Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

test_object_actions sometimes fails with AccessDenied on the put-object op #10982

Open
sagihirshfeld opened this issue Dec 4, 2024 · 0 comments
Open

test_object_actions sometimes fails with AccessDenied on the put-object op #10982

sagihirshfeld opened this issue Dec 4, 2024 · 0 comments
Assignees
@ypersky1980
Labels
good first issue Good for newcomers MCG Multi Cloud Gateway / NooBaa related issues Squad/Red

Comments

@sagihirshfeld
Copy link
Contributor

sagihirshfeld commented Dec 4, 2024
edited
Loading

In this test we're setting a bucket policy that is equivalent to the following:

$ my_s3api_alias put-bucket-policy --bucket "$BUCKET" --policy '{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Deny",
            "Action": [
                "s3:GetObject",
                "s3:DeleteObject"
            ],
            "Principal": {
                "AWS": "[email protected]"
            },
            "Resource": "arn:aws:s3:::'"$BUCKET"'/*"
        }
    ]
}'

Although this operation only restricts the OBC's user from the GetObject and Delete Object ops, its PutObject operation fails about 60 seconds after applying it even though it should have that access by default.

The hit ratio on this is pretty rare (about 5%), so it might be a timing issue due to automation. Further investigation is needed to determine whether it's a bug.

RP links:
@sagihirshfeld sagihirshfeld added MCG Multi Cloud Gateway / NooBaa related issues Squad/Red labels Dec 4, 2024
@sagihirshfeld sagihirshfeld added the good first issue Good for newcomers label Dec 4, 2024
@sagihirshfeld sagihirshfeld changed the title test_object_actions sometimes fails with AccessDenied on the put-object op test_object_actions sometimes fails with AccessDenied on the put-object op Dec 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ypersky1980 ypersky1980

Labels
good first issue Good for newcomers MCG Multi Cloud Gateway / NooBaa related issues Squad/Red
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sagihirshfeld @ypersky1980