Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Some clients (WinSCP, android mp3 player) do not work correctly #29

Open
BlaineEXE opened this issue Dec 7, 2023 · 1 comment
Open

Some clients (WinSCP, android mp3 player) do not work correctly #29

BlaineEXE opened this issue Dec 7, 2023 · 1 comment

Comments

@BlaineEXE
Copy link
Contributor

A user has reported this:

trying to use other apps like android s3 music player won't work because it tries to "list buckets" within the single bucket connection =(
context:
if I connect to the store without specifying a /bucket-name string after the subdomain.domain I get an error saying "Specify Target Bucket" at the WinSCP client (when trying to upload something)
at the same time there's no list of available buckets (even the 1 created with bucketClaim+bucketAccess combo)
so I rather connect using /bucket-name at the url (using folders settings in WinSCP) or the connection is credential-valid but not usable
finally more basic apps like the android mp3 player for s3 buckets will throw an error because it will stay in the same situation: trying to list buckets

This is the default set of allowed policy actions, which don't seem to be allowing clients to list their own buckets despite the ListAllMyBuckets permission being set:

ceph-cosi/pkg/util/s3client/policy.go

Lines 79 to 112 in fed3305

// AllowedActions is a lenient default list of actions
var AllowedActions = []action{
DeleteObject,
DeleteObjectVersion,
GetBucketAcl,
GetBucketCORS,
GetBucketLocation,
GetBucketLogging,
GetBucketNotification,
GetBucketTagging,
GetBucketVersioning,
GetBucketWebsite,
GetObject,
GetObjectAcl,
GetObjectTorrent,
GetObjectVersion,
GetObjectVersionAcl,
GetObjectVersionTorrent,
ListAllMyBuckets,
ListBucket,
ListBucketMultiPartUploads,
ListBucketVersions,
ListMultipartUploadParts,
PutBucketTagging,
PutBucketVersioning,
PutBucketWebsite,
PutBucketVersioning,
PutLifecycleConfiguration,
PutObject,
PutObjectAcl,
PutObjectVersionAcl,
PutReplicationConfiguration,
RestoreObject,
}

It's unclear to me exactly what the issue is. This could be a permissions issue from COSI, or perhaps these clients require vhost-style access. We are working on that in Rook here: rook/rook#13022
@BlaineEXE BlaineEXE changed the title clients should be able to list their own bucket Some clients (WinSCP, android mp3 player) do not work correctly Dec 7, 2023
@thotz
Copy link
Collaborator

thotz commented Dec 8, 2023

Can provide more details like URL they are trying to access, RGW pod logs preferably in debug level 20?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@thotz @BlaineEXE