doesBucketExist() returns true when client has invalid client creds
roryodonnell opened this issue · comments
public Result CosHealthCheck() {
AmazonS3 client = createClient(withInvalidCreds)
// returns true
client.doesBucketExist("some unknown bucket");
@Override
public boolean doesBucketExist(String bucketName)
throws SdkClientException, AmazonServiceException {
try {
headBucket(new HeadBucketRequest(bucketName));
return true;
} catch (AmazonServiceException ase) {
// A redirect error or a forbidden error means the bucket exists. So
// returning true.
if ((ase.getStatusCode() == Constants.BUCKET_REDIRECT_STATUS_CODE)
|| (ase.getStatusCode() == Constants.BUCKET_ACCESS_FORBIDDEN_STATUS_CODE)) {
return true;
}
if (ase.getStatusCode() == Constants.NO_SUCH_BUCKET_STATUS_CODE) {
return false;
}
throw ase;
}
@roryodonnell thanks for reporting this. doesBucketExist() has a precondition that assumes that the credentials are correct. By using headBucket() to verify that the bucket exists, it's unable to determine if a 403 Forbidden error is because the user doesn't have permission to the bucket or because the supplied credentials are invalid. We can address this by deprecating doesBucketExist and introducing a new method that does not rely on headBucket.
would something like this work
boolean doesBucketExist(String bucketName)
return listBuckets().contains(bucketName);
The problem with listBuckets() is that it won't list buckets that the user didn't create even if they have permission to it. Perhaps getBucketACL() might meet requirements.
@roryodonnell, did Patrick's suggestion help?
thanks Paul - kind of. I just needed to call a any method that would throw an exception if the creds were incorrect, so, yes. listBuckets will throw exception if my supplied creds are invalid