s3 list objects returns account:user instead of owner canonical user id
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Object Storage (swift) |
New
|
Undecided
|
Unassigned |
Bug Description
s3 list objects returns account:user instead of Owner-Canonical
s3cmd info s3://bucket/object
s3://bucket/object (object):
File size: 0
Last mod: Tue, 14 May 2024 01:48:16 GMT
MIME type: binary/octet-stream
Storage: STANDARD
MD5 sum: d41d8cd98f00b20
SSE: none
Policy: none
CORS: none
ACL: ovh_staging_
Here is the functional test dump
ipdb> break /var/swift/
Breakpoint 1 at /var/swift/
ipdb> cont
Resuming program, press Ctrl-C to relaunch debugger.
> /var/swift/
48 self.assertNotI
49 elif tf.cluster_
1--> 50 self.assertEqua
51 self.assertEqua
52 else:
ipdb> print(obj)
{'Key': 'object', 'LastModified': datetime.
Expecting access key in the test, and also botot3 response schema returns account-id for the ID.
summary: |
- s3 list objects returns account:user instead of access key + s3 list objects returns account:user instead of account-id |
description: | updated |
description: | updated |
description: | updated |
summary: |
- s3 list objects returns account:user instead of account-id + s3 list objects returns account:user instead of owner canonical user id |
Kottur,
Based on the code inspection there is a wrong assumption about the user_id in validate objects. The ID need to be checked against user_id and not access_key.
https:/ /github. com/openstack/ swift/blob/ master/ test/functional /s3api/ s3_test_ client. py#L68
user_id is set to access key only if user_id is None.
But precursor to this,
https:/ /github. com/openstack/ swift/blob/ master/ test/functional /s3api/ __init_ _.py#L56, user_id is set before Connection() is called in the case of keystone.
user_id = '%s:%s' % (tf.config[ 'account' ], tf.config[ 'username' ])
In https:/ /github. com/openstack/ swift/blob/ master/ test/functional /s3api/ test_bucket. py#L38, test needs to be done against user_id (base class member).
IMHO, the right way to fix would be to query keystone, get the true user_id, and in the case of tempauth then an autogenerated UUID is assigned, and then validated against it.
Tim Burke input would be valuable for you here.