On Thu, Sep 7, 2017 at 9:15 AM, Matthew S <email address hidden>
wrote:
> I have written a patch for the Pyrax backend to fix this bug, which uses
> get_container() initially, and only uses create_container() if necessary.
> It handles both completely unprivileged users, and read-only privileged
> users.
> I can provide a diff in a separate comment if necessary?
>
> --
> You received this bug notification because you are subscribed to
> Duplicity.
> https://bugs.launchpad.net/bugs/1715650
>
> Title:
> Cloudfiles backend does not handle container ACLs
>
> Status in Duplicity:
> New
>
> Bug description:
> duplicity --version - duplicity 0.7.14
> python2 - Python 2.7.6
> Ubuntu 14.04.5
> Using a Rackspace Cloudfiles container (with ACLs enabled)
> Accessed via the Pyrax backend (also tested with Cloudfiles)
>
> With Duplicity, both the old Cloudfiles and newer Pyrax backend (both
> connect to Rackspace Cloudfiles-the-service) do not work with
> container ACLs(1). The backends try to create a container, which with
> a normal privileged user either creates a container, or returns an
> existing container of the same name. However, to take advantage of
> Rackspace container ACLs means using an unprivileged user, which only
> has read/write access to a single container, and no other privileges.
> Consequently a Duplicity backup results in a 403 Forbidden permissions
> error, even when the user being used is able to read/write just fine.
>
> 1) https://developer.rackspace.com/docs/cloud-files/v1/use-cases
> /additional-container-services-information/#container-access-control-
> lists
>
> Traceback of Pyrax error:
>
> Traceback (most recent call last):
> File "/usr/bin/duplicity", line 1532, in <module>
> with_tempdir(main)
> File "/usr/bin/duplicity", line 1526, in with_tempdir
> fn()
> File "/usr/bin/duplicity", line 1364, in main
> action = commandline.ProcessCommandLine(sys.argv[1:])
> File "/usr/lib/python2.7/dist-packages/duplicity/commandline.py",
> line 1116, in ProcessCommandLine
> backup, local_pathname = set_backend(args[0], args[1])
> File "/usr/lib/python2.7/dist-packages/duplicity/commandline.py",
> line 1005, in set_backend
> globals.backend = backend.get_backend(bend)
> File "/usr/lib/python2.7/dist-packages/duplicity/backend.py", line
> 223, in get_backend
> obj = get_backend_object(url_string)
> File "/usr/lib/python2.7/dist-packages/duplicity/backend.py", line
> 209, in get_backend_object
> return factory(pu)
> File "/usr/lib/python2.7/dist-packages/duplicity/backends/_cf_pyrax.py",
> line 72, in __init__
> self.container = pyrax.cloudfiles.create_container(container)
> File "/usr/local/lib/python2.7/dist-packages/pyrax/client.py", line
> 103, in create
> return self._manager.create(*args, **kwargs)
> File "/usr/local/lib/python2.7/dist-packages/pyrax/object_storage.py",
> line 833, in create
> resp, resp_body = self.api.method_put(uri, headers=headers)
> File "/usr/local/lib/python2.7/dist-packages/pyrax/client.py", line
> 260, in method_put
> return self._api_request(uri, "PUT", **kwargs)
> File "/usr/local/lib/python2.7/dist-packages/pyrax/client.py", line
> 231, in _api_request
> resp, body = self._time_request(safe_uri, method, **kwargs)
> File "/usr/local/lib/python2.7/dist-packages/pyrax/client.py", line
> 193, in _time_request
> resp, body = self.request(uri, method, **kwargs)
> File "/usr/local/lib/python2.7/dist-packages/pyrax/client.py", line
> 184, in request
> resp, body = pyrax.http.request(method, uri, *args, **kwargs)
> File "/usr/local/lib/python2.7/dist-packages/pyrax/http.py", line 76,
> in request
> raise exc.from_response(resp, body)
> Forbidden: <html><h1>Forbidden</h1><p>Access was denied to this
> resource.</p></html> (HTTP 403)
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/duplicity/+bug/1715650/+subscriptions
>
Please do. Thanks!
On Thu, Sep 7, 2017 at 9:15 AM, Matthew S <email address hidden>
wrote:
> I have written a patch for the Pyrax backend to fix this bug, which uses /bugs.launchpad .net/bugs/ 1715650 the-service) do not work with /developer. rackspace. com/docs/ cloud-files/ v1/use- cases container- services- information/ #container- access- control- duplicity" , line 1532, in <module> duplicity" , line 1526, in with_tempdir duplicity" , line 1364, in main ProcessCommandL ine(sys. argv[1: ]) python2. 7/dist- packages/ duplicity/ commandline. py", args[0] , args[1]) python2. 7/dist- packages/ duplicity/ commandline. py", get_backend( bend) python2. 7/dist- packages/ duplicity/ backend. py", line object( url_string) python2. 7/dist- packages/ duplicity/ backend. py", line python2. 7/dist- packages/ duplicity/ backends/ _cf_pyrax. py", s.create_ container( container) lib/python2. 7/dist- packages/ pyrax/client. py", line create( *args, **kwargs) lib/python2. 7/dist- packages/ pyrax/object_ storage. py", method_ put(uri, headers=headers) lib/python2. 7/dist- packages/ pyrax/client. py", line request( uri, "PUT", **kwargs) lib/python2. 7/dist- packages/ pyrax/client. py", line request( safe_uri, method, **kwargs) lib/python2. 7/dist- packages/ pyrax/client. py", line lib/python2. 7/dist- packages/ pyrax/client. py", line request( method, uri, *args, **kwargs) lib/python2. 7/dist- packages/ pyrax/http. py", line 76, response( resp, body) h1>Forbidden< /h1><p> Access was denied to this </p></html> (HTTP 403) /bugs.launchpad .net/duplicity/ +bug/1715650/ +subscriptions
> get_container() initially, and only uses create_container() if necessary.
> It handles both completely unprivileged users, and read-only privileged
> users.
> I can provide a diff in a separate comment if necessary?
>
> --
> You received this bug notification because you are subscribed to
> Duplicity.
> https:/
>
> Title:
> Cloudfiles backend does not handle container ACLs
>
> Status in Duplicity:
> New
>
> Bug description:
> duplicity --version - duplicity 0.7.14
> python2 - Python 2.7.6
> Ubuntu 14.04.5
> Using a Rackspace Cloudfiles container (with ACLs enabled)
> Accessed via the Pyrax backend (also tested with Cloudfiles)
>
> With Duplicity, both the old Cloudfiles and newer Pyrax backend (both
> connect to Rackspace Cloudfiles-
> container ACLs(1). The backends try to create a container, which with
> a normal privileged user either creates a container, or returns an
> existing container of the same name. However, to take advantage of
> Rackspace container ACLs means using an unprivileged user, which only
> has read/write access to a single container, and no other privileges.
> Consequently a Duplicity backup results in a 403 Forbidden permissions
> error, even when the user being used is able to read/write just fine.
>
> 1) https:/
> /additional-
> lists
>
> Traceback of Pyrax error:
>
> Traceback (most recent call last):
> File "/usr/bin/
> with_tempdir(main)
> File "/usr/bin/
> fn()
> File "/usr/bin/
> action = commandline.
> File "/usr/lib/
> line 1116, in ProcessCommandLine
> backup, local_pathname = set_backend(
> File "/usr/lib/
> line 1005, in set_backend
> globals.backend = backend.
> File "/usr/lib/
> 223, in get_backend
> obj = get_backend_
> File "/usr/lib/
> 209, in get_backend_object
> return factory(pu)
> File "/usr/lib/
> line 72, in __init__
> self.container = pyrax.cloudfile
> File "/usr/local/
> 103, in create
> return self._manager.
> File "/usr/local/
> line 833, in create
> resp, resp_body = self.api.
> File "/usr/local/
> 260, in method_put
> return self._api_
> File "/usr/local/
> 231, in _api_request
> resp, body = self._time_
> File "/usr/local/
> 193, in _time_request
> resp, body = self.request(uri, method, **kwargs)
> File "/usr/local/
> 184, in request
> resp, body = pyrax.http.
> File "/usr/local/
> in request
> raise exc.from_
> Forbidden: <html><
> resource.
>
> To manage notifications about this bug go to:
> https:/
>