Bug 1889683 - [GSS] Noobaa Problem when setting public access to a bucket
Summary: [GSS] Noobaa Problem when setting public access to a bucket
Keywords:
Status: VERIFIED
Alias: None
Product: Red Hat OpenShift Container Storage
Classification: Red Hat
Component: Multi-Cloud Object Gateway
Version: 4.5
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: OCS 4.6.0
Assignee: Nimrod Becker
QA Contact: Ben Eli
URL:
Whiteboard:
: 1891117 (view as bug list)
Depends On:
Blocks: 1893163
TreeView+ depends on / blocked
 
Reported: 2020-10-20 11:17 UTC by Ruud Zwakenberg
Modified: 2020-11-18 19:30 UTC (History)
7 users (show)

Fixed In Version: v4.6.0-141.ci
Doc Type: Bug Fix
Doc Text:
Cause: Wrong translation when setting the public access policy Consequence: The desired policy was not set correctly Fix: Fix the translation Result: Desired policy is set correctly and public access can be set
Clone Of:
: 1893163 (view as bug list)
Environment:
Last Closed:
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Github noobaa noobaa-core issues 6134 None closed Question: Is there any way to create public access noobaa bucket? 2020-11-23 15:02:57 UTC
Github noobaa noobaa-core pull 6221 None closed S3 Website and Policy fixes 2020-11-23 15:02:59 UTC
Github noobaa noobaa-core pull 6226 None closed Backport to 5.6: S3 Website and Policy fixes 2020-11-23 15:02:59 UTC

Description Ruud Zwakenberg 2020-10-20 11:17:54 UTC
Description of problem (please be detailed as possible and provide log
snippests):
Public access noobaa bucket not allowed.

Version of all relevant components (if applicable):


Does this issue impact your ability to continue to work with the product
(please explain in detail what is the user impact)?
Cannot use Noobaa on public cloud


Is there any workaround available to the best of your knowledge?
Fix is already available


Rate from 1 - 5 the complexity of the scenario you performed that caused this
bug (1 - very simple, 5 - very complex)?
2

Can this issue reproducible?
Yes

Can this issue reproduce from the UI?
From a CLI

If this is a regression, please provide more details to justify this:


Steps to Reproduce:

Actual results:

(base) jeniawhite@MacBook-Pro noobaa-operator % aws s3api --endpoint-url https://192.168.64.44:30261 get-bucket-website --bucket first.bucket --no-verify-ssl
/usr/local/Cellar/awscli/2.0.28_1/libexec/lib/python3.8/site-packages/urllib3/connectionpool.py:979: InsecureRequestWarning: Unverified HTTPS request is being made to host '192.168.64.44'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  warnings.warn(
{
    "IndexDocument": {
        "Suffix": "index.html"
    },
    "ErrorDocument": {
        "Key": "error.html"
    }
}

Expected results:

(base) jeniawhite@MacBook-Pro noobaa-operator % aws s3api --endpoint-url https://192.168.64.44:30261 get-bucket-policy --bucket first.bucket --no-verify-ssl 
/usr/local/Cellar/awscli/2.0.28_1/libexec/lib/python3.8/site-packages/urllib3/connectionpool.py:979: InsecureRequestWarning: Unverified HTTPS request is being made to host '192.168.64.44'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  warnings.warn(
{
    "Policy": "{\"version\":\"2012-10-17\",\"statement\":[{\"sid\":\"publicreadforgetbucketobjects\",\"effect\":\"allow\",\"principal\":[\"*\"],\"action\":[\"s3:getobject\"],\"resource\":[\"arn:aws:s3:::first.bucket/*\"]}]}"
}


Additional info:

Comment 7 Ben Eli 2020-10-26 09:25:22 UTC
I uploaded the index.html and error.html files to first.bucket, placed a bucket policy and website, entered the bucket site, and it showed the index page I created.

Verified 
OCS v4.6.0-141.ci
OCP 4.6.0-0.nightly-2020-10-22-034051

Comment 8 Nimrod Becker 2020-10-26 16:13:15 UTC
*** Bug 1891117 has been marked as a duplicate of this bug. ***

Comment 9 Mudit Agarwal 2020-10-28 14:56:05 UTC
Nimrpd, please add doc_text

Comment 10 Nimrod Becker 2020-10-28 16:11:58 UTC
done


Note You need to log in before you can comment on or make changes to this bug.