[
https://issues.apache.org/jira/browse/JCLOUDS-1644?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17915906#comment-17915906
]
ASF subversion and git services commented on JCLOUDS-1644:
----------------------------------------------------------
Commit 26338e30d7f61b599f9d240a4f49511c76b34e70 in jclouds's branch
refs/heads/master from Andrew Gaul
[ https://gitbox.apache.org/repos/asf?p=jclouds.git;h=26338e30d7 ]
JCLOUDS-1644: Create AWS S3 buckets with ownership and public access block
AWS changed the defaults when creating buckets to prevent public-read
and other canned ACLs. Background:
https://stackoverflow.com/a/76102067/2800111
> Many AWS-S3 tests fail with InvalidBucketAclWithObjectOwnership
> ---------------------------------------------------------------
>
> Key: JCLOUDS-1644
> URL: https://issues.apache.org/jira/browse/JCLOUDS-1644
> Project: jclouds
> Issue Type: Bug
> Components: jclouds-blobstore
> Affects Versions: 2.6.0
> Reporter: Andrew Gaul
> Assignee: Andrew Gaul
> Priority: Major
> Labels: aws-s3
> Fix For: 2.6.1
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> For example:
> {noformat}
> [ERROR] Run 1:
> AWSS3ContainerLiveTest>S3ContainerLiveTest.testPublicAccess:37->BaseContainerLiveTest.testPublicAccess:58
> » AWSResponse request PUT https://gaul-blobstore27.s3.amazonaws.com/
> HTTP/1.1 failed with code 400, error: AWSError{requestId='RHBHN5VV7NCV10B2',
> requestToken='RUCGbBq/rLtQjsfAPAYmm135BtNdK7tx3CNUBeNIimVTnI+MmFp7N/4EAx5CrJiYN6i9Yrn3iCwWXp1HZaqIHavG1lH5v8bF',
> code='InvalidBucketAclWithObjectOwnership', message='Bucket cannot have ACLs
> set with ObjectOwnership's BucketOwnerEnforced setting',
> context='{HostId=RUCGbBq/rLtQjsfAPAYmm135BtNdK7tx3CNUBeNIimVTnI+MmFp7N/4EAx5CrJiYN6i9Yrn3iCwWXp1HZaqIHavG1lH5v8bF}'}
> [ERROR] Run 1:
> PathBasedContainerLiveTest>S3ContainerLiveTest.testPublicAccess:37->BaseContainerLiveTest.testPublicAccess:58
> » AWSResponse request PUT https://s3.amazonaws.com/gaul-blobstore26 HTTP/1.1
> failed with code 400, error: AWSError{requestId='RHBVRY3MTGDVF1P2',
> requestToken='aqjj1W+CYVT5fKJaWx7NJ2TCPubOGu41rOQIjAawlqNS6dN4oEJZOcrOgPsnIxum2iDmUsn1D5c=',
> code='InvalidBucketAclWithObjectOwnership', message='Bucket cannot have ACLs
> set with ObjectOwnership's BucketOwnerEnforced setting',
> context='{HostId=aqjj1W+CYVT5fKJaWx7NJ2TCPubOGu41rOQIjAawlqNS6dN4oEJZOcrOgPsnIxum2iDmUsn1D5c=}'}
> [ERROR] Run 2: AWSBucketsLiveTest.testEu:56 » AWSResponse request PUT
> https://gaul-blobstore37eu.s3.amazonaws.com/ HTTP/1.1 failed with code 400,
> error: AWSError{requestId='312B9VAMV3WZJQP5',
> requestToken='u5xu6Y9HV465H1nBmGdeT29fH8NjAM2Aq0UWX2e+6R6pysrUPqfWeGwQudCmBmvwQyLpd8hVm/I=',
> code='InvalidBucketAclWithObjectOwnership', message='Bucket cannot have ACLs
> set with ObjectOwnership's BucketOwnerEnforced setting',
> context='{HostId=u5xu6Y9HV465H1nBmGdeT29fH8NjAM2Aq0UWX2e+6R6pysrUPqfWeGwQudCmBmvwQyLpd8hVm/I=}'}
> [ERROR] Run 13:
> AWSBucketsLiveTest>BucketsLiveTest.testPublicReadAccessPolicy:157 »
> AWSResponse request PUT https://gaul-blobstore45.s3.amazonaws.com/ HTTP/1.1
> failed with code 400, error: AWSError{requestId='PDFRKWVBRBGYE1XF',
> requestToken='OU9+Gi7E/XGheByhurnQZpn6D50tIZvJLjR5Jm06XkCbH1nKZauOOTHr1bfe5x40tyvODBtiRAe4d9vBiMiB5lGdQt89yOzO2txcJ1STplI=',
> code='InvalidBucketAclWithObjectOwnership', message='Bucket cannot have ACLs
> set with ObjectOwnership's BucketOwnerEnforced setting',
> context='{HostId=OU9+Gi7E/XGheByhurnQZpn6D50tIZvJLjR5Jm06XkCbH1nKZauOOTHr1bfe5x40tyvODBtiRAe4d9vBiMiB5lGdQt89yOzO2txcJ1STplI=}'}
> {noformat}
> This is due to a security change that is intended to prevent public buckets
> from leaking unintended blobs: https://stackoverflow.com/a/76102067/2800111
> Fixing this for {{AWSS3BlobStore.createContainerInLocation}} and
> {{AWSS3BlobStore.setContainerAccess}} is straightforward although the
> S3Client tests call through a variety of paths which makes this hard to fully
> fix.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
