From 26d83448727b914072ad500637e8d9d35e86cd04 Mon Sep 17 00:00:00 2001 From: Nuutti Kotivuori Date: Fri, 18 Sep 2015 20:08:21 +0300 Subject: [PATCH] Remove initial access check from S3 driver In the S3 storage driver there is currently an initial access permission check by listing the bucket. If this check fails, registry will panic and exit. However, this check is broken in two ways. First of all it strips the final slash from the root directory path, meaning that any access permissions which limit access to a single directory will fail, because S3 treats the path as strict prefix match. Secondly it fails to strip any leading slash that might be present, unlike the other access places, which means that the path used is different as a leading slash is allowed and significant in a filename in S3. Since there is also a periodic health check which correctly checks access permissions and shows the error more cleanly, the best solution seems to be to just remove this initial access check. Signed-off-by: Nuutti Kotivuori --- registry/storage/driver/s3/s3.go | 6 ------ 1 file changed, 6 deletions(-) diff --git a/registry/storage/driver/s3/s3.go b/registry/storage/driver/s3/s3.go index 552c221d0..46dbcd7f3 100644 --- a/registry/storage/driver/s3/s3.go +++ b/registry/storage/driver/s3/s3.go @@ -219,12 +219,6 @@ func New(params DriverParameters) (*Driver, error) { } } - // Validate that the given credentials have at least read permissions in the - // given bucket scope. - if _, err := bucket.List(strings.TrimRight(params.RootDirectory, "/"), "", "", 1); err != nil { - return nil, err - } - // TODO Currently multipart uploads have no timestamps, so this would be unwise // if you initiated a new s3driver while another one is running on the same bucket. // multis, _, err := bucket.ListMulti("", "")