Bug 1889683 - [GSS] Noobaa Problem when setting public access to a bucket
Summary: [GSS] Noobaa Problem when setting public access to a bucket
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenShift Container Storage
Classification: Red Hat
Component: Multi-Cloud Object Gateway
Version: 4.5
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: OCS 4.6.0
Assignee: Nimrod Becker
QA Contact: Ben Eli
URL:
Whiteboard:
: 1891117 (view as bug list)
Depends On:
Blocks: 1882359 1893163
TreeView+ depends on / blocked
 
Reported: 2020-10-20 11:17 UTC by Ruud Zwakenberg
Modified: 2021-08-17 17:43 UTC (History)
9 users (show)

Fixed In Version: v4.6.0-141.ci
Doc Type: Bug Fix
Doc Text:
.No issues when setting public access policy to a bucket Previously, there was a translation issue when setting the public access policy to a bucket and the desired policy would not be set correctly. This translation issue has been fixed, and the desired policy is set correctly so public access can be set.
Clone Of:
: 1893163 (view as bug list)
Environment:
Last Closed: 2020-12-17 06:24:47 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github noobaa noobaa-core issues 6134 0 None closed Question: Is there any way to create public access noobaa bucket? 2021-02-10 12:38:29 UTC
Github noobaa noobaa-core pull 6221 0 None closed S3 Website and Policy fixes 2021-02-10 12:38:30 UTC
Github noobaa noobaa-core pull 6226 0 None closed Backport to 5.6: S3 Website and Policy fixes 2021-02-10 12:38:30 UTC
Red Hat Product Errata RHSA-2020:5605 0 None None None 2020-12-17 06:25:07 UTC

Description Ruud Zwakenberg 2020-10-20 11:17:54 UTC
Description of problem (please be detailed as possible and provide log
snippests):
Public access noobaa bucket not allowed.

Version of all relevant components (if applicable):


Does this issue impact your ability to continue to work with the product
(please explain in detail what is the user impact)?
Cannot use Noobaa on public cloud


Is there any workaround available to the best of your knowledge?
Fix is already available


Rate from 1 - 5 the complexity of the scenario you performed that caused this
bug (1 - very simple, 5 - very complex)?
2

Can this issue reproducible?
Yes

Can this issue reproduce from the UI?
From a CLI

If this is a regression, please provide more details to justify this:


Steps to Reproduce:

Actual results:

(base) jeniawhite@MacBook-Pro noobaa-operator % aws s3api --endpoint-url https://192.168.64.44:30261 get-bucket-website --bucket first.bucket --no-verify-ssl
/usr/local/Cellar/awscli/2.0.28_1/libexec/lib/python3.8/site-packages/urllib3/connectionpool.py:979: InsecureRequestWarning: Unverified HTTPS request is being made to host '192.168.64.44'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  warnings.warn(
{
    "IndexDocument": {
        "Suffix": "index.html"
    },
    "ErrorDocument": {
        "Key": "error.html"
    }
}

Expected results:

(base) jeniawhite@MacBook-Pro noobaa-operator % aws s3api --endpoint-url https://192.168.64.44:30261 get-bucket-policy --bucket first.bucket --no-verify-ssl 
/usr/local/Cellar/awscli/2.0.28_1/libexec/lib/python3.8/site-packages/urllib3/connectionpool.py:979: InsecureRequestWarning: Unverified HTTPS request is being made to host '192.168.64.44'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  warnings.warn(
{
    "Policy": "{\"version\":\"2012-10-17\",\"statement\":[{\"sid\":\"publicreadforgetbucketobjects\",\"effect\":\"allow\",\"principal\":[\"*\"],\"action\":[\"s3:getobject\"],\"resource\":[\"arn:aws:s3:::first.bucket/*\"]}]}"
}


Additional info:

Comment 7 Ben Eli 2020-10-26 09:25:22 UTC
I uploaded the index.html and error.html files to first.bucket, placed a bucket policy and website, entered the bucket site, and it showed the index page I created.

Verified 
OCS v4.6.0-141.ci
OCP 4.6.0-0.nightly-2020-10-22-034051

Comment 8 Nimrod Becker 2020-10-26 16:13:15 UTC
*** Bug 1891117 has been marked as a duplicate of this bug. ***

Comment 9 Mudit Agarwal 2020-10-28 14:56:05 UTC
Nimrpd, please add doc_text

Comment 10 Nimrod Becker 2020-10-28 16:11:58 UTC
done

Comment 13 errata-xmlrpc 2020-12-17 06:24:47 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: Red Hat OpenShift Container Storage 4.6.0 security, bug fix, enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:5605


Note You need to log in before you can comment on or make changes to this bug.