s3 list objects returns account:user instead of owner canonical user id

Bug #2065642 reported by Kottur
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
OpenStack Object Storage (swift)
New
Undecided
Unassigned

Bug Description

s3 list objects returns account:user instead of Owner-Canonical-User-ID

s3cmd info s3://bucket/object

s3://bucket/object (object):
   File size: 0
   Last mod: Tue, 14 May 2024 01:48:16 GMT
   MIME type: binary/octet-stream
   Storage: STANDARD
   MD5 sum: d41d8cd98f00b204e9800998ecf8427e
   SSE: none
   Policy: none
   CORS: none
   ACL: ovh_staging_s3:ovh_staging-user1: FULL_CONTROL

Here is the functional test dump

ipdb> break /var/swift/test/functional/s3api/test_bucket.py:50
Breakpoint 1 at /var/swift/test/functional/s3api/test_bucket.py:50
ipdb> cont
Resuming program, press Ctrl-C to relaunch debugger.
> /var/swift/test/functional/s3api/test_bucket.py(50)_validate_object_listing()
     48 self.assertNotIn('Owner', obj)
     49 elif tf.cluster_info['s3api'].get('s3_acl'):
1--> 50 self.assertEqual(obj['Owner']['ID'], self.access_key)
     51 self.assertEqual(obj['Owner']['DisplayName'], self.access_key)
     52 else:

ipdb> print(obj)
{'Key': 'object', 'LastModified': datetime.datetime(2024, 5, 14, 1, 48, 16, tzinfo=tzlocal()), 'ETag': '"d41d8cd98f00b204e9800998ecf8427e"', 'Size': 0, 'StorageClass': 'STANDARD', 'Owner': {'DisplayName': 'ovh_staging_s3:ovh_staging-user1', 'ID': 'ovh_staging_s3:ovh_staging-user1'}}

Expecting access key in the test, and also botot3 response schema returns account-id for the ID.

Kottur (skottur)
summary: - s3 list objects returns account:user instead of access key
+ s3 list objects returns account:user instead of account-id
description: updated
description: updated
Kottur (skottur)
description: updated
summary: - s3 list objects returns account:user instead of account-id
+ s3 list objects returns account:user instead of owner canonical user id
Revision history for this message
Sudhakar Datta (sudhakar-datta) wrote :

Kottur,

Based on the code inspection there is a wrong assumption about the user_id in validate objects. The ID need to be checked against user_id and not access_key.

https://github.com/openstack/swift/blob/master/test/functional/s3api/s3_test_client.py#L68

user_id is set to access key only if user_id is None.

But precursor to this,

https://github.com/openstack/swift/blob/master/test/functional/s3api/__init__.py#L56, user_id is set before Connection() is called in the case of keystone.

user_id = '%s:%s' % (tf.config['account'], tf.config['username'])

In https://github.com/openstack/swift/blob/master/test/functional/s3api/test_bucket.py#L38, test needs to be done against user_id (base class member).

IMHO, the right way to fix would be to query keystone, get the true user_id, and in the case of tempauth then an autogenerated UUID is assigned, and then validated against it.

Tim Burke input would be valuable for you here.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.