecure # Get bucket policy
mc cp test123.html $EPMCNICKNAME/$BUCKET --insecure
curl -k $EP/$BUCKET/test123.html
mc policy public $EPMCNICKNAME/$BUCKET --insecure # Set bucket policy
mc policy $EPMCNICKNAME/$BUCKET --insecure # Get bucket policy
curl -k $EP/$BUCKET/test123.html
Output:
./s3lab.sh
Removing
myepnickname/mybucket/test123.html
.Removing
myepnickname/mybucket
.Bucket created successfully
myepnickname/mybucket
.Access permission for
myepnickname/mybucket
isnone
test123.html: 17 B / 17 B ?¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦? 100.00% 596 B/s 0s
AccessDenied
mybuckettx0000000000000000001c9-005a85a63a-377b-default377b-default-defaultmc: Unable to set policy
public
formyepnickname/mybucket
. 200 OKAccess permission for
myepnickname/mybucket
ispublic
test123
==> File test123.html is downloaded without authentication ! OK./mc version
Version: 2018-02-09T23:07:36Z
Release-tag: RELEASE.2018-02-09T23-07-36Z
Commit-id: 3987f14
System information
Centos 7.4
The text was updated successfully, but these errors were encountered: