put-bucket-acl doesn't put just downloaded ACL.json #52

New issue

Closed

opened 2023-03-08 23:38:13 +00:00 by snegurochka · 2 comments

snegurochka commented 2023-03-08 23:38:13 +00:00

Member

Copy link

Original issue: https://github.com/nspcc-dev/neofs-s3-gw/issues/681

Steps to reproduce:

1. Create bucket with public-read-write ACL
2. Download bucket ACL to json file

aws --no-verify-ssl s3api get-bucket-acl --bucket b-test-lock-20   --endpoint-url http://172.26.163.38:8084 > ACL.json

3. Try to upload the same json file (without any changes) following this command:

aws --no-verify-ssl s3api put-bucket-acl --bucket b-test-lock-20   --endpoint-url http://172.26.163.38:8084 --access-control-policy file://ACL.json

An error occurred (InternalError) when calling the PutBucketAcl operation (reached max retries: 2): could not translate ast to table: form records: public key from string: encoding/hex: invalid byte: U+004E 'N'

ACL.json:

anikeev@NB-1670:~/neofs$ cat ACL.json
{
    "Owner": {
        "DisplayName": "NS9iuCpxq8VzpKWLSwceguV5pz2YAYtG6M",
        "ID": "NS9iuCpxq8VzpKWLSwceguV5pz2YAYtG6M"
    },
    "Grants": [
        {
            "Grantee": {
                "ID": "02efc49d370eb40238b85d8469439b5dd70dac7b1567aaf251eef311a312098b13",
                "Type": "CanonicalUser"
            },
            "Permission": "FULL_CONTROL"
        },
        {
            "Grantee": {
                "ID": "02b6c1dc2f13c909918d05e1379f2d684c6fcf668986d199ede10053206acdc4a4",
                "Type": "CanonicalUser"
            },
            "Permission": "READ"
        },
        {
            "Grantee": {
                "Type": "Group",
                "URI": "http://acs.amazonaws.com/groups/global/AllUsers"
            },
            "Permission": "FULL_CONTROL"
        }
    ]
}

Logs:

Aug 25 08:23:34 az neofs-s3-gw[5874]: 2022-08-25T08:23:34.187Z        error        handler/util.go:25        could not update bucket acl        {"request_id": "40bf94c6-3c4d-43d9-b6d3-797fa1f7b94c", "method": "PutBucketACL", "bucket_name": "b-test-lock-20", "object_name": "", "error": "could not translate ast to table: form records: public key from string: encoding/hex: invalid byte: U+004E 'N'"}
Aug 25 08:23:34 az neofs-s3-gw[5874]: 2022-08-25T08:23:34.187Z        error        api/router.go:158        something went wrong        {"status": 500, "request_id": "40bf94c6-3c4d-43d9-b6d3-797fa1f7b94c", "method": "PutBucketACL", "description": "Internal Server Error"}
Aug 25 08:23:34 az neofs-s3-gw[5874]: 2022-08-25T08:23:34.565Z        error        handler/util.go:25        could not update bucket acl        {"request_id": "b787761c-7dd4-489a-8618-dfe99f3a7139", "method": "PutBucketACL", "bucket_name": "b-test-lock-20", "object_name": "", "error": "could not translate ast to table: form records: public key from string: encoding/hex: invalid byte: U+004E 'N'"}
Aug 25 08:23:34 az neofs-s3-gw[5874]: 2022-08-25T08:23:34.565Z        error        api/router.go:158        something went wrong        {"status": 500, "request_id": "b787761c-7dd4-489a-8618-dfe99f3a7139", "method": "PutBucketACL", "description": "Internal Server Error"}
Aug 25 08:23:36 az neofs-s3-gw[5874]: 2022-08-25T08:23:36.081Z        error        handler/util.go:25        could not update bucket acl        {"request_id": "f8ae9dd4-8b6c-4685-b83c-572caf448461", "method": "PutBucketACL", "bucket_name": "b-test-lock-20", "object_name": "", "error": "could not translate ast to table: form records: public key from string: encoding/hex: invalid byte: U+004E 'N'"}
Aug 25 08:23:36 az neofs-s3-gw[5874]: 2022-08-25T08:23:36.081Z        error        api/router.go:158        something went wrong        {"status": 500, "request_id": "f8ae9dd4-8b6c-4685-b83c-572caf448461", "method": "PutBucketACL", "description": "Internal Server Error"}

Product versions:

s3 gateway
Version: v0.23.0-36-g3b343d1-dirty
GoVersion: go1.18.4

NeoFS Storage node
Version: v0.31.0
GoVersion: go1.18.4

NeoGo
Version: 0.99.1
GoVersion: go1.18.4

s3 gateway config:

default_policy: REP 1 IN X CBF 1 SELECT 1 FROM * AS X
listen_address: 0.0.0.0:8084
logger:
  level: debug
max_clients_count: 600
max_clients_deadline: 60s
peers:
  '0':
    address: node1.neofs:8080
    priority: '1'
    weight: '1'
  '1':
    address: node2.neofs:8080
    priority: '2'
    weight: '0.25'
  '2':
    address: node3.neofs:8080
    priority: '2'
    weight: '0.25'
  '3':
    address: node4.neofs:8080
    priority: '2'
    weight: '0.25'
pool_error_threshold: 100
pprof:
  address: localhost:8085
  enabled: true
prometheus:
  address: localhost:8086
  enabled: true
resolve_order:
- nns
rpc_endpoint: http://node1.neofs:40332
tree:
  service: 172.26.163.38:8080
wallet:
  address: ''
  passphrase: ''
  path: /etc/neofs/s3/wallet.json

Original issue: https://github.com/nspcc-dev/neofs-s3-gw/issues/681 **Steps to reproduce:** 1. Create bucket with public-read-write ACL 2. Download bucket ACL to json file ``` aws --no-verify-ssl s3api get-bucket-acl --bucket b-test-lock-20 --endpoint-url http://172.26.163.38:8084 > ACL.json ``` 3. Try to upload the same json file (without any changes) following this command: ``` aws --no-verify-ssl s3api put-bucket-acl --bucket b-test-lock-20 --endpoint-url http://172.26.163.38:8084 --access-control-policy file://ACL.json An error occurred (InternalError) when calling the PutBucketAcl operation (reached max retries: 2): could not translate ast to table: form records: public key from string: encoding/hex: invalid byte: U+004E 'N' ``` ACL.json: ``` anikeev@NB-1670:~/neofs$ cat ACL.json { "Owner": { "DisplayName": "NS9iuCpxq8VzpKWLSwceguV5pz2YAYtG6M", "ID": "NS9iuCpxq8VzpKWLSwceguV5pz2YAYtG6M" }, "Grants": [ { "Grantee": { "ID": "02efc49d370eb40238b85d8469439b5dd70dac7b1567aaf251eef311a312098b13", "Type": "CanonicalUser" }, "Permission": "FULL_CONTROL" }, { "Grantee": { "ID": "02b6c1dc2f13c909918d05e1379f2d684c6fcf668986d199ede10053206acdc4a4", "Type": "CanonicalUser" }, "Permission": "READ" }, { "Grantee": { "Type": "Group", "URI": "http://acs.amazonaws.com/groups/global/AllUsers" }, "Permission": "FULL_CONTROL" } ] } ``` **Logs:** ``` Aug 25 08:23:34 az neofs-s3-gw[5874]: 2022-08-25T08:23:34.187Z error handler/util.go:25 could not update bucket acl {"request_id": "40bf94c6-3c4d-43d9-b6d3-797fa1f7b94c", "method": "PutBucketACL", "bucket_name": "b-test-lock-20", "object_name": "", "error": "could not translate ast to table: form records: public key from string: encoding/hex: invalid byte: U+004E 'N'"} Aug 25 08:23:34 az neofs-s3-gw[5874]: 2022-08-25T08:23:34.187Z error api/router.go:158 something went wrong {"status": 500, "request_id": "40bf94c6-3c4d-43d9-b6d3-797fa1f7b94c", "method": "PutBucketACL", "description": "Internal Server Error"} Aug 25 08:23:34 az neofs-s3-gw[5874]: 2022-08-25T08:23:34.565Z error handler/util.go:25 could not update bucket acl {"request_id": "b787761c-7dd4-489a-8618-dfe99f3a7139", "method": "PutBucketACL", "bucket_name": "b-test-lock-20", "object_name": "", "error": "could not translate ast to table: form records: public key from string: encoding/hex: invalid byte: U+004E 'N'"} Aug 25 08:23:34 az neofs-s3-gw[5874]: 2022-08-25T08:23:34.565Z error api/router.go:158 something went wrong {"status": 500, "request_id": "b787761c-7dd4-489a-8618-dfe99f3a7139", "method": "PutBucketACL", "description": "Internal Server Error"} Aug 25 08:23:36 az neofs-s3-gw[5874]: 2022-08-25T08:23:36.081Z error handler/util.go:25 could not update bucket acl {"request_id": "f8ae9dd4-8b6c-4685-b83c-572caf448461", "method": "PutBucketACL", "bucket_name": "b-test-lock-20", "object_name": "", "error": "could not translate ast to table: form records: public key from string: encoding/hex: invalid byte: U+004E 'N'"} Aug 25 08:23:36 az neofs-s3-gw[5874]: 2022-08-25T08:23:36.081Z error api/router.go:158 something went wrong {"status": 500, "request_id": "f8ae9dd4-8b6c-4685-b83c-572caf448461", "method": "PutBucketACL", "description": "Internal Server Error"} ``` **Product versions:** ``` s3 gateway Version: v0.23.0-36-g3b343d1-dirty GoVersion: go1.18.4 NeoFS Storage node Version: v0.31.0 GoVersion: go1.18.4 NeoGo Version: 0.99.1 GoVersion: go1.18.4 ``` **s3 gateway config:** ``` default_policy: REP 1 IN X CBF 1 SELECT 1 FROM * AS X listen_address: 0.0.0.0:8084 logger: level: debug max_clients_count: 600 max_clients_deadline: 60s peers: '0': address: node1.neofs:8080 priority: '1' weight: '1' '1': address: node2.neofs:8080 priority: '2' weight: '0.25' '2': address: node3.neofs:8080 priority: '2' weight: '0.25' '3': address: node4.neofs:8080 priority: '2' weight: '0.25' pool_error_threshold: 100 pprof: address: localhost:8085 enabled: true prometheus: address: localhost:8086 enabled: true resolve_order: - nns rpc_endpoint: http://node1.neofs:40332 tree: service: 172.26.163.38:8080 wallet: address: '' passphrase: '' path: /etc/neofs/s3/wallet.json ```

dkirillov referenced this issue 2023-06-16 08:44:50 +00:00

WIP: [#681] acl: Prepare owner ID before processing #144

alexvanin commented 2024-05-23 14:27:11 +00:00

Owner

Copy link

@dkirillov put-bucket-acl is not relevant for our latest release because of AWS Policy integration. Can we close this issue and referenced PR then?

@dkirillov `put-bucket-acl` is not relevant for our latest release because of AWS Policy integration. Can we close this issue and referenced PR then?

dkirillov commented 2024-05-24 06:36:28 +00:00

Member

Copy link

Sure. ACL related code that mentioned in this issue will be dropped in #372

Sure. ACL related code that mentioned in this issue will be dropped in https://git.frostfs.info/TrueCloudLab/frostfs-s3-gw/issues/372

dkirillov closed this issue 2024-05-24 06:36:31 +00:00

alexvanin referenced this issue 2024-05-29 11:48:21 +00:00

WIP: [#681] acl: Prepare owner ID before processing #144

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

support/v0.32

support/v0.31

support/v0.30

support/v0.29

support/v0.28

support/v0.27

v0.32.3

v0.32.2

v0.32.1

v0.33.0-pre

v0.32.0

v0.31.3

v0.31.2

v0.30.9

v0.31.1

v0.31.0

v0.31.0-rc.6

v0.31.0-rc.5

v0.31.0-rc.4

v0.30.8

v0.31.0-rc.3

v0.30.7

v0.31.0-rc.2

v0.31.0-rc.1

v0.30.6

v0.30.5

v0.30.4

v0.30.3

v0.30.2

v0.30.1

v0.30.0

v0.29.3

v0.30.0-rc.5

v0.29.2

v0.30.0-rc.4

v0.30.0-rc.3

v0.30.0-rc.2

v0.29.1

v0.30.0-rc.1

v0.29.0

v0.28.2

v0.29.0-rc.11

v0.29.0-rc.10

v0.29.0-rc.9

v0.29.0-rc.8

v0.29.0-rc.7

v0.29.0-rc.6

v0.29.0-rc.5

v0.29.0-rc.4

v0.29.0-rc.3

v0.29.0-rc.2

v0.29.0-rc.1

v0.28.1

v0.28.0

v0.28.0-rc.1

v0.27.0

v0.27.0-rc.2

v0.27.0-rc.1

Labels

Clear labels   

P0

Highest

  

P1

High

  

P2

Medium

  

P3

Low

  

good first issue

Good for newcomers

  

Infrastructure

Infrastructure, Automation, CI/CD or DevOps related stuff

  

blocked

The issue or PR is blocked by something

  

bug

Something is not working

  

config

Configuration format update or breaking change

  

discussion

Talking about something in order to reach a decision or to exchange ideas

  

documentation

Documentation related

  

duplicate

This issue or pull request already exists

  

enhancement

New feature

  

go

Language features adoption

  

help wanted

Extra attention is needed

  

internal

  

invalid

Something is wrong

  

kludge

This is a kludge and we know it

  

observability

Related to metrics, tracing and logs

  

perfomance

Perfomance related

  

question

More information is needed

  

refactoring

Refactoring

  

wontfix

This won't be fixed

No labels

P0

P1

P2

P3

good first issue

Infrastructure

blocked

bug

config

discussion

documentation

duplicate

enhancement

go

help wanted

internal

invalid

kludge

observability

perfomance

question

refactoring

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

3 participants

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: TrueCloudLab/frostfs-s3-gw#52

No description provided.