-
Notifications
You must be signed in to change notification settings - Fork 15
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The GW responses with CreateBucket operation: Access Denied
when a user creates a bucket with enabled object-lock.
#772
Comments
CreateBucket operation: Access Denied
when a user creates bucket with enabled object-lock. CreateBucket operation: Access Denied
when a user creates a bucket with enabled object-lock.
The problem is connected to
We see the container was created successfully. But the extra request failed. {
"version": {
"major": 2,
"minor": 13
},
"containerID": null,
"records": [
{"operation": "GET", "action": "ALLOW", "filters": [], "targets": [{"role": "ROLE_UNSPECIFIED", "keys": ["Axx/h0oGcnwlvogMVqQJMTu9JydWIRUxp/ZtIUJnshom"]}]},
{"operation": "HEAD", "action": "ALLOW", "filters": [], "targets": [{"role": "ROLE_UNSPECIFIED", "keys": ["Axx/h0oGcnwlvogMVqQJMTu9JydWIRUxp/ZtIUJnshom"]}]},
{"operation": "PUT", "action": "ALLOW", "filters": [], "targets": [{"role": "ROLE_UNSPECIFIED", "keys": ["Axx/h0oGcnwlvogMVqQJMTu9JydWIRUxp/ZtIUJnshom"]}]},
{"operation": "DELETE", "action": "ALLOW", "filters": [], "targets": [{"role": "ROLE_UNSPECIFIED", "keys": ["Axx/h0oGcnwlvogMVqQJMTu9JydWIRUxp/ZtIUJnshom"]}]},
{"operation": "SEARCH", "action": "ALLOW", "filters": [], "targets": [{"role": "ROLE_UNSPECIFIED", "keys": ["Axx/h0oGcnwlvogMVqQJMTu9JydWIRUxp/ZtIUJnshom"]}]},
{"operation": "GETRANGE", "action": "ALLOW", "filters": [], "targets": [{"role": "ROLE_UNSPECIFIED", "keys": ["Axx/h0oGcnwlvogMVqQJMTu9JydWIRUxp/ZtIUJnshom"]}]},
{"operation": "GETRANGEHASH", "action": "ALLOW", "filters": [], "targets": [{"role": "ROLE_UNSPECIFIED", "keys": ["Axx/h0oGcnwlvogMVqQJMTu9JydWIRUxp/ZtIUJnshom"]}]},
{"operation": "GET", "action": "ALLOW", "filters": [], "targets": [{"role": "OTHERS", "keys": []}]},
{"operation": "HEAD", "action": "ALLOW", "filters": [], "targets": [{"role": "OTHERS", "keys": []}]},
{"operation": "PUT", "action": "ALLOW", "filters": [], "targets": [{"role": "OTHERS", "keys": []}]},
{"operation": "DELETE", "action": "ALLOW", "filters": [], "targets": [{"role": "OTHERS", "keys": []}]},
{"operation": "SEARCH", "action": "ALLOW", "filters": [], "targets": [{"role": "OTHERS", "keys": []}]},
{"operation": "GETRANGE", "action": "ALLOW", "filters": [], "targets": [{"role": "OTHERS", "keys": []}]},
{"operation": "GETRANGEHASH", "action": "ALLOW", "filters": [], "targets": [{"role": "OTHERS", "keys": []}]}
]
} Also even without
Bearer token, used to checking: {
"records": [
{"operation": "PUT", "action": "ALLOW", "filters": [], "targets": [{"role": "OTHERS", "keys": []}]},
{"operation": "GET", "action": "ALLOW", "filters": [], "targets": [{"role": "OTHERS", "keys": []}]},
{"operation": "HEAD", "action": "ALLOW", "filters": [], "targets": [{"role": "OTHERS", "keys": []}]},
{"operation": "DELETE", "action": "ALLOW", "filters": [], "targets": [{"role": "OTHERS", "keys": []}]},
{"operation": "SEARCH", "action": "ALLOW", "filters": [], "targets": [{"role": "OTHERS", "keys": []}]},
{"operation": "GETRANGE", "action": "ALLOW", "filters": [], "targets": [{"role": "OTHERS", "keys": []}]},
{"operation": "GETRANGEHASH", "action": "ALLOW", "filters": [], "targets": [{"role": "OTHERS", "keys": []}]}
]
} |
i noticed one mistake in the code neofs-s3-gw/internal/neofs/tree.go Lines 1253 to 1260 in 62d96af
and it will work incorrectly for the error mentioned by @smallhive
|
Clarify which waller should be used in some situations. close #772 Signed-off-by: Evgenii Baidakov <[email protected]>
After another iteration and correct wallet/secret generation, looks like the problem is not reproducing. A bucket is created successfully with `--object-lock-enabled-for-bucket` flag and without it. Also, upload/download files work properly without errors. According to this, updated documentation to clarify which wallet should be used in each situation close #772
Oh, I get it. Parameter
--object-lock-enabled-for-bucket
caused receiving ofAccessDenied
.But this response still seems confusing.
Originally posted by @masterSplinter01 in nspcc-dev/neofs-testcases#521 (comment)
The text was updated successfully, but these errors were encountered: