Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: return default bucket acl if none exists #1067

Merged
merged 1 commit into from
Feb 13, 2025
Merged

fix: return default bucket acl if none exists #1067

merged 1 commit into from
Feb 13, 2025

Conversation

benmcclelland
Copy link
Member

We were trying to parse a non existing acl and returning an internal server error due to invalid json acl data.

If the bucket acl does not exist, return a default acl with the root account as the owner.

This fixes #1060, but does not address the invalid acl format from s3cmd reported in #963.

niksis02
niksis02 reviewed Feb 12, 2025
View reviewed changes
Copy link
Contributor

@niksis02 niksis02 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we really need to implement the GetRootAccount method in iam ?
If you store the root access key in fiber context it could be retreived in AclParser and passed to ParceACL function, which woulde handle the check for empty acl input and return the default ACL with root user access.

I think it makes sense to isolate this acl behavior in ParseACL in the AclParser middleware ?

@benmcclelland
Copy link
Member Author

benmcclelland commented Feb 12, 2025
edited
Loading

Do we really need to implement the GetRootAccount method in iam ? If you store the root access key in fiber context it could be retreived in AclParser and passed to ParceACL function, which woulde handle the check for empty acl input and return the default ACL with root user access.

I think it makes sense to isolate this acl behavior in ParseACL in the AclParser middleware ?

I'll take a look, I think I had some issue with only the iam service getting the root account details. Maybe we could pass this to the s3api too though.

@benmcclelland benmcclelland force-pushed the ben/default_bucket_acl branch 2 times, most recently from c1a7387 to 361a96a Compare February 13, 2025 00:34
@benmcclelland
fix: return default bucket acl if none exists
a3338db 
We were trying to parse a non existing acl and returning an
internal server error due to invalid json acl data.

If the bucket acl does not exist, return a default acl with the
root account as the owner.

This fixes #1060, but does not address the invalid acl format
from s3cmd reported in #963.
@benmcclelland benmcclelland merged commit f42c202 into main Feb 13, 2025
24 checks passed
@benmcclelland benmcclelland deleted the ben/default_bucket_acl branch February 13, 2025 22:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@niksis02 niksis02 niksis02 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Bug] - Unhandled server error while trying to perform setacl on bucket
2 participants
@benmcclelland @niksis02