Setting ACL in a Bucket returns "200 OK" but does not apply the ACL
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Swift3 |
Fix Released
|
Undecided
|
Kota Tsuyuzaki |
Bug Description
--Setting ACL by using request body, returns a 200 OK Response:--
PUT /s3BucketACL?acl HTTP/1.1
User-Agent: curl/7.29.0
Host: es-node1:8080
Accept: */*
Date: Wed, 15 Oct 2014 05:09:07 +0000
Authorization: AWS f78452a596024f6
Content-Length: 517
Expect: 100-continue
HTTP/1.1 100 Continue
<?xml version='1.0' encoding='UTF-8'?>
<AccessControlP
<Owner>
<ID>
<DisplayNam
</Owner>
<AccessContro
<Grant>
<Grantee xmlns:xsi="http://
<URI xmlns="">http://
</Grantee>
<
</Grant>
</AccessContr
</AccessControl
HTTP/1.1 200 OK
x-amz-id-2: tx23e7159901144
Content-Length: 0
x-amz-request-id: tx23e7159901144
Content-Type: text/html; charset=UTF-8
Location: s3BucketACL
X-Trans-Id: tx23e7159901144
Date: Wed, 15 Oct 2014 05:09:07 GMT
--By reviewing the ACL setup and Header in "s3BucketACL" Bucket, it only returns the "Full Control" Permission of the authenticated user--
GET /s3BucketACL?acl HTTP/1.1
User-Agent: curl/7.29.0
Host: es-node1:8080
Accept: */*
Date: Wed, 15 Oct 2014 05:09:18 +0000
Authorization: AWS f78452a596024f6
HTTP/1.1 200 OK
x-amz-id-2: txc1ca6dd0aa1e4
Content-Length: 470
x-amz-request-id: txc1ca6dd0aa1e4
Content-Type: text/plain
X-Trans-Id: txc1ca6dd0aa1e4
Date: Wed, 15 Oct 2014 05:09:18 GMT
<?xml version='1.0' encoding='UTF-8'?>
<AccessControlP
HEAD /s3BucketACL HTTP/1.1
User-Agent: curl/7.29.0
Host: es-node1:8080
Accept: */*
Date: Wed, 15 Oct 2014 05:14:33 +0000
Authorization: AWS f78452a596024f6
HTTP/1.1 200 OK
x-amz-id-2: tx78181d34bf5e4
Content-Length: 0
x-amz-request-id: tx78181d34bf5e4
Content-Type: text/plain; charset=utf-8
X-Trans-Id: tx78181d34bf5e4
Date: Wed, 15 Oct 2014 05:14:36 GMT
--Setting ACL by using request headers, it also returns 200 OK response:--
PUT /s3BucketACL2 HTTP/1.1
User-Agent: curl/7.29.0
Host: es-node1:8080
Accept: */*
Date: Wed, 15 Oct 2014 05:16:55 +0000
Authorization: AWS f78452a596024f6
x-amz-acl: public-read
Content-Length: 0
HTTP/1.1 200 OK
x-amz-id-2: tx7f28a42bfbbf4
Content-Length: 0
x-amz-request-id: tx7f28a42bfbbf4
Content-Type: text/html; charset=UTF-8
Location: /s3BucketACL2
X-Trans-Id: tx7f28a42bfbbf4
Date: Wed, 15 Oct 2014 05:16:56 GMT
--But by getting the bucket acl, it returns only the "Full-Controll" permission for the authenticated user:--
GET /s3BucketACL2?acl HTTP/1.1
User-Agent: curl/7.29.0
Host: es-node1:8080
Accept: */*
Date: Wed, 15 Oct 2014 05:17:09 +0000
Authorization: AWS f78452a596024f6
HTTP/1.1 200 OK
x-amz-id-2: tx6608f7a109994
Content-Length: 470
x-amz-request-id: tx6608f7a109994
Content-Type: text/plain
X-Trans-Id: tx6608f7a109994
Date: Wed, 15 Oct 2014 05:17:09 GMT
<?xml version='1.0' encoding='UTF-8'?>
<AccessControlP
--Even by running swift stat "s3BucketACL(2)" it returns no READ permissions were given to everyone or "public-read" (canned acl)--
Expected:
If put acl request returns 200 OK Response, then it is expected the ACL is set and can be correctly displayed:
<?xml version='1.0' encoding='UTF-8'?>
<AccessControlP
<Owner>
<ID>
<DisplayNam
</Owner>
<AccessContro
<Grant>
<Grantee xmlns:xsi="http://
</Grantee>
<
</Grant>
<Grant>
<Grantee xmlns:xsi="http://
<URI xmlns="">http://
</Grantee>
<
</Grant>
</AccessContr
</AccessControl
Changed in swift3: | |
status: | New → Confirmed |
Changed in swift3: | |
assignee: | nobody → Kota Tsuyuzaki (tsuyuzaki-kota) |
status: | Confirmed → In Progress |
Changed in swift3: | |
status: | Fix Committed → Fix Released |
Reviewed: https:/ /review. openstack. org/129514 /git.openstack. org/cgit/ stackforge/ swift3/ commit/ ?id=906cce614f7 89e0e65c1688902 30156f4be644e3
Committed: https:/
Submitter: Jenkins
Branch: master
commit 906cce614f789e0 e65c16889023015 6f4be644e3
Author: Kota Tsuyuzaki <email address hidden>
Date: Sun Oct 19 19:51:19 2014 -0700
Fix X-AMZ-ACL header is not applied
Current swift generates wrong ACL header (e.g. HTTP_HTTP_ Container- Read) request. Request (also swift.common. swob.Request) which doesn't need "HTTP"
because it is based on old swift3 specification to apply the header to
an "enviroment" variable of eventlet. However, now we use the header property
of swift3.
prefix for a given property key.
Change-Id: Ie62468ad144772 537610adb359c75 f46d460fc64
Closes-Bug: 1381548