Bucket validation cannot handle project:bucketname syntax for openstack type of s3
danielFlemstrom opened this issue · comments
Describe the bug
When using openstack s3 and accessing buckets of one project by another project, buckets are specified as
:. The current validation in botocore.handlers.VALID_BUCKET does not allow this pattern.
Expected Behavior
response = s3_client.list_objects(Bucket=bucket_name)
where bucket name is e.g. "125f138b33redacted0e638bc:mybucket" should list the objects
(mybucket is the bucket name you would use if running ceph, but swift uses the project id as the highest leve as I understand it)
Current Behavior
Error accessing bucket: Parameter validation failed:
Invalid bucket name "d49b125f138b4dd9b225925950e638bc\eodata": Bucket name must match the regex "^[a-zA-Z0-9.-_]{1,255}$" or be an ARN matching the regex "^arn:(aws).:(s3|s3-object-lambda):[a-z-0-9]:[0-9]{12}:accesspoint[/:][a-zA-Z0-9-.]{1,63}$|^arn:(aws).*:s3-outposts:[a-z-0-9]+:[0-9]{12}:outpost[/:][a-zA-Z0-9-]{1,63}[/:]accesspoint[/:][a-zA-Z0-9-]{1,63}$"
Reproduction Steps
Create two projects in openstack
create a bucket in project 1
allow access to that bucket from project 2
try to access bucket with credentials of project 2 as shown
Possible Solution
Adding the colon (":") sign to row 89:ish in botocore/handlers.py would fix this
Below snippet shows how:
botocore.handlers.VALID_BUCKET = re.compile(r'^[a-zA-Z0-9.\-_:]{1,255}$')
Additional Information/Context
We checked the latest code in the repo and the pattern still lacks the colon sign.
SDK version used
latest
Environment details (OS name and version, etc.)
mac, linux, kubernets, same for all
Hi @danielFlemstrom, thanks for reaching out. The AWS SDKs are intended to work with AWS Services directly. AWS S3 does not allow slashes or colons in the names of buckets, and the parameter validation has to reflect that. If you can reproduce this issue with AWS S3, please feel free to reopen this issue.
⚠️ COMMENT VISIBILITY WARNING⚠️
Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.