OpenStack Object Storage (swift)

Swift3 should report a clear an unambiguous error on region mismatch for v4 signatures

Bug #1674842 reported by Tim Burke on 2017-03-21

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Object Storage (swift)	Fix Released	Undecided	Tim Burke

Bug Description

Currently, we punt to the auth middleware to use a swift3-provided scope (including region), and 403 when the signature doesn't match. This:

1. isn't helpful for the client -- API users are left needing to contact operators to find out what went wrong, and
2. doesn't match what AWS does:

S3ResponseError: 400 Bad Request
<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AuthorizationHeaderMalformed</Code><Message>The authorization header is malformed; the region 'us-east-1' is wrong; expecting 'us-west-2'</Message><Region>us-west-2</Region><RequestId>...</RequestId><HostId>...</HostId></Error>

All this despite the fact that we've got the entire credential scope in hand -- https://github.com/openstack/swift3/blob/v1.11/swift3/request.py#L206-L207

Tim Burke (1-tim-z) on 2017-04-12

Changed in swift3:
assignee:	nobody → Tim Burke (1-tim-z)
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-06-15: Change abandoned on swift3 (master)

Change abandoned by Tim Burke (<email address hidden>) on branch: master
Review: https://review.openstack.org/448764
Reason: Submitted against s3api as https://review.openstack.org/#/c/575836/

Revision history for this message

Tim Burke (1-tim-z) wrote on 2018-10-01:

Re-targetted to swift, now that s3api lives there.

affects:

swift3 → swift

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-10-02: Fix merged to swift (master)

Reviewed: https://review.openstack.org/575836
Committed: https://git.openstack.org/cgit/openstack/swift/commit/?id=27d852395fb01edd7955fdea18616a16c919a214
Submitter: Zuul
Branch: master

commit 27d852395fb01edd7955fdea18616a16c919a214
Author: Tim Burke <email address hidden>
Date: Fri Jun 15 13:15:34 2018 -0700

Give better errors for malformed credentials

This lets clients know when they used the wrong region,
for example.

Change-Id: Id3ac41e994705d3befe32df60ff4241c334a78b7
Closes-Bug: #1674842

Changed in swift:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-12-17: Fix included in openstack/swift 2.20.0

This issue was fixed in the openstack/swift 2.20.0 release.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.