Swift3

In swift3 middleware, Access to lower case container was denied

Bug #1320061 reported by dba on 2014-05-16

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Swift3	Incomplete	Undecided	Unassigned

Bug Description

I will report two bug about swift3 middleware.

I created container TEST1 and test1

# date
Wed May 14 16:05:56 JST 2014
# swift post TEST
# swift post test
# swift list -l
0 0 2014-05-14 07:06:33 TEST
0 0 2014-05-14 07:06:37 test

and then, using s3cmd listed container.
# s3cmd ls
2009-02-03 16:45 s3://TEST
2009-02-03 16:45 s3://test

Container creating date is shown 2009-02-03.
This is one bug.

In next, using s3cmd file upload to TEST container
# s3cmd put file1 s3://TEST
file1 -> s3://TEST/file1 [1 of 1]
801 of 801 100% in 6s 123.01 B/s done

this is no problem
but using s3cmd file update to test container, this failed.

# s3cmd put file1 s3://test
file1 -> s3://test/file1 [1 of 1]
801 of 801 100% in 0s 49.17 kB/s done
ERROR: S3 error: 403 (AccessDenied): Access denied

In case of lower case container, when i put using s3cmd, access deined error occured.

Revision history for this message

Kota Tsuyuzaki (tsuyuzaki-kota) wrote on 2014-06-23:

Hi, lee.

First one is related to https://github.com/fujita/swift3/issues/61.
It is basically caused from swift's specification. To solve it, the swift command you reported makes HEAD requests for all containers before the response but current swift3 doesn't do so because it sacrifices its performance. However, my colleague is trying to fix it, right now. Please wait the activity.

The other seems not to be a swift3 bug because I can do that (possible to put an object against to both TEST and test containers) by s3curl. Could you show me the proxy log, version number and some information about s3cmd.

Best

Revision history for this message

dba (lee203) wrote on 2014-06-23:

Download full text (4.7 KiB)

thanks tsuyuzaki

>However, my colleague is trying to fix it, right now. Please wait the activity.
I wait glad to this patch.

this is my log for s3cmd.
----------
# s3cmd --debug put file1 s3://test
DEBUG: ConfigParser: Reading file '/root/.s3cfg'
DEBUG: ConfigParser: access_key->79...29_chars...c
DEBUG: ConfigParser: bucket_location->US
DEBUG: ConfigParser: cloudfront_host->cloudfront.amazonaws.com
DEBUG: ConfigParser: cloudfront_resource->/2010-07-15/distribution
DEBUG: ConfigParser: default_mime_type->binary/octet-stream
DEBUG: ConfigParser: delete_removed->False
DEBUG: ConfigParser: dry_run->False
DEBUG: ConfigParser: encoding->UTF-8
DEBUG: ConfigParser: encrypt->False
DEBUG: ConfigParser: follow_symlinks->False
DEBUG: ConfigParser: force->False
DEBUG: ConfigParser: get_continue->False
DEBUG: ConfigParser: gpg_command->/usr/bin/gpg
DEBUG: ConfigParser: gpg_decrypt->%(gpg_command)s -d --verbose --no-use-agent --batch --yes --passphrase-fd %(passphrase_fd)s -o %(output_file)s %(input_file)s
DEBUG: ConfigParser: gpg_encrypt->%(gpg_command)s -c --verbose --no-use-agent --batch --yes --passphrase-fd %(passphrase_fd)s -o %(output_file)s %(input_file)s
DEBUG: ConfigParser: gpg_passphrase->...-3_chars...
DEBUG: ConfigParser: guess_mime_type->True
DEBUG: ConfigParser: host_base->dev.test-obj.jp
DEBUG: ConfigParser: host_bucket->dev.test-obj.jp
DEBUG: ConfigParser: human_readable_sizes->False
DEBUG: ConfigParser: list_md5->False
DEBUG: ConfigParser: log_target_prefix->
DEBUG: ConfigParser: preserve_attrs->True
DEBUG: ConfigParser: progress_meter->True
DEBUG: ConfigParser: proxy_host->
DEBUG: ConfigParser: proxy_port->0
DEBUG: ConfigParser: recursive->False
DEBUG: ConfigParser: recv_chunk->4096
DEBUG: ConfigParser: reduced_redundancy->False
DEBUG: ConfigParser: secret_key->aa...29_chars...b
DEBUG: ConfigParser: send_chunk->4096
DEBUG: ConfigParser: simpledb_host->sdb.amazonaws.com
DEBUG: ConfigParser: skip_existing->False
DEBUG: ConfigParser: socket_timeout->300
DEBUG: ConfigParser: urlencoding_mode->normal
DEBUG: ConfigParser: use_https->True
DEBUG: ConfigParser: verbosity->WARNING
DEBUG: Updating Config.Config encoding -> UTF-8
DEBUG: Updating Config.Config follow_symlinks -> False
DEBUG: Updating Config.Config verbosity -> 10
DEBUG: Unicodising 'put' using UTF-8
DEBUG: Unicodising 'file1' using UTF-8
DEBUG: Unicodising 's3://test' using UTF-8
DEBUG: Command: put
INFO: Compiling list of local files...
DEBUG: DeUnicodising u'' using UTF-8
DEBUG: DeUnicodising u'file1' using UTF-8
DEBUG: Unicodising 'file1' using UTF-8
DEBUG: Unicodising 'file1' using UTF-8
INFO: Applying --exclude/--include
DEBUG: CHECK: file1
DEBUG: PASS: file1
INFO: Summary: 1 local files to upload
DEBUG: Content-Type set to 'binary/octet-stream'
DEBUG: String 'file1' encoded to 'file1'
DEBUG: SignHeaders: 'PUT\n\nbinary/octet-stream\n\nx-amz-date:Mon, 23 Jun 2014 09:43:43 +0000\n/test/file1'
DEBUG: CreateRequest: resource[uri]=/file1
DEBUG: Unicodising 'file1' using UTF-8
DEBUG: SignHeaders: 'PUT\n\nbinary/octet-stream\n\nx-amz-date:Mon, 23 Jun 2014 09:43:43 +0000\n/test/file1'
file1 -> s3://test/file1 [1 of 1]
DEBUG: get_hostname(test): dev.test-obj.jp
DEBUG: format_uri(): /f...

thanks tsuyuzaki

>However, my colleague is trying to fix it, right now. Please wait the activity.
I wait glad to this patch.

this is my log for s3cmd.
----------
# s3cmd --debug put file1 s3://test
DEBUG: ConfigParser: Reading file '/root/.s3cfg'
DEBUG: ConfigParser: access_key->79...29_chars...c
DEBUG: ConfigParser: bucket_location->US
DEBUG: ConfigParser: cloudfront_host->cloudfront.amazonaws.com
DEBUG: ConfigParser: cloudfront_resource->/2010-07-15/distribution
DEBUG: ConfigParser: default_mime_type->binary/octet-stream
DEBUG: ConfigParser: delete_removed->False
DEBUG: ConfigParser: dry_run->False
DEBUG: ConfigParser: encoding->UTF-8
DEBUG: ConfigParser: encrypt->False
DEBUG: ConfigParser: follow_symlinks->False
DEBUG: ConfigParser: force->False
DEBUG: ConfigParser: get_continue->False
DEBUG: ConfigParser: gpg_command->/usr/bin/gpg
DEBUG: ConfigParser: gpg_decrypt->%(gpg_command)s -d --verbose --no-use-agent --batch --yes --passphrase-fd %(passphrase_fd)s -o %(output_file)s %(input_file)s
DEBUG: ConfigParser: gpg_encrypt->%(gpg_command)s -c --verbose --no-use-agent --batch --yes --passphrase-fd %(passphrase_fd)s -o %(output_file)s %(input_file)s
DEBUG: ConfigParser: gpg_passphrase->...-3_chars...
DEBUG: ConfigParser: guess_mime_type->True
DEBUG: ConfigParser: host_base->dev.test-obj.jp
DEBUG: ConfigParser: host_bucket->dev.test-obj.jp
DEBUG: ConfigParser: human_readable_sizes->False
DEBUG: ConfigParser: list_md5->False
DEBUG: ConfigParser: log_target_prefix->
DEBUG: ConfigParser: preserve_attrs->True
DEBUG: ConfigParser: progress_meter->True
DEBUG: ConfigParser: proxy_host->
DEBUG: ConfigParser: proxy_port->0
DEBUG: ConfigParser: recursive->False
DEBUG: ConfigParser: recv_chunk->4096
DEBUG: ConfigParser: reduced_redundancy->False
DEBUG: ConfigParser: secret_key->aa...29_chars...b
DEBUG: ConfigParser: send_chunk->4096
DEBUG: ConfigParser: simpledb_host->sdb.amazonaws.com
DEBUG: ConfigParser: skip_existing->False
DEBUG: ConfigParser: socket_timeout->300
DEBUG: ConfigParser: urlencoding_mode->normal
DEBUG: ConfigParser: use_https->True
DEBUG: ConfigParser: verbosity->WARNING
DEBUG: Updating Config.Config encoding -> UTF-8
DEBUG: Updating Config.Config follow_symlinks -> False
DEBUG: Updating Config.Config verbosity -> 10
DEBUG: Unicodising 'put' using UTF-8
DEBUG: Unicodising 'file1' using UTF-8
DEBUG: Unicodising 's3://test' using UTF-8
DEBUG: Command: put
INFO: Compiling list of local files...
DEBUG: DeUnicodising u'' using UTF-8
DEBUG: DeUnicodising u'file1' using UTF-8
DEBUG: Unicodising 'file1' using UTF-8
DEBUG: Unicodising 'file1' using UTF-8
INFO: Applying --exclude/--include
DEBUG: CHECK: file1
DEBUG: PASS: file1
INFO: Summary: 1 local files to upload
DEBUG: Content-Type set to 'binary/octet-stream'
DEBUG: String 'file1' encoded to 'file1'
DEBUG: SignHeaders: 'PUT\n\nbinary/octet-stream\n\nx-amz-date:Mon, 23 Jun 2014 09:43:43 +0000\n/test/file1'
DEBUG: CreateRequest: resource[uri]=/file1
DEBUG: Unicodising 'file1' using UTF-8
DEBUG: SignHeaders: 'PUT\n\nbinary/octet-stream\n\nx-amz-date:Mon, 23 Jun 2014 09:43:43 +0000\n/test/file1'
file1 -> s3://test/file1  [1 of 1]
DEBUG: get_hostname(test): dev.test-obj.jp
DEBUG: format_uri(): /file1
 1000000 of 1000000   100% in    0s     7.33 MB/sDEBUG: Response: {'status': 403, 'headers': {'date': 'Mon, 23 Jun 2014 09:43:43 GMT', 'content-length': '124', 'content-type': 'text/xml', 'x-trans-id': 'tx8b879ef4611a496fbb4eb-0053a7f6cf'}, 'reason': 'Forbidden', 'data': '<?xml version="1.0" encoding="UTF-8"?>\r\n<Error>\r\n  <Code>AccessDenied</Code>\r\n  <Message>Access denied</Message>\r\n</Error>\r\n', 'size': 1000000}
 1000000 of 1000000   100% in    0s     7.24 MB/s  done
DEBUG: S3Error: 403 (Forbidden)
DEBUG: HttpHeader: date: Mon, 23 Jun 2014 09:43:43 GMT
DEBUG: HttpHeader: content-length: 124
DEBUG: HttpHeader: etag: 
DEBUG: HttpHeader: content-type: text/xml
DEBUG: HttpHeader: x-trans-id: tx8b879ef4611a496fbb4eb-0053a7f6cf
DEBUG: ErrorXML: Code: 'AccessDenied'
DEBUG: ErrorXML: Message: 'Access denied'
DEBUG: S3Error: 403 (Forbidden)
DEBUG: HttpHeader: date: Mon, 23 Jun 2014 09:43:43 GMT
DEBUG: HttpHeader: content-length: 124
DEBUG: HttpHeader: etag: 
DEBUG: HttpHeader: content-type: text/xml
DEBUG: HttpHeader: x-trans-id: tx8b879ef4611a496fbb4eb-0053a7f6cf
DEBUG: ErrorXML: Code: 'AccessDenied'
DEBUG: ErrorXML: Message: 'Access denied'
ERROR: S3 error: 403 (AccessDenied): Access denied
----------

and next is swift proxy log 
----------
Jun 23 18:43:43 dev-proxy01 proxy-logging: 192.xxx.xxx.xxx 10.xxx.xxx.xxx 23/Jun/2014/09/43/43 PUT /v1/79c0da043b484b8687ba045b23ce506c/file1 HTTP/1.0 403 - - UFVUCgpiaW5hcnkvb2N0ZXQtc3RyZWFtCgp4LWFtei1kYXRlOk1vbiwgMjMgSnVuIDIwMTQgMDk6NDM6NDMgKzAwMDAKL2ZpbGUx - 124 - tx8b879ef4611a496fbb4eb-0053a7f6cf - 0.0171 - - 1403516623.105932951 1403516623.122998953
----------

Revision history for this message

Kota Tsuyuzaki (tsuyuzaki-kota) wrote on 2015-07-15:

Sorry too late response. Do you still have this bug?

Changed in swift3:
status:	New → Incomplete

Revision history for this message

Kota Tsuyuzaki (tsuyuzaki-kota) wrote on 2015-07-15:

If this bug still affect you, please feel free to reraise this in this thread.

Revision history for this message

Jeff Burns (jburns-f) wrote on 2016-04-12:

I can confirm the "permissions denied" issue is resolved

# date
Tue Apr 12 12:40:50 PDT 2016

Swift Version: 2.6.0.3-1~trusty

#swift --version
python-swiftclient 3.0.0
# s3cmd --version
s3cmd version 1.6.1

# swift post TEST
# swift post test
# swift list -l
0 0 2016-04-12 19:42:06 TEST
2 136 2016-04-06 22:37:42 test
# s3cmd ls
2009-02-03 16:45 s3://TEST
2009-02-03 16:45 s3://test

# s3cmd put file1 s3://TEST
upload: 'file1' -> 's3://TEST/file1' [1 of 1]
68 of 68 100% in 0s 173.08 B/s done
# s3cmd put file1 s3://test
upload: 'file1' -> 's3://test/file1' [1 of 1]
68 of 68 100% in 0s 234.20 B/s done

# s3cmd ls s3://test
2016-04-12 19:47 68 s3://test/file1
# s3cmd ls s3://TEST
2016-04-12 19:47 68 s3://TEST/file1

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.