TrueCloudLab/frostfs-node
20
1
Fork 27
Code Issues 100 Pull requests 4 Projects Releases 1 Activity Actions

eACL wrong behavior with user headers filters: STRING_NOT_EQUAL and STRING_EQUAL. #676

New issue
Closed
opened 2023-09-05 09:04:03 +00:00 by anikeev-yadro · 4 comments
anikeev-yadro commented 2023-09-05 09:04:03 +00:00
Member
Copy link

Autotest name

testsuites.acl.test_eacl_filters.TestEACLFilters#test_extended_acl_allow_filters_object

Expected Behavior

eACL should allow PUT operations with user headers filters: STRING_NOT_EQUAL and STRING_EQUAL

Current Behavior

eACL doesn't allow PUT operations with user headers filters: STRING_NOT_EQUAL and STRING_EQUAL.

Steps to Reproduce (for bugs)

  1. Create container
  2. PUT object
  3. Deny all operations for others except few operations allowed by object filter
  4. Check other can get objects with attributes matching the filter
  5. Cannot PUT object
COMMAND: frostfs-cli --config /jenkins/workspace/sbercloud_test/tmp.k4Xtk9WG18/frostfs-testcases/wallet_config.yml object put --rpc-endpoint '172.26.161.89:8080' --wallet '/jenkins/workspace/sbercloud_test/tmp.k4Xtk9WG18/frostfs-testcases/TemporaryDir/47a2c41e-5efe-4e42-b2f4-cd1047ce3f00.json' --cid 'EMSKYwk8CAZ1nLjDTdq9rS7PpiNLSwrCxbg8wQzRKhxh' --file 'TemporaryDir/20838014-f936-42a7-9741-1634ac31b02e' --attributes 'check_key=other_value' --no-progress
RETCODE: 1

STDOUT:
rpc error: client failure: rpc error: code = Unknown desc = could not close stream and receive response: could not close stream and receive response: (*putsvc.streamer) could not object put stream: (*putsvc.Streamer) could not close object target: could not write to next target: incomplete object PUT by placement: could not write header: (*putsvc.remoteTarget) could not put single object to [/ip4/172.26.162.60/tcp/8080]: put single object via client: status: code = 2048 message = access to object operation denied

STDERR:

Start / End / Elapsed	 07:54:41.724752 / 07:54:42.124843 / 0:00:00.400091

Regression

Yes

Version

0.0.1-879-g7456c855

Your Environment

Virtual
4 nodes

## Autotest name testsuites.acl.test_eacl_filters.TestEACLFilters#test_extended_acl_allow_filters_object ## Expected Behavior eACL should allow PUT operations with user headers filters: STRING_NOT_EQUAL and STRING_EQUAL ## Current Behavior eACL doesn't allow PUT operations with user headers filters: STRING_NOT_EQUAL and STRING_EQUAL. ## Steps to Reproduce (for bugs) 1. Create container 2. PUT object 3. Deny all operations for others except few operations allowed by object filter 4. Check other can get objects with attributes matching the filter 5. Cannot PUT object ``` COMMAND: frostfs-cli --config /jenkins/workspace/sbercloud_test/tmp.k4Xtk9WG18/frostfs-testcases/wallet_config.yml object put --rpc-endpoint '172.26.161.89:8080' --wallet '/jenkins/workspace/sbercloud_test/tmp.k4Xtk9WG18/frostfs-testcases/TemporaryDir/47a2c41e-5efe-4e42-b2f4-cd1047ce3f00.json' --cid 'EMSKYwk8CAZ1nLjDTdq9rS7PpiNLSwrCxbg8wQzRKhxh' --file 'TemporaryDir/20838014-f936-42a7-9741-1634ac31b02e' --attributes 'check_key=other_value' --no-progress RETCODE: 1 STDOUT: rpc error: client failure: rpc error: code = Unknown desc = could not close stream and receive response: could not close stream and receive response: (*putsvc.streamer) could not object put stream: (*putsvc.Streamer) could not close object target: could not write to next target: incomplete object PUT by placement: could not write header: (*putsvc.remoteTarget) could not put single object to [/ip4/172.26.162.60/tcp/8080]: put single object via client: status: code = 2048 message = access to object operation denied STDERR: Start / End / Elapsed 07:54:41.724752 / 07:54:42.124843 / 0:00:00.400091 ``` ## Regression Yes ## Version ``` 0.0.1-879-g7456c855 ``` ## Your Environment Virtual 4 nodes
anikeev-yadro added the
bug
triage
 labels 2023-09-05 09:04:03 +00:00
fyrchik added this to the v0.37.0 milestone 2023-09-05 09:04:38 +00:00
acid-ant was assigned by fyrchik 2023-09-05 09:25:28 +00:00
fyrchik commented 2023-09-05 09:27:13 +00:00
Owner
Copy link

Hm, this may be related to object size, let's check both small and big objects.

Hm, this may be related to object size, let's check both small and big objects.
anikeev-yadro commented 2023-09-05 09:35:05 +00:00
Author
Member
Copy link

@fyrchik
We caught this bug with simple object.
Do you want to retest with complex object?

@fyrchik We caught this bug with simple object. Do you want to retest with complex object?
fyrchik commented 2023-09-05 10:29:45 +00:00
Owner
Copy link

No, we will try both on dev-env anyway.

No, we will try both on dev-env anyway.
acid-ant removed their assignment 2023-09-05 11:12:34 +00:00
aarifullin was assigned by acid-ant 2023-09-05 11:12:34 +00:00
acid-ant was assigned by fyrchik 2023-09-05 11:14:26 +00:00
aarifullin was unassigned by fyrchik 2023-09-05 11:14:27 +00:00
anikeev-yadro commented 2023-09-05 11:46:02 +00:00
Author
Member
Copy link

OK. Anyway we will expand our ACL tests with complex objects.

OK. Anyway we will expand our ACL tests with complex objects.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
support/v0.42
support/v0.38
support/v0.37
support/v0.36
support/v0.34
support/v0.30
support/v0.27
v0.44.0-rc.13
v0.44.0-rc.12
v0.44.0-rc.11
v0.42.16
v0.44.0-rc.10
v0.44.0-rc.9
v0.44.0-rc.8
v0.44.0-rc.7
v0.44.0-rc.6
v0.44.0-rc.5
v0.44.0-rc.4
v0.44.0-rc.3
v0.44.0-rc.2
v0.44.0-rc.1
v0.43.2
v0.43.1
v0.43.0
v0.42.15
v0.42.14
v0.42.13
v0.42.12
v0.42.11
v0.42.10
v0.42.9
v0.42.8
v0.42.7
v0.42.6
v0.42.5
v0.42.4
v0.42.3
v0.42.2
v0.42.1
v0.42.0
v0.42.0-rc.9
v0.42.0-rc.8
v0.42.0-rc.7
v0.38.9
v0.42.0-rc.6
v0.42.0-rc.5
v0.42.0-rc.4
v0.42.0-rc.3
v0.42.0-rc.2
v0.42.0-rc.1
v0.38.8
v0.41.0
v0.38.7
v0.40.0
v0.39.0
v0.38.6
v0.38.5
v0.38.4
v0.38.3
v0.38.2
v0.38.1
v0.38.0
v0.38.0-rc.2
v0.38.0-rc.1
v0.37.0
v0.37.0-rc.1
v0.36.0
v0.34.0
v0.22.1
v0.22.0
v0.21.1
v0.21.0
v0.20.0
v0.19.0
v0.18.0
v0.17.0
v0.16.0
v0.15.0
v0.14.3
v0.14.2
v0.14.1
v0.14.0
v0.14.0-rc.1
v0.13.2
v0.13.1
v0.13.0
v0.13.0-rc.1
v0.12.1
v0.12.0
v0.12.0-rc3
v0.12.0-rc2
v0.12.0-rc1
v0.11.0
v0.10.0
Labels
Clear labels   
P0

Highest

  
P1

High

  
P2

Medium

  
P3

Low

  
badger

Badger DB related issues

  
frostfs-adm

   
frostfs-cli

   
frostfs-ir

   
frostfs-lens

   
frostfs-node

   
good first issue

Good for newcomers

  
triage
  
Infrastructure

Infrastructure, Automation, CI/CD or DevOps related stuff

  
blocked

The issue or PR is blocked by something

  
bug

Something is not working

  
config

Configuration format update or breaking change

  
discussion

Talking about something in order to reach a decision or to exchange ideas

  
documentation

Documentation related

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
go

Language features adoption

  
help wanted

Extra attention is needed

  
internal

   
invalid

Something is wrong

  
kludge

This is a kludge and we know it

  
observability

Related to metrics, tracing and logs

  
perfomance

Perfomance related

  
question

More information is needed

  
refactoring

Refactoring

  
wontfix

This won't be fixed

No labels
P0
P1
P2
P3
badger
frostfs-adm
frostfs-cli
frostfs-ir
frostfs-lens
frostfs-node
good first issue
triage
Infrastructure
blocked
bug
config
discussion
documentation
duplicate
enhancement
go
help wanted
internal
invalid
kludge
observability
perfomance
question
refactoring
wontfix
Milestone
Clear milestone
No items
No milestone
v0.37.0
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
acid-ant
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: TrueCloudLab/frostfs-node#676
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?