Bucket validation cannot handle project:bucketname syntax for openstack type of s3

Question

Bucket validation cannot handle project:bucketname syntax for openstack type of s3

danielFlemstrom opened this issue 8 months ago · comments

Describe the bug

When using openstack s3 and accessing buckets of one project by another project, buckets are specified as
:. The current validation in botocore.handlers.VALID_BUCKET does not allow this pattern.

Expected Behavior

response = s3_client.list_objects(Bucket=bucket_name)
where bucket name is e.g. "125f138b33redacted0e638bc:mybucket" should list the objects
(mybucket is the bucket name you would use if running ceph, but swift uses the project id as the highest leve as I understand it)

Current Behavior

Error accessing bucket: Parameter validation failed:
Invalid bucket name "d49b125f138b4dd9b225925950e638bc\eodata": Bucket name must match the regex "^[a-zA-Z0-9.-_]{1,255}$" or be an ARN matching the regex "^arn:(aws).:(s3|s3-object-lambda):[a-z-0-9]:[0-9]{12}:accesspoint[/:][a-zA-Z0-9-.]{1,63}$|^arn:(aws).*:s3-outposts:[a-z-0-9]+:[0-9]{12}:outpost[/:][a-zA-Z0-9-]{1,63}[/:]accesspoint[/:][a-zA-Z0-9-]{1,63}$"

Reproduction Steps

Create two projects in openstack
create a bucket in project 1
allow access to that bucket from project 2
try to access bucket with credentials of project 2 as shown

Possible Solution

Adding the colon (":") sign to row 89:ish in botocore/handlers.py would fix this
Below snippet shows how:

botocore.handlers.VALID_BUCKET = re.compile(r'^[a-zA-Z0-9.\-_:]{1,255}$')

Additional Information/Context

We checked the latest code in the repo and the pattern still lacks the colon sign.

SDK version used

latest

Environment details (OS name and version, etc.)

mac, linux, kubernets, same for all

Ryan F. · Answer 1 · Fri Jan 05 2024 05:23:13 GMT+0800 (China Standard Time)

Hi @danielFlemstrom, thanks for reaching out. The AWS SDKs are intended to work with AWS Services directly. AWS S3 does not allow slashes or colons in the names of buckets, and the parameter validation has to reflect that. If you can reproduce this issue with AWS S3, please feel free to reopen this issue.

github-actions · Answer 2 · Fri Jan 05 2024 05:51:32 GMT+0800 (China Standard Time)

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.