-
Notifications
You must be signed in to change notification settings - Fork 15
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GetObject: can't get object under not owner user even when correct ACL were set #902
Comments
The problem exists and it is interesting place - reading data from tree service. Right now I'm not sure what the problem can be with access and who got the error - requesting user in tree service or tree service from neofs RPC
|
Refs #863. |
I need an assistance for the issue. There is a log from the gate output for the test. For me, EACL looks pretty good for successful object get, but the tree service has another opinion about this. The user with pub key Code with log changes
|
|
Tree service request is created by the gateway, so all ACLs go south immediately and we don't want to fix this. |
We're likely to have a similar problem with nspcc-dev/neofs-node#2878 anyway. HEADs are required for proper meta processing and S3 gateways need to have access to this data. Potential solutions:
|
Same thing happens to presigned URLs (#1046 or aws-cli-generated). |
After some checking of 0.21.1 code I'd say we want to migrate back to that version of |
test_object_copy_not_owned_object_bucket
Create bucket
Put object
Put object acl to allow access from a different user
Put bucket acl to allow access from a different user
Try to get object - access denied
Seems like object ACL was not set correctly, this is a response after we set the ACL and received 200 from it:
This is a response from the bucket acl:
The text was updated successfully, but these errors were encountered: