Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

access to buckets owned by other users not possible with ceph radosgw #629

Closed
jrandall opened this issue Mar 22, 2017 · 0 comments
Closed

access to buckets owned by other users not possible with ceph radosgw #629

jrandall opened this issue Mar 22, 2017 · 0 comments
Labels
community

Comments

@jrandall
Copy link
Contributor

Using minio-go, I cannot access buckets owned by other users (with appropriate ACLs set) on a Ceph radosgw. It is expected that they cannot be listed, but testing for existence or accessing them by name should work.

I have identified the underlying issue and will submit a PR shortly.

The problem is that Ceph radosgw is not returning a <Message> in the AccessDenied error response, but processBucketLocationResponse is checking that an Access Denied string is contained in the message (https://github.com/minio/minio-go/blob/master/bucket-cache.go#L128).

An example error response I get during a BucketExists call on an accessible bucket owned by another user is:

<?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><BucketName>npg-cloud-realign-wip</BucketName><RequestId>tx0000000000000002b1dad-0058d25cfa-6ccee7-default</RequestId><HostId>6ccee7-default-default</HostId></Error>

Because <Message> is not included at all in the XML, it will be left at the nil value of "" in the errResp ErrorResponse structure. My PR will test for an empty Message and treat that the same way as a message containing the string "Access Denied".
jrandall pushed a commit to wtsi-hgi/minio-go that referenced this issue Mar 22, 2017
@wtsi-mercury
allow bucket location responses with AccessDenied code and empty Mess…
9df32d5 
…age to be treated as anonymous (fixes minio#629)
jrandall added a commit to wtsi-hgi/minio-go that referenced this issue Mar 22, 2017
@jrandall @wtsi-mercury
fix bucket location responses for ceph (fixes minio#629)
6733e1a
@jrandall jrandall mentioned this issue Mar 22, 2017
Merged
harshavardhana pushed a commit that referenced this issue Mar 31, 2017
@jrandall @harshavardhana
allow bucket location responses with empty Message (fixes #629) (#630)
cb0b183
@jrandall jrandall mentioned this issue Apr 18, 2017
Closed
This was referenced Jul 4, 2017
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
community
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jrandall @harshavardhana