Bug 1889683

Summary: [GSS] Noobaa Problem when setting public access to a bucket
Product: [Red Hat Storage] Red Hat OpenShift Container Storage Reporter: Ruud Zwakenberg <rzwakenb>
Component: Multi-Cloud Object GatewayAssignee: Nimrod Becker <nbecker>
Status: CLOSED ERRATA QA Contact: Ben Eli <belimele>
Severity: high Docs Contact:
Priority: unspecified    
Version: 4.5CC: assingh, edonnell, etamir, lars, muagarwa, nbecker, nberry, ocs-bugs, tdesala
Target Milestone: ---Keywords: AutomationBackLog
Target Release: OCS 4.6.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: v4.6.0-141.ci Doc Type: Bug Fix
Doc Text:
.No issues when setting public access policy to a bucket Previously, there was a translation issue when setting the public access policy to a bucket and the desired policy would not be set correctly. This translation issue has been fixed, and the desired policy is set correctly so public access can be set.
 Story Points: ---
Clone Of:
: 1893163 (view as bug list) Environment:
Last Closed: 2020-12-17 06:24:47 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1882359, 1893163    

Description Ruud Zwakenberg 2020-10-20 11:17:54 UTC 
Description of problem (please be detailed as possible and provide log
snippests):
Public access noobaa bucket not allowed.

Version of all relevant components (if applicable):


Does this issue impact your ability to continue to work with the product
(please explain in detail what is the user impact)?
Cannot use Noobaa on public cloud


Is there any workaround available to the best of your knowledge?
Fix is already available


Rate from 1 - 5 the complexity of the scenario you performed that caused this
bug (1 - very simple, 5 - very complex)?
2

Can this issue reproducible?
Yes

Can this issue reproduce from the UI?
From a CLI

If this is a regression, please provide more details to justify this:


Steps to Reproduce:

Actual results:

(base) jeniawhite@MacBook-Pro noobaa-operator % aws s3api --endpoint-url https://192.168.64.44:30261 get-bucket-website --bucket first.bucket --no-verify-ssl
/usr/local/Cellar/awscli/2.0.28_1/libexec/lib/python3.8/site-packages/urllib3/connectionpool.py:979: InsecureRequestWarning: Unverified HTTPS request is being made to host '192.168.64.44'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  warnings.warn(
{
    "IndexDocument": {
        "Suffix": "index.html"
    },
    "ErrorDocument": {
        "Key": "error.html"
    }
}

Expected results:

(base) jeniawhite@MacBook-Pro noobaa-operator % aws s3api --endpoint-url https://192.168.64.44:30261 get-bucket-policy --bucket first.bucket --no-verify-ssl 
/usr/local/Cellar/awscli/2.0.28_1/libexec/lib/python3.8/site-packages/urllib3/connectionpool.py:979: InsecureRequestWarning: Unverified HTTPS request is being made to host '192.168.64.44'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  warnings.warn(
{
    "Policy": "{\"version\":\"2012-10-17\",\"statement\":[{\"sid\":\"publicreadforgetbucketobjects\",\"effect\":\"allow\",\"principal\":[\"*\"],\"action\":[\"s3:getobject\"],\"resource\":[\"arn:aws:s3:::first.bucket/*\"]}]}"
}


Additional info:
Comment 7 Ben Eli 2020-10-26 09:25:22 UTC 
I uploaded the index.html and error.html files to first.bucket, placed a bucket policy and website, entered the bucket site, and it showed the index page I created.

Verified 
OCS v4.6.0-141.ci
OCP 4.6.0-0.nightly-2020-10-22-034051
Comment 8 Nimrod Becker 2020-10-26 16:13:15 UTC 
*** Bug 1891117 has been marked as a duplicate of this bug. ***
Comment 9 Mudit Agarwal 2020-10-28 14:56:05 UTC 
Nimrpd, please add doc_text
Comment 10 Nimrod Becker 2020-10-28 16:11:58 UTC 
done
Comment 13 errata-xmlrpc 2020-12-17 06:24:47 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: Red Hat OpenShift Container Storage 4.6.0 security, bug fix, enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:5605