github-actions[bot] commented on code in PR #64009:
URL: https://github.com/apache/doris/pull/64009#discussion_r3340408370
##########
fe/fe-filesystem/fe-filesystem-s3/src/main/java/org/apache/doris/filesystem/s3/S3FileSystem.java:
##########
@@ -934,6 +944,23 @@ public GlobListing globListWithLimit(Location path, String
startAfter, long maxB
String keyPattern = parsed.key();
String base = uriBase(uri, parsed);
+ boolean usePathStyle = ((S3ObjStorage) objStorage).isUsePathStyle();
+ if (!usePathStyle && (startAfter == null || startAfter.isEmpty()) &&
maxBytes <= 0 && maxFiles <= 0
+ && !containsRecursiveGlobMetachar(keyPattern)) {
+ try {
+ RemoteObject obj = objStorage.headObject(uri);
+ FileEntry file = new FileEntry(
Review Comment:
This `!usePathStyle` guard leaves path-style exact URLs on the ListObjectsV2
path, so the same permission regression still exists for `use_path_style=true`.
For example, `FILE`/S3 TVF already supports `http://endpoint/bucket/key` with
`use_path_style=true`; if those credentials can `HeadObject`/`GetObject` on
that exact key but do not have `ListBucket`, this condition skips the HEAD
branch and the code below issues `listObjectsV2`, failing with 403.
`S3Uri.parse(..., true)` and `S3ObjStorage.headObject()` already handle
path-style HTTP URLs, and `uriBase(uri, parsed) + obj.getKey()` reconstructs
`http://endpoint/bucket/key`, so the exact-path optimization should apply to
path-style too (with a unit/regression case updated accordingly).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
