nspcc-dev/neofs-s3-gw
1
0
Fork 0
mirror of https://github.com/nspcc-dev/neofs-s3-gw.git synced 2026-03-01 04:29:15 +00:00
Code Issues 24 Projects Packages Wiki Activity

s3-gateway doesn't work correctly with containers created from neo-cli #332

New issue
Closed
opened 2025-12-28 17:37:01 +00:00 by sami · 10 comments
sami commented 2025-12-28 17:37:01 +00:00
Owner
Copy link

Originally created by @anikeev-yadro on GitHub (Sep 6, 2022).

Originally assigned to: @KirillovDenis on GitHub.

Steps to reproduce:

1.Create container

anikeev@NB-1670:~/neofs$ sudo ./neofs-cli --rpc-endpoint 172.26.160.212:8080 --wallet wallet.json container create --name f_test_1 --policy "REP 2 IN X CBF 1 SELECT 4 FROM * AS X" --await
Enter password >
container ID: BhtWQfs3R6vgakEhbtRYvqsTXswMfaV6gGWJbECJQ5vd
awaiting...
container has been persisted on sidechain
  1. See it from s3
PS C:\TEMP> aws --no-verify-ssl s3api list-buckets  --endpoint-url http://172.26.160.212:8084
{
    "Buckets": [
            "Name": "f_test_1",
            "CreationDate": "2022-09-06T10:56:03+00:00"
        },
    ],
    "Owner": {
        "DisplayName": "NS9iuCpxq8VzpKWLSwceguV5pz2YAYtG6M",
        "ID": "NS9iuCpxq8VzpKWLSwceguV5pz2YAYtG6M"
    }
}
  1. But we cannot do anything with it:
PS C:\TEMP> aws --no-verify-ssl s3api list-objects --bucket f_test_1 --endpoint-url http://172.26.160.212:8084
An error occurred (InternalError) when calling the ListObjects operation (reached max retries: 2): failed to get sub tree: rpc error: code = Unknown desc = database not open

PS C:\TEMP> aws --no-verify-ssl s3api put-object --bucket f_test_1 --key obj20 --body c:\TEMP\AWSCLIV2-download-p1.msi --endpoint-url http://172.26.160.212:8084
An error occurred (NoSuchBucket) when calling the PutObject operation: The specified bucket does not exist

PS C:\TEMP> aws --no-verify-ssl s3api head-bucket --bucket f_test_1 --endpoint-url http://172.26.160.212:8084
An error occurred (404) when calling the HeadBucket operation: Not Found

Errors in logs:

сен 06 11:21:59 az neofs-s3-gw[647]: 2022-09-06T11:21:59.228Z        debug        layer/layer.go:371        bucket not found        {"error": "failed resolve: couldn't resolve container 'f_test_1': NNS contract fault exception: at instruction 5469 (THROW): unhandled exception: \"invalid domain name format\""}
сен 06 11:21:59 az neofs-s3-gw[647]: 2022-09-06T11:21:59.229Z        error        handler/util.go:25        could not get bucket info        {"request_id": "d93cc854-be60-4dc2-a2fd-cb87ce8ffb2d", "method": "GetBucketACL", "bucket_name": "f_test_1", "object_name": "", "error": "NoSuchBucket: 404 => The specified bucket does not exist"}
сен 06 11:21:59 az neofs-s3-gw[647]: 2022-09-06T11:21:59.229Z        error        api/router.go:158        something went wrong        {"status": 404, "request_id": "d93cc854-be60-4dc2-a2fd-cb87ce8ffb2d", "method": "GetBucketACL", "description": "Not Found"}
  1. Try to use CID instead of bucket name:
PS C:\TEMP> aws --no-verify-ssl s3api get-bucket-acl --bucket BhtWQfs3R6vgakEhbtRYvqsTXswMfaV6gGWJbECJQ5vd --endpoint-url http://172.26.160.212:8084
An error occurred (InternalError) when calling the GetBucketAcl operation (reached max retries: 2): get container eacl: read eACL via connection pool: get eacl on client: status: code = 3073 message = eACL not found

Errors in logs:

сен 06 12:09:31 az neofs-s3-gw[647]: 2022-09-06T12:09:31.408Z        error        handler/util.go:25        could not fetch bucket acl        {"request_id": "1ac48a5d-544a-4217-9751-6d52d0903663", "method": "GetBucketACL", "bucket_name": "BhtWQfs3R6vgakEhbtRYvqsTXswMfaV6gGWJbECJQ5vd", "object_name": "", "error": "get container eacl: read eACL via connection pool: get eacl on client: status: code = 3073 message = eACL not found"}
сен 06 12:09:31 az neofs-s3-gw[647]: 2022-09-06T12:09:31.408Z        error        api/router.go:158        something went wrong        {"status": 500, "request_id": "1ac48a5d-544a-4217-9751-6d52d0903663", "method": "GetBucketACL", "description": "Internal Server Error"}
сен 06 12:09:31 az neofs-s3-gw[647]: 2022-09-06T12:09:31.858Z        error        handler/util.go:25        could not fetch bucket acl        {"request_id": "2398ac88-567e-4aec-a593-c95115c9e15f", "method": "GetBucketACL", "bucket_name": "BhtWQfs3R6vgakEhbtRYvqsTXswMfaV6gGWJbECJQ5vd", "object_name": "", "error": "get container eacl: read eACL via connection pool: get eacl on client: status: code = 3073 message = eACL not found"}
сен 06 12:09:31 az neofs-s3-gw[647]: 2022-09-06T12:09:31.858Z        error        api/router.go:158        something went wrong        {"status": 500, "request_id": "2398ac88-567e-4aec-a593-c95115c9e15f", "method": "GetBucketACL", "description": "Internal Server Error"}
сен 06 12:09:32 az neofs-s3-gw[647]: 2022-09-06T12:09:32.036Z        error        handler/util.go:25        could not fetch bucket acl        {"request_id": "8fb5445f-4223-44f4-8c49-9ad02a2f072e", "method": "GetBucketACL", "bucket_name": "BhtWQfs3R6vgakEhbtRYvqsTXswMfaV6gGWJbECJQ5vd", "object_name": "", "error": "get container eacl: read eACL via connection pool: get eacl on client: status: code = 3073 message = eACL not found"}
сен 06 12:09:32 az neofs-s3-gw[647]: 2022-09-06T12:09:32.036Z        error        api/router.go:158        something went wrong        {"status": 500, "request_id": "8fb5445f-4223-44f4-8c49-9ad02a2f072e", "method": "GetBucketACL", "description": "Internal Server Error"}
  1. Another try to use CID instead of bucket name:
PS C:\TEMP> aws --no-verify-ssl s3api head-bucket --bucket BhtWQfs3R6vgakEhbtRYvqsTXswMfaV6gGWJbECJQ5vd --endpoint-url http://172.26.160.212:8084
PS C:\TEMP> aws --no-verify-ssl s3api put-object --bucket BhtWQfs3R6vgakEhbtRYvqsTXswMfaV6gGWJbECJQ5vd --key obj20 --body c:\TEMP\AWSCLIV2-download-p1.msi --endpoint-url http://172.26.160.212:8084
An error occurred (InternalError) when calling the PutObject operation (reached max retries: 2): couldn't get node: couldn't get nodes: failed to get node path: rpc error: code = Unknown desc = database not open

Product versions:

s3 gateway
Version: v0.23.0-60-g272c485
GoVersion: go1.18.4

NeoFS Storage node
Version: v0.31.0-66-gd8a00c36
GoVersion: go1.18.4

NeoGo
Version: 0.99.2-2-g536303ef
GoVersion: go1.18.4

s3 gateway config:

default_policy: REP 1 IN X CBF 1 SELECT 1 FROM * AS X
listen_address: 0.0.0.0:8084
logger:
  level: debug
max_clients_count: 600
max_clients_deadline: 60s
peers:
  '0':
    address: node1.neofs:8080
    priority: '1'
    weight: '1'
  '1':
    address: node2.neofs:8080
    priority: '2'
    weight: '0.25'
  '2':
    address: node3.neofs:8080
    priority: '2'
    weight: '0.25'
  '3':
    address: node4.neofs:8080
    priority: '2'
    weight: '0.25'
pool_error_threshold: 100
pprof:
  address: localhost:8085
  enabled: true
prometheus:
  address: localhost:8086
  enabled: true
resolve_order:
- nns
rpc_endpoint: http://node1.neofs:40332
tree:
  service: 172.26.160.212:8080
wallet:
  address: ''
  passphrase: ''
  path: /etc/neofs/s3/wallet.json
Originally created by @anikeev-yadro on GitHub (Sep 6, 2022). Originally assigned to: @KirillovDenis on GitHub. **Steps to reproduce:** 1.Create container ``` anikeev@NB-1670:~/neofs$ sudo ./neofs-cli --rpc-endpoint 172.26.160.212:8080 --wallet wallet.json container create --name f_test_1 --policy "REP 2 IN X CBF 1 SELECT 4 FROM * AS X" --await Enter password > container ID: BhtWQfs3R6vgakEhbtRYvqsTXswMfaV6gGWJbECJQ5vd awaiting... container has been persisted on sidechain ``` 2. See it from s3 ``` PS C:\TEMP> aws --no-verify-ssl s3api list-buckets --endpoint-url http://172.26.160.212:8084 { "Buckets": [ "Name": "f_test_1", "CreationDate": "2022-09-06T10:56:03+00:00" }, ], "Owner": { "DisplayName": "NS9iuCpxq8VzpKWLSwceguV5pz2YAYtG6M", "ID": "NS9iuCpxq8VzpKWLSwceguV5pz2YAYtG6M" } } ``` 3. But we cannot do anything with it: ``` PS C:\TEMP> aws --no-verify-ssl s3api list-objects --bucket f_test_1 --endpoint-url http://172.26.160.212:8084 An error occurred (InternalError) when calling the ListObjects operation (reached max retries: 2): failed to get sub tree: rpc error: code = Unknown desc = database not open PS C:\TEMP> aws --no-verify-ssl s3api put-object --bucket f_test_1 --key obj20 --body c:\TEMP\AWSCLIV2-download-p1.msi --endpoint-url http://172.26.160.212:8084 An error occurred (NoSuchBucket) when calling the PutObject operation: The specified bucket does not exist PS C:\TEMP> aws --no-verify-ssl s3api head-bucket --bucket f_test_1 --endpoint-url http://172.26.160.212:8084 An error occurred (404) when calling the HeadBucket operation: Not Found ``` **Errors in logs:** ``` сен 06 11:21:59 az neofs-s3-gw[647]: 2022-09-06T11:21:59.228Z debug layer/layer.go:371 bucket not found {"error": "failed resolve: couldn't resolve container 'f_test_1': NNS contract fault exception: at instruction 5469 (THROW): unhandled exception: \"invalid domain name format\""} сен 06 11:21:59 az neofs-s3-gw[647]: 2022-09-06T11:21:59.229Z error handler/util.go:25 could not get bucket info {"request_id": "d93cc854-be60-4dc2-a2fd-cb87ce8ffb2d", "method": "GetBucketACL", "bucket_name": "f_test_1", "object_name": "", "error": "NoSuchBucket: 404 => The specified bucket does not exist"} сен 06 11:21:59 az neofs-s3-gw[647]: 2022-09-06T11:21:59.229Z error api/router.go:158 something went wrong {"status": 404, "request_id": "d93cc854-be60-4dc2-a2fd-cb87ce8ffb2d", "method": "GetBucketACL", "description": "Not Found"} ``` 4. Try to use CID instead of bucket name: ``` PS C:\TEMP> aws --no-verify-ssl s3api get-bucket-acl --bucket BhtWQfs3R6vgakEhbtRYvqsTXswMfaV6gGWJbECJQ5vd --endpoint-url http://172.26.160.212:8084 An error occurred (InternalError) when calling the GetBucketAcl operation (reached max retries: 2): get container eacl: read eACL via connection pool: get eacl on client: status: code = 3073 message = eACL not found ``` **Errors in logs:** ``` сен 06 12:09:31 az neofs-s3-gw[647]: 2022-09-06T12:09:31.408Z error handler/util.go:25 could not fetch bucket acl {"request_id": "1ac48a5d-544a-4217-9751-6d52d0903663", "method": "GetBucketACL", "bucket_name": "BhtWQfs3R6vgakEhbtRYvqsTXswMfaV6gGWJbECJQ5vd", "object_name": "", "error": "get container eacl: read eACL via connection pool: get eacl on client: status: code = 3073 message = eACL not found"} сен 06 12:09:31 az neofs-s3-gw[647]: 2022-09-06T12:09:31.408Z error api/router.go:158 something went wrong {"status": 500, "request_id": "1ac48a5d-544a-4217-9751-6d52d0903663", "method": "GetBucketACL", "description": "Internal Server Error"} сен 06 12:09:31 az neofs-s3-gw[647]: 2022-09-06T12:09:31.858Z error handler/util.go:25 could not fetch bucket acl {"request_id": "2398ac88-567e-4aec-a593-c95115c9e15f", "method": "GetBucketACL", "bucket_name": "BhtWQfs3R6vgakEhbtRYvqsTXswMfaV6gGWJbECJQ5vd", "object_name": "", "error": "get container eacl: read eACL via connection pool: get eacl on client: status: code = 3073 message = eACL not found"} сен 06 12:09:31 az neofs-s3-gw[647]: 2022-09-06T12:09:31.858Z error api/router.go:158 something went wrong {"status": 500, "request_id": "2398ac88-567e-4aec-a593-c95115c9e15f", "method": "GetBucketACL", "description": "Internal Server Error"} сен 06 12:09:32 az neofs-s3-gw[647]: 2022-09-06T12:09:32.036Z error handler/util.go:25 could not fetch bucket acl {"request_id": "8fb5445f-4223-44f4-8c49-9ad02a2f072e", "method": "GetBucketACL", "bucket_name": "BhtWQfs3R6vgakEhbtRYvqsTXswMfaV6gGWJbECJQ5vd", "object_name": "", "error": "get container eacl: read eACL via connection pool: get eacl on client: status: code = 3073 message = eACL not found"} сен 06 12:09:32 az neofs-s3-gw[647]: 2022-09-06T12:09:32.036Z error api/router.go:158 something went wrong {"status": 500, "request_id": "8fb5445f-4223-44f4-8c49-9ad02a2f072e", "method": "GetBucketACL", "description": "Internal Server Error"} ``` 5. Another try to use CID instead of bucket name: ``` PS C:\TEMP> aws --no-verify-ssl s3api head-bucket --bucket BhtWQfs3R6vgakEhbtRYvqsTXswMfaV6gGWJbECJQ5vd --endpoint-url http://172.26.160.212:8084 PS C:\TEMP> aws --no-verify-ssl s3api put-object --bucket BhtWQfs3R6vgakEhbtRYvqsTXswMfaV6gGWJbECJQ5vd --key obj20 --body c:\TEMP\AWSCLIV2-download-p1.msi --endpoint-url http://172.26.160.212:8084 An error occurred (InternalError) when calling the PutObject operation (reached max retries: 2): couldn't get node: couldn't get nodes: failed to get node path: rpc error: code = Unknown desc = database not open ``` **Product versions:** ``` s3 gateway Version: v0.23.0-60-g272c485 GoVersion: go1.18.4 NeoFS Storage node Version: v0.31.0-66-gd8a00c36 GoVersion: go1.18.4 NeoGo Version: 0.99.2-2-g536303ef GoVersion: go1.18.4 ``` **s3 gateway config:** ``` default_policy: REP 1 IN X CBF 1 SELECT 1 FROM * AS X listen_address: 0.0.0.0:8084 logger: level: debug max_clients_count: 600 max_clients_deadline: 60s peers: '0': address: node1.neofs:8080 priority: '1' weight: '1' '1': address: node2.neofs:8080 priority: '2' weight: '0.25' '2': address: node3.neofs:8080 priority: '2' weight: '0.25' '3': address: node4.neofs:8080 priority: '2' weight: '0.25' pool_error_threshold: 100 pprof: address: localhost:8085 enabled: true prometheus: address: localhost:8086 enabled: true resolve_order: - nns rpc_endpoint: http://node1.neofs:40332 tree: service: 172.26.160.212:8080 wallet: address: '' passphrase: '' path: /etc/neofs/s3/wallet.json ```
sami 2025-12-28 17:37:01 +00:00
sami commented 2025-12-28 17:37:02 +00:00
Author
Owner
Copy link

@KirillovDenis commented on GitHub (Sep 6, 2022):

We should check this after https://github.com/nspcc-dev/neofs-node/pull/1753 and https://github.com/nspcc-dev/neofs-s3-gw/pull/698. These PRs should solve some problems (e.g. rpc error: code = Unknown desc = database not open).

But additionally we need use here __NEOFS__NAME attribute to get name and use CID if such attribute is missed.
Also we need properly handle eACL not found error and return some default bucket acl on get-bucket-acl in such cases.

@KirillovDenis commented on GitHub (Sep 6, 2022): We should check this after https://github.com/nspcc-dev/neofs-node/pull/1753 and https://github.com/nspcc-dev/neofs-s3-gw/pull/698. These PRs should solve some problems (e.g. rpc error: code = Unknown desc = database not open). But additionally we need use [here](https://github.com/nspcc-dev/neofs-s3-gw/blob/05d09b3a12163d39ede46c380e853416a1ce747a/api/layer/container.go#L58) `__NEOFS__NAME` attribute to get name and use `CID` if such attribute is missed. Also we need properly handle `eACL not found` error and return some default bucket acl on `get-bucket-acl` in such cases.
sami commented 2025-12-28 17:37:02 +00:00
Author
Owner
Copy link

@alexvanin commented on GitHub (Sep 8, 2022):

Also it seems that created container is private. S3 gateway can't operate with private containers in any way. Try to create at least public-read or even public-read-write container.

./neofs-cli --rpc-endpoint [..] --wallet [..] container create --name f_test_1 --policy [..] --basic-acl 'public-read-write' --await

S3 Gateway creates eacl-public-read-write containers and manage access control by setting proper extended ACL.

@alexvanin commented on GitHub (Sep 8, 2022): Also it seems that created container is private. S3 gateway can't operate with private containers in any way. Try to create at least `public-read` or even `public-read-write` container. ``` ./neofs-cli --rpc-endpoint [..] --wallet [..] container create --name f_test_1 --policy [..] --basic-acl 'public-read-write' --await ``` S3 Gateway creates `eacl-public-read-write` containers and manage access control by setting proper extended ACL.
sami commented 2025-12-28 17:37:02 +00:00
Author
Owner
Copy link

@alexvanin commented on GitHub (Sep 15, 2022):

Possible UX improvement:

  • do not list containers that can't be searched
  • show all containers but provide better error message if container can't be listed or even wasn't created by S3 GW.
@alexvanin commented on GitHub (Sep 15, 2022): Possible UX improvement: - do not list containers that can't be searched - show all containers but provide better error message if container can't be listed or even wasn't created by S3 GW.
sami commented 2025-12-28 17:37:02 +00:00
Author
Owner
Copy link

@alexvanin commented on GitHub (Sep 19, 2022):

Can you look at it once again? @anikeev-yadro

@alexvanin commented on GitHub (Sep 19, 2022): Can you look at it once again? @anikeev-yadro
sami commented 2025-12-28 17:37:02 +00:00
Author
Owner
Copy link

@anikeev-yadro commented on GitHub (Sep 20, 2022):

On the following versions I don't see the DB open errors:

NeoFS S3 Gateway
Version: v0.23.0-73-g67b01a30
GoVersion: go1.18.4

NeoFS Storage node
Version: v0.31.0-130-g4083a626
GoVersion: go1.18.4

Howewer command put-object can use bucket name, but other commands like head-bucket and list-objects cannot.
I think we need to fix it because all commands should have the same bahavior.

PS C:\Users\a.anikeev>  aws --no-verify-ssl s3api list-objects --bucket f_test_1 --endpoint-url http://172.26.160.245:8084
PS C:\Users\a.anikeev> aws --no-verify-ssl s3api put-object --bucket f_test_1 --key obj20 --body c:\TEMP\AWSCLIV2-download-p1.msi --endpoint-url http://172.26.160.245:8084
{
    "ETag": "54631d1173147c13e3c3c970ab19a449de07714ae6d1ec6f38a85bebdbf4f487"
}

PS C:\Users\a.anikeev> aws --no-verify-ssl s3api head-bucket --bucket f_test_1 --endpoint-url http://172.26.160.245:8084
An error occurred (404) when calling the HeadBucket operation: Not Found

PS C:\Users\a.anikeev> aws --no-verify-ssl s3api head-bucket --bucket dFWSxkLPkpj3CKy3hhuKPpFydjGbrRwoiE7j1uPVfwx --endpoint-url http://172.26.160.245:8084

PS C:\Users\a.anikeev>  aws --no-verify-ssl s3api list-objects --bucket f_test_1 --endpoint-url http://172.26.160.245:8084
An error occurred (NoSuchBucket) when calling the ListObjects operation: The specified bucket does not exist

PS C:\Users\a.anikeev>  aws --no-verify-ssl s3api list-objects --bucket 4e5BbEkH3C3ksuXr2YN4VjBCnFEga1zXvPFj75uyKR25 --endpoint-url http://172.26.160.245:8084
{
    "Contents": [
        {
            "Key": "obj20",
            "LastModified": "2022-09-20T06:34:47+00:00",
            "ETag": "54631d1173147c13e3c3c970ab19a449de07714ae6d1ec6f38a85bebdbf4f487",
            "Size": 10000001,
            "Owner": {
                "DisplayName": "NS9iuCpxq8VzpKWLSwceguV5pz2YAYtG6M",
                "ID": "NS9iuCpxq8VzpKWLSwceguV5pz2YAYtG6M"
            }
        }
    ]
}

PS C:\Users\a.anikeev>  aws --no-verify-ssl s3api head-object --bucket f_test_1 --key obj20 --endpoint-url http://172.26.160.245:8084
An error occurred (404) when calling the HeadObject operation: Not Found

PS C:\Users\a.anikeev>  aws --no-verify-ssl s3api head-object --bucket 4e5BbEkH3C3ksuXr2YN4VjBCnFEga1zXvPFj75uyKR25 --key obj20 --endpoint-url http://172.26.160.245:8084
{
    "LastModified": "2022-09-20T06:34:47+00:00",
    "ContentLength": 10000001,
    "ETag": "54631d1173147c13e3c3c970ab19a449de07714ae6d1ec6f38a85bebdbf4f487",
    "ContentType": "application/octet-stream",
    "Metadata": {}
}
@anikeev-yadro commented on GitHub (Sep 20, 2022): On the following versions I don't see the DB open errors: ``` NeoFS S3 Gateway Version: v0.23.0-73-g67b01a30 GoVersion: go1.18.4 NeoFS Storage node Version: v0.31.0-130-g4083a626 GoVersion: go1.18.4 ``` Howewer command ```put-object``` can use bucket name, but other commands like ```head-bucket``` and ```list-objects``` cannot. I think we need to fix it because all commands should have the same bahavior. ``` PS C:\Users\a.anikeev> aws --no-verify-ssl s3api list-objects --bucket f_test_1 --endpoint-url http://172.26.160.245:8084 PS C:\Users\a.anikeev> aws --no-verify-ssl s3api put-object --bucket f_test_1 --key obj20 --body c:\TEMP\AWSCLIV2-download-p1.msi --endpoint-url http://172.26.160.245:8084 { "ETag": "54631d1173147c13e3c3c970ab19a449de07714ae6d1ec6f38a85bebdbf4f487" } PS C:\Users\a.anikeev> aws --no-verify-ssl s3api head-bucket --bucket f_test_1 --endpoint-url http://172.26.160.245:8084 An error occurred (404) when calling the HeadBucket operation: Not Found PS C:\Users\a.anikeev> aws --no-verify-ssl s3api head-bucket --bucket dFWSxkLPkpj3CKy3hhuKPpFydjGbrRwoiE7j1uPVfwx --endpoint-url http://172.26.160.245:8084 PS C:\Users\a.anikeev> aws --no-verify-ssl s3api list-objects --bucket f_test_1 --endpoint-url http://172.26.160.245:8084 An error occurred (NoSuchBucket) when calling the ListObjects operation: The specified bucket does not exist PS C:\Users\a.anikeev> aws --no-verify-ssl s3api list-objects --bucket 4e5BbEkH3C3ksuXr2YN4VjBCnFEga1zXvPFj75uyKR25 --endpoint-url http://172.26.160.245:8084 { "Contents": [ { "Key": "obj20", "LastModified": "2022-09-20T06:34:47+00:00", "ETag": "54631d1173147c13e3c3c970ab19a449de07714ae6d1ec6f38a85bebdbf4f487", "Size": 10000001, "Owner": { "DisplayName": "NS9iuCpxq8VzpKWLSwceguV5pz2YAYtG6M", "ID": "NS9iuCpxq8VzpKWLSwceguV5pz2YAYtG6M" } } ] } PS C:\Users\a.anikeev> aws --no-verify-ssl s3api head-object --bucket f_test_1 --key obj20 --endpoint-url http://172.26.160.245:8084 An error occurred (404) when calling the HeadObject operation: Not Found PS C:\Users\a.anikeev> aws --no-verify-ssl s3api head-object --bucket 4e5BbEkH3C3ksuXr2YN4VjBCnFEga1zXvPFj75uyKR25 --key obj20 --endpoint-url http://172.26.160.245:8084 { "LastModified": "2022-09-20T06:34:47+00:00", "ContentLength": 10000001, "ETag": "54631d1173147c13e3c3c970ab19a449de07714ae6d1ec6f38a85bebdbf4f487", "ContentType": "application/octet-stream", "Metadata": {} } ```
sami commented 2025-12-28 17:37:02 +00:00
Author
Owner
Copy link

@KirillovDenis commented on GitHub (Sep 23, 2022):

Howewer command put-object can use bucket name, but other commands like head-bucket and list-objects cannot.

It's strange. Because on the same version of neofs-s3-gw:

$ ./bin/neofs-s3-gw --version
NeoFS S3 Gateway
Version: v0.23.0-73-g67b01a30
GoVersion: go1.19

I didn't get any error:

$ neofs-cli -r "${DEV_ENV_NODE}" -w "${DEV_ENV_WALLET}" \
 container create  --policy "REP 1 IN X CBF 1 SELECT 1 FROM * AS X" --basic-acl eacl-public-read-write --await \
  --name cnr1 --attributes __NEOFS__NAME=cnr1,__NEOFS__ZONE=container
Enter password > 
container ID: 2pdNR2E2aHNdgibQqJZU6Zr1Kgk1QkubndZoxu9gTZVR
awaiting...
container has been persisted on sidechain

$ aws s3api --endpoint http://localhost:8084 head-bucket --bucket cnr1 

$ aws s3api --endpoint http://localhost:8084 head-bucket --bucket 2pdNR2E2aHNdgibQqJZU6Zr1Kgk1QkubndZoxu9gTZVR

$ aws s3api --endpoint http://localhost:8084 put-object --bucket cnr1 --key obj
{
    "ETag": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
}

$ aws s3api --endpoint http://localhost:8084 list-objects --bucket cnr1
{
    "Contents": [
        {
            "Key": "obj",
            "LastModified": "2022-09-23T12:41:34+00:00",
            "ETag": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
            "Size": 0,
            "Owner": {
                "DisplayName": "NbUgTSFvPmsRxmGeWpuuGeJUoRoi6PErcM",
                "ID": "NbUgTSFvPmsRxmGeWpuuGeJUoRoi6PErcM"
            }
        }
    ]
}
@KirillovDenis commented on GitHub (Sep 23, 2022): > Howewer command put-object can use bucket name, but other commands like head-bucket and list-objects cannot. It's strange. Because on the same version of `neofs-s3-gw`: ```shell $ ./bin/neofs-s3-gw --version NeoFS S3 Gateway Version: v0.23.0-73-g67b01a30 GoVersion: go1.19 ``` I didn't get any error: ```shell $ neofs-cli -r "${DEV_ENV_NODE}" -w "${DEV_ENV_WALLET}" \ container create --policy "REP 1 IN X CBF 1 SELECT 1 FROM * AS X" --basic-acl eacl-public-read-write --await \ --name cnr1 --attributes __NEOFS__NAME=cnr1,__NEOFS__ZONE=container Enter password > container ID: 2pdNR2E2aHNdgibQqJZU6Zr1Kgk1QkubndZoxu9gTZVR awaiting... container has been persisted on sidechain $ aws s3api --endpoint http://localhost:8084 head-bucket --bucket cnr1 $ aws s3api --endpoint http://localhost:8084 head-bucket --bucket 2pdNR2E2aHNdgibQqJZU6Zr1Kgk1QkubndZoxu9gTZVR $ aws s3api --endpoint http://localhost:8084 put-object --bucket cnr1 --key obj { "ETag": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" } $ aws s3api --endpoint http://localhost:8084 list-objects --bucket cnr1 { "Contents": [ { "Key": "obj", "LastModified": "2022-09-23T12:41:34+00:00", "ETag": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "Size": 0, "Owner": { "DisplayName": "NbUgTSFvPmsRxmGeWpuuGeJUoRoi6PErcM", "ID": "NbUgTSFvPmsRxmGeWpuuGeJUoRoi6PErcM" } } ] } ```
sami commented 2025-12-28 17:37:02 +00:00
Author
Owner
Copy link

@anikeev-yadro commented on GitHub (Sep 27, 2022):

@KirillovDenis Are there parameters --attributes __NEOFS__NAME=cnr1,__NEOFS__ZONE=container important when we create container?
Because I didn't use it in previuos comment.

@anikeev-yadro commented on GitHub (Sep 27, 2022): @KirillovDenis Are there parameters ```--attributes __NEOFS__NAME=cnr1,__NEOFS__ZONE=container``` important when we create container? Because I didn't use it in previuos comment.
sami commented 2025-12-28 17:37:02 +00:00
Author
Owner
Copy link

@KirillovDenis commented on GitHub (Sep 27, 2022):

Yes, this attributes are required. This allows the container to be available in NNS.

@KirillovDenis commented on GitHub (Sep 27, 2022): Yes, this attributes are required. This allows the container to be available in NNS.
sami commented 2025-12-28 17:37:02 +00:00
Author
Owner
Copy link

@alexvanin commented on GitHub (Oct 3, 2022):

@anikeev-yadro Those __NEOFS__ prefixed attributes are system attributes. They are used to register container nice name as a domain (NAME.ZONE) in the global scope (NNS contract). The same mechanism is used in S3 Gateway to create buckets (containers with global names).

Can you confirm, that the issue is gone now?

@alexvanin commented on GitHub (Oct 3, 2022): @anikeev-yadro Those `__NEOFS__` prefixed attributes are system attributes. They are used to register container nice name as a domain (`NAME.ZONE`) in the global scope (NNS contract). The same mechanism is used in S3 Gateway to create buckets (containers with global names). Can you confirm, that the issue is gone now?
sami commented 2025-12-28 17:37:02 +00:00
Author
Owner
Copy link

@anikeev-yadro commented on GitHub (Oct 4, 2022):

@alexvanin yes

@anikeev-yadro commented on GitHub (Oct 4, 2022): @alexvanin yes
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
1255-session-token-v2
new-get
logger
experimental/unsigned-responses
experimental/get-perf
debugprint
ezayats/bump-s3-tests
955-after-a-parallel-deletion-of-versioned-objects-list-objects-returns-info-about-them
v0.42.0
v0.41.5
v0.41.4
v0.41.3
v0.41.2
v0.41.1
v0.41.0
v0.40.0
v0.39.0
v0.38.0
v0.37.0
v0.36.1
v0.36.0
v0.35.0
v0.34.1
v0.34.0
v0.33.0
v0.32.0
v0.31.1
v0.31.0
v0.30.1
v0.30.0
v0.29.0
v0.28.2
v0.28.1
v0.28.0
v0.27.1
v0.27.0
v0.26.1
v0.26.0
v0.25.1
v0.25.0
v0.24.0
v0.23.0
v0.22.0
v0.21.1
v0.21.0
v0.20.0
v0.19.0
v0.18.0
v0.17.0
v0.17.0-rc.1
v0.16.0
v0.15.1-pre
v0.15.0
v0.14.2
v0.14.1
v0.14.0
v0.13.0
v0.12.0-rc.3
v0.12.0-rc.2
v0.12.0-rc.1
Labels
Clear labels   
I2

   
I2

   
I3

   
I4

   
S2

   
S3

   
S4

   
S4

   
U0

   
U1

   
U2

   
U2

   
U3

   
U4

   
U4

   
auth-mate

   
blocked

   
bug

   
config

   
dependencies

   
discussion

   
documentation

   
enhancement

   
epic

   
feature

   
go

   
good first issue

   
help wanted

   
performance

   
question

   
security

   
test

   
tree-service

   
tree-service
No labels
I2
I2
I3
I4
S2
S3
S4
S4
U0
U1
U2
U2
U3
U4
U4
auth-mate
blocked
bug
config
dependencies
discussion
documentation
enhancement
epic
feature
go
good first issue
help wanted
performance
question
security
test
tree-service
tree-service
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
nspcc-dev/neofs-s3-gw#332
No description provided.