Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot put object acl without a policy #1617

Closed
mkleint opened this issue Jan 31, 2024 · 5 comments
Closed

Cannot put object acl without a policy #1617

mkleint opened this issue Jan 31, 2024 · 5 comments
Assignees
@afranken
Labels
feature

Comments

@mkleint
Copy link

mkleint commented Jan 31, 2024

aws --profile okta s3api put-object-acl --acl "bucket-owner-full-control" --key "data.txt" --bucket video-nonprod --endpoint-url=http://localhost:9090 --debug
our code performs a java equivalent of the above. s3mock returns 400, I assume because the request body cannot be parsed, because we don't specify the policy
@afranken
Copy link
Member

afranken commented Feb 6, 2024
edited
Loading

@mkleint does the code above work against S3?

The API clearly states:


The request accepts the following data in XML format.

[AccessControlPolicy](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectAcl.html#API_PutObjectAcl_RequestSyntax)

    Root level tag for the AccessControlPolicy parameters.

    Required: Yes

https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectAcl.html

So the request should fail on S3 as well.

@afranken
Copy link
Member

afranken commented Feb 6, 2024

ah!
looking at the API again, it seems like you're specifying a "canned ACL":
https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#CannedACL
this is indeed currently not supported.

@afranken afranken self-assigned this Feb 6, 2024
@mkleint
Copy link
Author

mkleint commented Feb 7, 2024

The old code I'm migrating was using java aws client v2 with following code

                                for (val o : s3ObjectList.contents()) {
                                    // update object ACL
                                    s3.putObjectAcl(PutObjectAclRequest.builder()
                                            .bucket(bucket)
                                            .key(o.key())
                                            .acl("bucket-owner-full-control")
                                            .build());
                                }

I assume it works, as we running that in production. unfortunately that old code is not using s3mock in CI to test.

the new code we creating now is doing the same and I've tried to add component test to verify in CI. I've tried to create the aws cli equivalent to test against the s3mock and to report as issue. No idea if the java client is adding some kind of dummy request body or not.

@afranken afranken mentioned this issue Feb 23, 2024
Merged
2 tasks
@afranken
Copy link
Member

@mkleint I just released 3.5.1 that supports canned ACLs.

@mkleint
Copy link
Author

mkleint commented Feb 27, 2024

great, thank you. works perfectly now

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@afranken afranken

Labels
feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mkleint @afranken