Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Build Problems with Storage ACLs #716

Closed
stephenplusplus opened this issue Jul 10, 2015 · 17 comments
Closed

Build Problems with Storage ACLs #716

stephenplusplus opened this issue Jul 10, 2015 · 17 comments
Assignees
Labels
api: storage Issues related to the Cloud Storage API. type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns.

Comments

@stephenplusplus
Copy link
Contributor

I saw this locally yesterday, but the builds worked in Travis. Today, Travis is reporting the same errors:

https://travis-ci.org/GoogleCloudPlatform/gcloud-node/#L2635

1) storage acls buckets should add entity to default access controls:
     Error: Not Found
      at Object.handleResp (lib/common/util.js:9:4858)
      at Request._callback (lib/common/util.js:9:20254)
      at _stream_readable.js:908:16
  2) storage acls buckets should grant an account access:
     Error: Not Found
      at Object.handleResp (lib/common/util.js:9:4858)
      at Request._callback (lib/common/util.js:9:20254)
      at _stream_readable.js:908:16
  3) storage acls buckets should update an account:
     Error: Not Found
      at Object.handleResp (lib/common/util.js:9:4858)
      at Request._callback (lib/common/util.js:9:20254)
      at _stream_readable.js:908:16
  4) storage acls files should grant an account access:
     Error: Not Found
      at Object.handleResp (lib/common/util.js:9:4858)
      at Request._callback (lib/common/util.js:9:20254)
      at _stream_readable.js:908:16
  5) storage acls files should update an account:
     Error: Not Found
      at Object.handleResp (lib/common/util.js:9:4858)
      at Request._callback (lib/common/util.js:9:20254)
      at _stream_readable.js:908:16
@stephenplusplus stephenplusplus added type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns. api: storage Issues related to the Cloud Storage API. labels Jul 10, 2015
@stephenplusplus
Copy link
Contributor Author

Seems to be a problem upstream with defaultObjectAccessControls.delete. Using https://cloud.google.com/storage/docs/json_api/v1/defaultObjectAccessControls/insert to add a user works, then it cannot be deleted with https://cloud.google.com/storage/docs/json_api/v1/defaultObjectAccessControls/delete.

@jgeewax have you already heard of this issue?

@jgeewax
Copy link
Contributor

jgeewax commented Jul 10, 2015

I haven't -- do we need to escalate? If so can you give the minimum explanation of what exactly is failing? If something can't be deleted I'd expect a 403.. not a 404, right?

@stephenplusplus
Copy link
Contributor Author

If something can't be deleted I'd expect a 403.. not a 404, right?

Yeah, it's weird, since doing a GET returns the object and a 200.

It probably couldn't hurt to have someone look at it.

To reproduce:

  1. Create a new bucket in the dev console (ex. name: "unique-bucket-name-stephen") https://console.developers.google.com/project/nth-circlet-705/storage/browser
  2. Use the API explorer to insert a default object acl https://cloud.google.com/storage/docs/json_api/v1/defaultObjectAccessControls/insert
    • bucket: bucket name created in step 1
    • fields: Leave blank
    • request body:
      • entity: user-[emailaddress]
      • role: READER
  3. Confirm 200 response (expected)
  4. Use the API explorer to delete that default object acl https://cloud.google.com/storage/docs/json_api/v1/defaultObjectAccessControls/delete
    • bucket: bucket name created in step 1
    • entity: entity used in step 2
  5. Confirm 404 response (unexpected)

This was previously working, but we started getting the 404 yesterday.

@jgeewax
Copy link
Contributor

jgeewax commented Jul 10, 2015 via email

@stephenplusplus
Copy link
Contributor Author

I found something interesting. After I insert "user-[emailaddress]", then list the defaultObjectAcls, it comes back like this:

{
  "kind": "storage#objectAccessControl",
  "entity": "user-00b4903a970617830a8fbdf72fc0df7976b1dd9624224cf3c6053d64383e6851",
  "role": "READER",
  "entityId": "00b4903a970617830a8fbdf72fc0df7976b1dd9624224cf3c6053d64383e6851",
  "etag": "CAY="
}

I can get the defaultObjectAcl by user-[emailaddress], but I can only delete it with its encoded name. Should we be getting back the encoded version at all?

@jgeewax
Copy link
Contributor

jgeewax commented Jul 16, 2015

/cc @hurstdog who can probably comment on what the intended behavior is and why.

@callmehiphop
Copy link
Contributor

related to googleapis/google-cloud-go#147

@stephenplusplus
Copy link
Contributor Author

@jgeewax Since this breaks our tests, we're blocked on getting a new release out as well as our various doc fixes for the last 2 weeks. Is this being looked at?

@jgeewax
Copy link
Contributor

jgeewax commented Jul 21, 2015

Sounds like GCS is going to send back some magical hash...

I'm asking @hurstdog and @Capstan about how we can now tell GCS to delete the ACL for user-<email> given that they're storing it as user-<magical hash>

@stephenplusplus
Copy link
Contributor Author

Great, thanks!

@stephenplusplus
Copy link
Contributor Author

My current plan is to give it until Wednesday, then skip these tests from the build so we can get a release. Let me know if that doesn't work.

The releases we have out now (< 0.16.0) will fail under the same test, since this was a change in the upstream API, not ours. If we wait much longer before a release, our bug reports (should we get any) will increase in difficulty to track down due to the scope of things we've changed.

@royalpeasantry
Copy link

I tracked down the issue, and it should be fixed with our release next week.

@stephenplusplus
Copy link
Contributor Author

Awesome, thanks @royalpeasantry!

@stephenplusplus
Copy link
Contributor Author

Fixed in #837

@jmkrimm
Copy link

jmkrimm commented Jul 5, 2017

The magical hash in Google Cloud Storage has been updated with email address. Will this library be updated to also return the email address?
I am seeing the below returned for getting acl.

{ entity: 'user-00b4903a9789bd9a7c7e3ba01e6f5eeb40503bc3318102a6fdd2f', role: 'OWNER' }

Direct calls to the Cloud Storage API returns:

{ "email": "[email protected]", "entity": "[email protected]", "role": "OWNER" }

@royalpeasantry
Copy link

I don't believe this is the library as it wouldn't be able to translate the email into a hash if the server returned the email. My guess is that you are not making exactly the same request as the library is, as we still have a few paths server side that are returning the hash that I am working on fixing.

@jmkrimm
Copy link

jmkrimm commented Jul 12, 2017

@royalpeasantry any ideas on when all paths to the storage API will return email address?

sofisl pushed a commit that referenced this issue Sep 27, 2022
* fix: fixes for dynamic routing and streaming descriptors

Use gapic-generator-typescript v2.14.5.

PiperOrigin-RevId: 450616838

Source-Link: googleapis/googleapis@7a47b72

Source-Link: googleapis/googleapis-gen@42cc633
Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiNDJjYzYzMzFiYWUwYjk5ZjYxYjhlMDFhZTE1YjA1MjExNzE2YzRmOSJ9

* 🦉 Updates from OwlBot post-processor

See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md

Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
sofisl pushed a commit that referenced this issue Sep 27, 2022
🤖 I have created a release *beep* *boop*
---


## [4.0.0](googleapis/nodejs-video-intelligence@v3.4.1...v4.0.0) (2022-06-29)


### ⚠ BREAKING CHANGES

* update library to use Node 12 (#714)
* field ObjectTrackingAnnotation.segment moved into oneof, added track_id (#704)

### Features

* field ObjectTrackingAnnotation.segment moved into oneof, added track_id ([#704](googleapis/nodejs-video-intelligence#704)) ([b55757b](googleapis/nodejs-video-intelligence@b55757b))
* support regapic LRO ([#720](googleapis/nodejs-video-intelligence#720)) ([903e5ca](googleapis/nodejs-video-intelligence@903e5ca))


### Bug Fixes

* fixes for dynamic routing and streaming descriptors ([#716](googleapis/nodejs-video-intelligence#716)) ([853d91e](googleapis/nodejs-video-intelligence@853d91e))


### Build System

* update library to use Node 12 ([#714](googleapis/nodejs-video-intelligence#714)) ([a9fbbcd](googleapis/nodejs-video-intelligence@a9fbbcd))

---
This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please).
sofisl pushed a commit that referenced this issue Nov 9, 2022
* fix: fixes for dynamic routing and streaming descriptors

Use gapic-generator-typescript v2.14.5.

PiperOrigin-RevId: 450616838

Source-Link: googleapis/googleapis@7a47b72

Source-Link: googleapis/googleapis-gen@42cc633
Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiNDJjYzYzMzFiYWUwYjk5ZjYxYjhlMDFhZTE1YjA1MjExNzE2YzRmOSJ9

* 🦉 Updates from OwlBot post-processor

See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md

Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
sofisl pushed a commit that referenced this issue Nov 9, 2022
🤖 I have created a release *beep* *boop*
---


## [4.0.0](googleapis/nodejs-video-intelligence@v3.4.1...v4.0.0) (2022-06-29)


### ⚠ BREAKING CHANGES

* update library to use Node 12 (#714)
* field ObjectTrackingAnnotation.segment moved into oneof, added track_id (#704)

### Features

* field ObjectTrackingAnnotation.segment moved into oneof, added track_id ([#704](googleapis/nodejs-video-intelligence#704)) ([b55757b](googleapis/nodejs-video-intelligence@b55757b))
* support regapic LRO ([#720](googleapis/nodejs-video-intelligence#720)) ([903e5ca](googleapis/nodejs-video-intelligence@903e5ca))


### Bug Fixes

* fixes for dynamic routing and streaming descriptors ([#716](googleapis/nodejs-video-intelligence#716)) ([853d91e](googleapis/nodejs-video-intelligence@853d91e))


### Build System

* update library to use Node 12 ([#714](googleapis/nodejs-video-intelligence#714)) ([a9fbbcd](googleapis/nodejs-video-intelligence@a9fbbcd))

---
This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please).
sofisl pushed a commit that referenced this issue Nov 17, 2022
#716)

* build(node): add feat in node post-processor to add client library version number in snippet metadata

Co-authored-by: Benjamin E. Coe <[email protected]>
Source-Link: googleapis/synthtool@d337b88
Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-nodejs:latest@sha256:d106724ad2a96daa1b8d88de101ba50bdb30b8df62ffa0aa2b451d93b4556641
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
api: storage Issues related to the Cloud Storage API. type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns.
Projects
None yet
Development

No branches or pull requests

5 participants