PUT object fails to the bucket with policy which allows GET/PUT/DELETE #878
Description
PUT objects fails to the bucket with generous bucket policy.
commit 4dab204 (develop)
Policy JSON
{
"Version": "2008-10-17",
"Id": "Policy1355283297687",
"Statement": [
{
"Sid": "Stmt1355283289hage",
"Action": [
"s3:PutObject", "s3:DeleteObject", "s3:GetObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::test-http/*",
"Principal": { "AWS": ["*"] },
"Condition": {
"Bool": { "aws:SecureTransport" : false }
}
}
]
}
command
## List by owner (alice) success:
$ s3cmd -c .s3cfg.8071.alice ls s3://test-http/
2014-06-05 02:54 2593 s3://test-http/rebar.config
## Non-owner(bob) tries to PUT to the bucket:
$ s3cmd -c .s3cfg.8071.bob put README.org s3://test-http/
README.org -> s3://test-http/README.org [1 of 1]
6517 of 6517 100% in 0s 1160.51 kB/s done
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
An unexpected error has occurred.
Please report the following lines to:
s3tools-bugs@lists.sourceforge.net
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Problem: AttributeError: 'NoneType' object has no attribute 'getchildren'
S3cmd: 1.5.0-alpha3
[snip]
Error message on console:
12:09:31.191 [error] Lager event handler error_logger_lager_h exited with reason {'EXIT',{{badmatch,["/buckets/test-http/objects/README.org",{error,function_clause,[{riak_cs_acl,owner_id,[undefined,<0.156.0>],[{file,"src/riak_cs_acl.erl"},{line,307}]},{riak_cs_wm_utils,just_allowed_by_policy,5,[{file,"src/riak_cs_wm_utils.erl"},{line,937}]},{riak_cs_wm_common,authorize,2,[{file,"src/riak_cs_wm_common.erl"},{line,399}]},{riak_cs_wm_common,forbidden,2,[{file,"src/riak_cs_wm_common.erl"},{line,177}]},{webmachine_resource,resource_call,3,[{file,"src/webmachine_resource.erl"},...]},...]},...]},...}}
and in crash.log:
2014-06-05 12:09:31 =ERROR REPORT====
webmachine error: path="/buckets/test-http/objects/README.org"
{error,function_clause,[{riak_cs_acl,owner_id,[undefined,<0.156.0>],[{file,"src/riak_cs_acl.erl"},{line,307}]},{riak_cs_wm_utils,just_allowed_by_policy,5,[{file,"src/riak_cs_wm_utils.erl"},{line,937}]},{riak_cs_wm_common,authorize,2,[{file,"src/riak_cs_wm_common.erl"},{line,399}]},{riak_cs_wm_common,forbidden,2,[{file,"src/riak_cs_wm_common.erl"},{line,177}]},{webmachine_resource,resource_call,3,[{file,"src/webmachine_resource.erl"},{line,186}]},{webmachine_resource,do,3,[{file,"src/webmachine_resource.erl"},{line,142}]},{webmachine_decision_core,resource_call,1,[{file,"src/webmachine_decision_core.erl"},{line,48}]},{webmachine_decision_core,decision,1,[{file,"src/webmachine_decision_core.erl"},{line,221}]}]}
[{riak_cs_acl,owner_id,[undefined,<0.156.0>],[{file,"src/riak_cs_acl.erl"},{line,307}]},{riak_cs_wm_utils,just_allowed_by_policy,5,[{file,"src/riak_cs_wm_utils.erl"},{line,937}]},{riak_cs_wm_common,authorize,2,[{file,"src/riak_cs_wm_common.erl"},{line,399}]},{riak_cs_wm_common,forbidden,2,[{file,"src/riak_cs_wm_common.erl"},{line,177}]},{webmachine_resource,resource_call,3,[{file,"src/webmachine_resource.erl"},{line,186}]},{webmachine_resource,do,3,[{file,"src/webmachine_resource.erl"},{line,142}]},{webmachine_decision_core,resource_call,1,[{file,"src/webmachine_decision_core.erl"},{line,48}]},{webmachine_decision_core,decision,1,[{file,"src/webmachine_decision_core.erl"},{line,221}]}]
Misc note: GET can be done by bob:
$ s3cmd -c .s3cfg.8071.bob get s3://test-http/rebar.config -
s3://test-http/rebar.config -> <stdout> [1 of 1]
{sub_dirs, ["rel"]}.
{require_otp_vsn, "R15|R16"}.
{cover_enabled, true}.
[snip]