OpenStack Object Storage (swift)

s3 list objects returns account:user instead of owner canonical user id

Bug #2065642 reported by Kottur on 2024-05-14

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Object Storage (swift)	New	Undecided	Unassigned

Bug Description

s3 list objects returns account:user instead of Owner-Canonical-User-ID

s3cmd info s3://bucket/object

s3://bucket/object (object):
   File size: 0
   Last mod: Tue, 14 May 2024 01:48:16 GMT
   MIME type: binary/octet-stream
   Storage: STANDARD
   MD5 sum: d41d8cd98f00b204e9800998ecf8427e
   SSE: none
   Policy: none
   CORS: none
   ACL: ovh_staging_s3:ovh_staging-user1: FULL_CONTROL

Here is the functional test dump

ipdb> break /var/swift/test/functional/s3api/test_bucket.py:50
Breakpoint 1 at /var/swift/test/functional/s3api/test_bucket.py:50
ipdb> cont
Resuming program, press Ctrl-C to relaunch debugger.
> /var/swift/test/functional/s3api/test_bucket.py(50)_validate_object_listing()
     48 self.assertNotIn('Owner', obj)
     49 elif tf.cluster_info['s3api'].get('s3_acl'):
1--> 50 self.assertEqual(obj['Owner']['ID'], self.access_key)
     51 self.assertEqual(obj['Owner']['DisplayName'], self.access_key)
     52 else:

ipdb> print(obj)
{'Key': 'object', 'LastModified': datetime.datetime(2024, 5, 14, 1, 48, 16, tzinfo=tzlocal()), 'ETag': '"d41d8cd98f00b204e9800998ecf8427e"', 'Size': 0, 'StorageClass': 'STANDARD', 'Owner': {'DisplayName': 'ovh_staging_s3:ovh_staging-user1', 'ID': 'ovh_staging_s3:ovh_staging-user1'}}

Expecting access key in the test, and also botot3 response schema returns account-id for the ID.

See original description

Kottur (skottur) on 2024-05-14

summary:	- s3 list objects returns account:user instead of access key + s3 list objects returns account:user instead of account-id
description:	updated
description:	updated

Kottur (skottur) on 2024-05-14

description:	updated
summary:	- s3 list objects returns account:user instead of account-id + s3 list objects returns account:user instead of owner canonical user id

Revision history for this message

Sudhakar Datta (sudhakar-datta) wrote on 2024-05-14:

Kottur,

Based on the code inspection there is a wrong assumption about the user_id in validate objects. The ID need to be checked against user_id and not access_key.

https://github.com/openstack/swift/blob/master/test/functional/s3api/s3_test_client.py#L68

user_id is set to access key only if user_id is None.

But precursor to this,

https://github.com/openstack/swift/blob/master/test/functional/s3api/__init__.py#L56, user_id is set before Connection() is called in the case of keystone.

user_id = '%s:%s' % (tf.config['account'], tf.config['username'])

In https://github.com/openstack/swift/blob/master/test/functional/s3api/test_bucket.py#L38, test needs to be done against user_id (base class member).

IMHO, the right way to fix would be to query keystone, get the true user_id, and in the case of tempauth then an autogenerated UUID is assigned, and then validated against it.

Tim Burke input would be valuable for you here.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.