mirror of
https://github.com/nspcc-dev/neofs-s3-gw.git
synced 2026-03-01 04:29:15 +00:00
Object PUTs into private buckets lead to EACL bloat #464
Labels
No labels
I2
I2
I3
I4
S2
S3
S4
S4
U0
U1
U2
U2
U3
U4
U4
auth-mate
blocked
bug
config
dependencies
discussion
documentation
enhancement
epic
feature
go
good first issue
help wanted
performance
question
security
test
tree-service
tree-service
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
nspcc-dev/neofs-s3-gw#464
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @roman-khimov on GitHub (Oct 25, 2024).
Originally assigned to: @smallhive on GitHub.
Current Behavior
PutObject with full owner control ACL leading to EACL bloat and eventual 500 with
container setEacl: status: code = 1024 message = Invalid params (-32602) - byte-slice is too big (67987)error.Expected Behavior
Buckets are private by default. Puts with full object control for objects do nothing EACL-wise as explained in https://pkg.go.dev/github.com/aws/aws-sdk-go/service/s3/s3manager#UploadInput and its references. Other ACLs are rejected unless ACLs are enabled (see https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html also).
Possible Solution
Fix the damn things.
Steps to Reproduce
aws s3api put-object --bucket amzn-s3-demo-bucket --key key-name --body path-to-file --acl bucket-owner-full-controlContext
Real software loves specifying ACLs for whatever reason.
Your Environment
uname -a): Debian stable@smallhive commented on GitHub (Oct 28, 2024):
Some AWS docs https://docs.aws.amazon.com/AmazonS3/latest/userguide/ensure-object-ownership.html about bucket policy.
Another interesting treasure https://gitlab.com/gitlab-org/container-registry/-/issues/909