Andrew Gaul created JCLOUDS-1644:
------------------------------------
Summary: Many AWS-S3 tests fail with
InvalidBucketAclWithObjectOwnership
Key: JCLOUDS-1644
URL: https://issues.apache.org/jira/browse/JCLOUDS-1644
Project: jclouds
Issue Type: Bug
Components: jclouds-blobstore
Affects Versions: 2.6.0
Reporter: Andrew Gaul
Assignee: Andrew Gaul
For example:
{noformat}
[ERROR] Run 1:
AWSS3ContainerLiveTest>S3ContainerLiveTest.testPublicAccess:37->BaseContainerLiveTest.testPublicAccess:58
» AWSResponse request PUT https://gaul-blobstore27.s3.amazonaws.com/ HTTP/1.1
failed with code 400, error: AWSError{requestId='RHBHN5VV7NCV10B2',
requestToken='RUCGbBq/rLtQjsfAPAYmm135BtNdK7tx3CNUBeNIimVTnI+MmFp7N/4EAx5CrJiYN6i9Yrn3iCwWXp1HZaqIHavG1lH5v8bF',
code='InvalidBucketAclWithObjectOwnership', message='Bucket cannot have ACLs
set with ObjectOwnership's BucketOwnerEnforced setting',
context='{HostId=RUCGbBq/rLtQjsfAPAYmm135BtNdK7tx3CNUBeNIimVTnI+MmFp7N/4EAx5CrJiYN6i9Yrn3iCwWXp1HZaqIHavG1lH5v8bF}'}
[ERROR] Run 1:
PathBasedContainerLiveTest>S3ContainerLiveTest.testPublicAccess:37->BaseContainerLiveTest.testPublicAccess:58
» AWSResponse request PUT https://s3.amazonaws.com/gaul-blobstore26 HTTP/1.1
failed with code 400, error: AWSError{requestId='RHBVRY3MTGDVF1P2',
requestToken='aqjj1W+CYVT5fKJaWx7NJ2TCPubOGu41rOQIjAawlqNS6dN4oEJZOcrOgPsnIxum2iDmUsn1D5c=',
code='InvalidBucketAclWithObjectOwnership', message='Bucket cannot have ACLs
set with ObjectOwnership's BucketOwnerEnforced setting',
context='{HostId=aqjj1W+CYVT5fKJaWx7NJ2TCPubOGu41rOQIjAawlqNS6dN4oEJZOcrOgPsnIxum2iDmUsn1D5c=}'}
[ERROR] Run 2: AWSBucketsLiveTest.testEu:56 » AWSResponse request PUT
https://gaul-blobstore37eu.s3.amazonaws.com/ HTTP/1.1 failed with code 400,
error: AWSError{requestId='312B9VAMV3WZJQP5',
requestToken='u5xu6Y9HV465H1nBmGdeT29fH8NjAM2Aq0UWX2e+6R6pysrUPqfWeGwQudCmBmvwQyLpd8hVm/I=',
code='InvalidBucketAclWithObjectOwnership', message='Bucket cannot have ACLs
set with ObjectOwnership's BucketOwnerEnforced setting',
context='{HostId=u5xu6Y9HV465H1nBmGdeT29fH8NjAM2Aq0UWX2e+6R6pysrUPqfWeGwQudCmBmvwQyLpd8hVm/I=}'}
[ERROR] Run 13:
AWSBucketsLiveTest>BucketsLiveTest.testPublicReadAccessPolicy:157 » AWSResponse
request PUT https://gaul-blobstore45.s3.amazonaws.com/ HTTP/1.1 failed with
code 400, error: AWSError{requestId='PDFRKWVBRBGYE1XF',
requestToken='OU9+Gi7E/XGheByhurnQZpn6D50tIZvJLjR5Jm06XkCbH1nKZauOOTHr1bfe5x40tyvODBtiRAe4d9vBiMiB5lGdQt89yOzO2txcJ1STplI=',
code='InvalidBucketAclWithObjectOwnership', message='Bucket cannot have ACLs
set with ObjectOwnership's BucketOwnerEnforced setting',
context='{HostId=OU9+Gi7E/XGheByhurnQZpn6D50tIZvJLjR5Jm06XkCbH1nKZauOOTHr1bfe5x40tyvODBtiRAe4d9vBiMiB5lGdQt89yOzO2txcJ1STplI=}'}
{noformat}
This is due to a security change that is intended to prevent public buckets
from leaking unintended blobs: https://stackoverflow.com/a/76102067/2800111
Fixing this for {{AWSS3BlobStore.createContainerInLocation}} and
{{AWSS3BlobStore.setContainerAccess}} is straightforward although the S3Client
tests call through a variety of paths which makes this hard to fully fix.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
