According to AWS S3 in this document[1], an ACL can have up to 100
grants.
If the nums of grants is larger than 100, S3 will return like following:
400
<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>MalformedACLError</Code><Message>The XML you provided was not well-formed or did not validate against our published schema</Message><RequestId>
10EC67824572C378</RequestId><HostId>AWL3NnQChs/HCfOTu5MtyEc9uzRuxpYMhmvXQry2CovCcuxO2/tMqY1zGoWOur86ipQt3v/WEiA=</HostId></Error>
Now if the nums of request acl grants is larger than the maximum allowed, rgw will return
like following:
400
<?xml version="1.0" encoding="UTF-8"?><Error><Code>MalformedACLError</Code><Message>The request is rejected, because the acl grants number you requested is larger than the maximum 101 grants allowed in an acl.</Message><BucketName>222</BucketName><RequestId>tx000000000000000000017-
00596b5fad-101a-default</RequestId><HostId>101a-default-default</HostId></Error>
The maximum number of acl grants can be configured in config file with the configuration item:
rgw_acl_grants_max_num
[1] http://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html
Signed-off-by: Enming Zhang <enming.zhang@umcloud.com>
OPTION(rgw_dynamic_resharding, OPT_BOOL, true)
OPTION(rgw_max_objs_per_shard, OPT_INT, 100000)
OPTION(rgw_reshard_thread_interval, OPT_U32, 60 * 10) // maximum time between rounds of reshard thread processing
+
+OPTION(rgw_acl_grants_max_num, OPT_INT, 100) // According to AWS S3(http://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html), An ACL can have up to 100 grants.
{ ERR_MALFORMED_XML, {400, "MalformedXML" }},
{ ERR_AMZ_CONTENT_SHA256_MISMATCH, {400, "XAmzContentSHA256Mismatch" }},
{ ERR_INVALID_TAG, {400, "InvalidTag"}},
+ { ERR_MALFORMED_ACL_ERROR, {400, "MalformedACLError" }},
{ ERR_LENGTH_REQUIRED, {411, "MissingContentLength" }},
{ EACCES, {403, "AccessDenied" }},
{ EPERM, {403, "AccessDenied" }},
#define ERR_TAG_CONFLICT 2209
#define ERR_INVALID_TAG 2210
#define ERR_ZERO_IN_URL 2211
+#define ERR_MALFORMED_ACL_ERROR 2212
#define ERR_BUSY_RESHARDING 2300
return;
}
+ const RGWAccessControlList& req_acl = policy->get_acl();
+ const multimap<string, ACLGrant>& req_grant_map = req_acl.get_grant_map();
+#define ACL_GRANTS_MAX_NUM 100
+ int max_num = s->cct->_conf->rgw_acl_grants_max_num;
+ if (max_num < 0) {
+ max_num = ACL_GRANTS_MAX_NUM;
+ }
+
+ int grants_num = req_grant_map.size();
+ if (grants_num > max_num) {
+ ldout(s->cct, 4) << "An acl can have up to "
+ << max_num
+ << " grants, request acl grants num: "
+ << grants_num << dendl;
+ op_ret = -ERR_MALFORMED_ACL_ERROR;
+ s->err.message = "The request is rejected, because the acl grants number you requested is larger than the maximum "
+ + std::to_string(max_num)
+ + " grants allowed in an acl.";
+ return;
+ }
+
// forward bucket acl requests to meta master zone
if (s->object.empty() && !store->is_meta_master()) {
bufferlist in_data;
projects / ceph.git / commitdiff