Uploaded image for project: 'Data Foundation Bugs'
  1. Data Foundation Bugs
  2. DFBUGS-628

[2269428] [GSS][DOC] apply bucket polices to a noobaa bucket fails

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Critical Critical
    • odf-4.16
    • odf-4.13
    • Documentation
    • None
    • False
    • Hide

      None

      Show
      None
    • False
    • ?
    • ?
    • If docs needed, set a value
    • Proposed
    • None

      Description of problem (please be detailed as possible and provide log
      snippests):
      Hi, SOAP doesn't allow for non https connections to update bucket policies:

      ```
      InsecureRequestWarning,An error occurred (InvalidRequest) when calling the PutBucketPolicy operation: SOAP requests must be made over an HTTPS connection.
      ```

      According to ,[1] we say to use:

      ```

      1. aws --endpoint ENDPOINT --no-verify-ssl s3api put-bucket-policy --bucket MyBucket --policy BucketPolicy
        ```

      running this results in

      ```
      [system:admin/openshift-storage root ~]$ aws --endpoint https://s3-openshift-storage.apps.ocp4.cluster.lab:443 s3api put-bucket-policy --bucket test123-febe138a-6632-41c3-a54c-3d3adbd2b57a --policy retention-policy.json --no-verify-ssl
      /usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py:1052: InsecureRequestWarning: Unverified HTTPS request is being made to host 's3-openshift-storage.apps.ocp4.cluster.lab'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings
      InsecureRequestWarning,An error occurred (InvalidRequest) when calling the PutBucketPolicy operation: SOAP requests must be made over an HTTPS connection.
      ```

      Without using the --no-verify-ssl flag I get a cert issue:

      ```
      [system:admin/openshift-storage root ~]$ aws --endpoint https://s3-openshift-storage.apps.ocp4.cluster.lab:443 s3api put-bucket-policy --bucket test123-febe138a-6632-41c3-a54c-3d3adbd2b57a --policy retention-policy.jsonSSL validation failed for https://s3-openshift-storage.apps.ocp4.cluster.lab:443/test123-febe138a-6632-41c3-a54c-3d3adbd2b57a?policy [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)
      ```

      So, SOAP requires you to use SSL, which the docs state explicitly not to, why? Am I missing something? Seems the docs are incorrect are ignore the fact applying a bucket policy requires to you use HTTPS

      [1]https://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.14/html-single/managing_hybrid_and_multicloud_resources/index#using-bucket-policies

              rh-ee-bbiswas Barun Biswas
              rhn-support-kelwhite Kelson White
              Mahesh Shetty Mahesh Shetty
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

                Created:
                Updated: