Bug 1372346 - RGW underscore issue redux
Summary: RGW underscore issue redux
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Ceph Storage
Classification: Red Hat
Component: RGW
Version: 2.0
Hardware: All
OS: All
medium
high
Target Milestone: rc
: 2.1
Assignee: Orit Wasserman
QA Contact: Vasishta
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-09-01 13:24 UTC by Matt Benjamin (redhat)
Modified: 2017-07-30 15:48 UTC (History)
12 users (show)

Fixed In Version: RHEL: ceph-10.2.3-10.el7cp Ubuntu: ceph_10.2.3-11redhat1
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-11-22 19:30:33 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Ceph Project Bug Tracker 16856 None None None 2016-09-16 20:27:38 UTC
Ceph Project Bug Tracker 17443 None None None 2016-10-03 18:03:10 UTC
Ceph Project Bug Tracker 17625 None None None 2016-10-19 20:00:39 UTC
Red Hat Product Errata RHSA-2016:2815 normal SHIPPED_LIVE Moderate: Red Hat Ceph Storage security, bug fix, and enhancement update 2017-03-22 02:06:33 UTC

Description Matt Benjamin (redhat) 2016-09-01 13:24:42 UTC
Description of problem:
RGW incorrectly processes ACLs for object whose name contains double underscore ('__').


Version-Release number of selected component (if applicable):
1.3.x, 2.0.


How reproducible:
100%

This bug corresponds to the following upstream issue:
http://tracker.ceph.com/issues/16856

A fix from Orit Wasserman has been submitted:
https://github.com/ceph/ceph/pull/10939

Comment 6 Vasishta 2016-10-19 14:37:36 UTC
Hi,

I'm still facing this issue when there are underscores on both end of the object name.


>>> import boto
>>> #import boto.s3.connectionaccess_key = 'GD62VDOK3D9XFHCI5REZ'
... 
KeyboardInterrupt
>>> import boto.s3.connection
>>> access_key = 'GD62VDOK3D9XFHCI5REZ'
>>> secret_key = 'MNzDrMVE12iGOiX5uzcOq52ZzhRCqh6YNTf22LKd'
>>> conn = boto.connect_s3(
... aws_access_key_id = access_key,
... aws_secret_access_key = secret_key,
... host = 'magna111.ceph.redhat.com',
... port = 8080,
...  is_secure=False,
... calling_format = boto.s3.connection.OrdinaryCallingFormat(),
... )


>>> bucket = conn.create_bucket('for_1372346')
>>> key = bucket.new_key('_temp2_')
>>> key.set_contents_from_filename('tempfile')
8388608
>>> key.set_canned_acl('private')
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python2.7/site-packages/boto/s3/key.py", line 584, in set_canned_acl
    return self.bucket.set_canned_acl(acl_str, self.name, headers)
  File "/usr/lib/python2.7/site-packages/boto/s3/bucket.py", line 908, in set_canned_acl
    response.status, response.reason, body)
boto.exception.S3ResponseError: S3ResponseError: 404 Not Found
<?xml version="1.0" encoding="UTF-8"?><Error><Code>NoSuchKey</Code><BucketName>for_1372346</BucketName><RequestId>tx00000000000000000db82-0058078450-20746-default</RequestId><HostId>20746-default-default</HostId></Error>


I'm moving this back to ASSIGNED state. Please let me know if there are any concerns or issues.


Regards,
Vasishta

Comment 7 Orit Wasserman 2016-10-19 19:58:30 UTC
Fix in master: https://github.com/ceph/ceph/pull/11566

Comment 12 Vasishta 2016-10-26 11:52:05 UTC
Hi,

Working fine.
(Pasting observation of two cases, objectname '__' and '_temp_')

>>> import boto
>>> import boto.s3.connection
>>> 
>>> access_key = 'server'
>>> secret_key = 'server'
>>> secret_key1 = 'client'
>>> access_key1 = 'client'
>>> 
>>> client_conn = boto.connect_s3(
... aws_access_key_id = access_key1, 
... aws_secret_access_key = secret_key1,
... host = 'magna111.ceph.redhat.com',
... port = 8080,
... is_secure=False,
... calling_format = boto.s3.connection.OrdinaryCallingFormat(),
... )
>>> server_conn = boto.connect_s3(
... aws_access_key_id = access_key,
... aws_secret_access_key = secret_key,
... host = 'magna111.ceph.redhat.com',
... port = 8080,
... is_secure=False,
... calling_format = boto.s3.connection.OrdinaryCallingFormat(),
... )
>>> server = server_conn.create_bucket('new_server_bucket_1')
>>> server.set_acl('public-read')
>>> client = client_conn.get_bucket('new_server_bucket_1')
>>> key1 = server.new_key('__')
>>> key1.set_contents_from_string('Hello World ! WARHW')
19
>>> key1.set_canned_acl('private')
>>> key2 = client.get_key('__')
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python2.7/site-packages/boto/s3/bucket.py", line 193, in get_key
    key, resp = self._get_key_internal(key_name, headers, query_args_l)
  File "/usr/lib/python2.7/site-packages/boto/s3/bucket.py", line 231, in _get_key_internal
    response.status, response.reason, '')
boto.exception.S3ResponseError: S3ResponseError: 403 Forbidden
>>> 
>>> 
>>> 
>>> key1 = server.new_key('_temp_')
>>> key1.set_contents_from_string('Hello World ! WARHW')
19
>>> key1.set_canned_acl('public-read')
>>> 
>>> key2 = client.get_key('_temp_')
>>>

Comment 14 errata-xmlrpc 2016-11-22 19:30:33 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2016-2815.html


Note You need to log in before you can comment on or make changes to this bug.