From: Yuval Lifshitz <ylifshit@redhat.com>
Date: Thu, 1 Feb 2024 15:55:59 +0000 (+0000)
Subject: rgw/rest: fix url decode of post params passed as attributes
X-Git-Tag: testing/wip-batrick-testing-20240411.154038~502^2
X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=a23b424f74f848927a7fe77d827f4c12d6fb38c2;p=ceph-ci.git

rgw/rest: fix url decode of post params passed as attributes

this is fixing a regression with the SNS policies
cause by: 4bdc5d18dd68b95c6ccd4c0e77a1bd04ad86dbb8

the changes to the test code is to accomodate different
boto3 versions

Signed-off-by: Yuval Lifshitz <ylifshit@redhat.com>
---

diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc
index b3d3891b0ea..4433422e126 100644
--- a/src/rgw/rgw_rest_s3.cc
+++ b/src/rgw/rgw_rest_s3.cc
@@ -5169,7 +5169,8 @@ void update_attribute_map(const std::string& input, AttributeMap& map) {
   auto pos = key_or_value.find("=");
   if (pos != std::string::npos) {
     const auto key_or_value_lhs = key_or_value.substr(0, pos);
-    const auto key_or_value_rhs = url_decode(key_or_value.substr(pos + 1, key_or_value.size() - 1));
+    constexpr bool in_query = true; // replace '+' with ' '
+    const auto key_or_value_rhs = url_decode(key_or_value.substr(pos + 1, key_or_value.size() - 1), in_query);
     const auto map_it = map.find(idx);
     if (map_it == map.end()) {
       // new entry
diff --git a/src/test/rgw/bucket_notification/test_bn.py b/src/test/rgw/bucket_notification/test_bn.py
index d493a57e004..6e9248a3669 100644
--- a/src/test/rgw/bucket_notification/test_bn.py
+++ b/src/test/rgw/bucket_notification/test_bn.py
@@ -4429,8 +4429,13 @@ def test_ps_s3_topic_permissions():
         # 2nd user tries to set the attribute
         status = topic_conf2.set_attributes(attribute_name="persistent", attribute_val="false", topic_arn=topic_arn)
         assert False, "'AccessDenied' error is expected"
+    except ClientError as err:
+        if 'Error' in err.response:
+            assert_equal(err.response['Error']['Code'], 'AccessDenied')
+        else:
+            assert_equal(err.response['Code'], 'AccessDenied')
     except Exception as err:
-        print(err)
+        print('unexpected error type: '+type(err).__name__)
 
     # create bucket for conn2 and try publishing notification to topic
     _ = conn2.create_bucket(bucket_name)
@@ -4442,8 +4447,13 @@ def test_ps_s3_topic_permissions():
         s3_notification_conf2 = PSNotificationS3(conn2, bucket_name, topic_conf_list)
         _, status = s3_notification_conf2.set_config()
         assert False, "'AccessDenied' error is expected"
-    except ClientError as error:
-        assert_equal(error.response['Error']['Code'], 'AccessDenied')
+    except ClientError as err:
+        if 'Error' in err.response:
+            assert_equal(err.response['Error']['Code'], 'AccessDenied')
+        else:
+            assert_equal(err.response['Code'], 'AccessDenied')
+    except Exception as err:
+        print('unexpected error type: '+type(err).__name__)
 
     # Topic policy is now added by the 1st user to allow 2nd user.
     topic_policy  = topic_policy.replace("Deny", "Allow")