-
|
Confirm by changing [ ] to [x] below:
example: Getting bucket acl for: <some_bucket>
{
"Grants": [
{
"Grantee": {
"Type": "CanonicalUser",
"DisplayName": null,
"EmailAddress": null,
"ID": "0b1_____91b",
"URI": null
},
"Permission": "FULL_CONTROL"
},
{
"Grantee": {
"Type": "CanonicalUser",
"DisplayName": null,
"EmailAddress": null,
"ID": "0b1_____91b",
"URI": null
},
"Permission": "FULL_CONTROL"
},
{
"Grantee": {
"Type": "CanonicalUser",
"DisplayName": null,
"EmailAddress": null,
"ID": "0b1_____91b",
"URI": null
},
"Permission": "FULL_CONTROL"
},
{
"Grantee": {
"Type": "CanonicalUser",
"DisplayName": null,
"EmailAddress": null,
"ID": "0b1_____91b",
"URI": null
},
"Permission": "FULL_CONTROL"
},
{
"Grantee": {
"Type": "CanonicalUser",
"DisplayName": null,
"EmailAddress": null,
"ID": "0b1_____91b",
"URI": null
},
"Permission": "FULL_CONTROL"
}
],
"Owner": {
"DisplayName": null,
"ID": "0b1_____91b"
},
"ResultMetadata": {}
}
|
Beta Was this translation helpful? Give feedback.
Replies: 8 comments
-
|
Sorry wrong repo, cant this be transferred to aws-sdk-go-v2 |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for reaching out @bwoznicki. I'm not able to reproduce this issue on my side. Could you enable logging in your client to log the Response HTTP message with the body? You can enable logging per operation call to simplify the logs that are being produced. resp, err := client.GetBucketAcl(context.TODO(), &s3.GetBucketAclInput{
Bucket: &bucket,
}, func(o *s3.Options) {
// Add logging of response message and body.
o.ClientLogMode = aws.LogResponseWithBody
})The following is the test app I used to try to reproduce the issue. package main
import (
"context"
"flag"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/config"
"github.com/aws/aws-sdk-go-v2/service/s3"
"github.com/davecgh/go-spew/spew"
)
func main() {
var bucket string
flag.StringVar(&bucket, "b", "", "bucket name")
flag.Parse()
cfg, err := config.LoadDefaultConfig(context.TODO())
if err != nil {
log.Fatalf("failed to load config, %v", err)
}
client := s3.NewFromConfig(cfg)
resp, err := client.GetBucketAcl(context.TODO(), &s3.GetBucketAclInput{
Bucket: &bucket,
}, func(o *s3.Options) {
o.ClientLogMode = aws.LogResponseWithBody
})
if err != nil {
log.Fatalf("failed to get bucket acl, %v", err)
}
spew.Dump(resp.Grants)
} |
Beta Was this translation helpful? Give feedback.
-
|
Hi @jasdel please find debug output bellow, it does not happen on all the buckets just some of them. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for the additional information. From the XML document coming back in the response, it looks like the duplication is on the S3 bucket. Do you see multiple ACL policies on the bucket in the AWS Console? If you don't see multiple entries in the console I suggest reaching out to AWS support about the issue. <AccessControlPolicy xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<Owner><ID>0b1a4cafc06fcd0753d2eff0dd400b81fc190018ec3a79dd4ffd24b2d4ee891b</ID></Owner>
<AccessControlList>
<Grant>
<Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser">
<ID>0b1a4cafc06fcd0753d2eff0dd400b81fc190018ec3a79dd4ffd24b2d4ee891b</ID>
</Grantee>
<Permission>FULL_CONTROL</Permission>
</Grant>
<Grant>
<Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser">
<ID>0b1a4cafc06fcd0753d2eff0dd400b81fc190018ec3a79dd4ffd24b2d4ee891b</ID>
</Grantee>
<Permission>FULL_CONTROL</Permission>
</Grant>
<Grant>
<Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser">
<ID>0b1a4cafc06fcd0753d2eff0dd400b81fc190018ec3a79dd4ffd24b2d4ee891b</ID>
</Grantee>
<Permission>FULL_CONTROL</Permission>
</Grant>
<Grant>
<Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser">
<ID>0b1a4cafc06fcd0753d2eff0dd400b81fc190018ec3a79dd4ffd24b2d4ee891b</ID>
</Grantee>
<Permission>FULL_CONTROL</Permission>
</Grant>
<Grant>
<Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser">
<ID>0b1a4cafc06fcd0753d2eff0dd400b81fc190018ec3a79dd4ffd24b2d4ee891b</ID>
</Grantee>
<Permission>FULL_CONTROL</Permission>
</Grant>
</AccessControlList>
</AccessControlPolicy> |
Beta Was this translation helpful? Give feedback.
-
|
Hi, yes console shows only one, which is the bucket owner, will reach out to the support see what they say... |
Beta Was this translation helpful? Give feedback.
-
|
Hi @jasdel so I had a response from S3 support. At the moment it is possible to create duplicate entries for ACL as there is no dedupe on PUT/GET. However the team is also actively working on changing this behaviour on S3 so this should be resolved soon. |
Beta Was this translation helpful? Give feedback.
-
|
I just ran into the same issue: A duplicate grant of the default grant was present. Because of that I could not apply the bucket owner enforced setting for Object Ownership from the console. What helped was to reset ACLs with |
Beta Was this translation helpful? Give feedback.
-
|
Hello! Reopening this discussion to make it searchable. |
Beta Was this translation helpful? Give feedback.
Thanks for reaching out @bwoznicki. I'm not able to reproduce this issue on my side. Could you enable logging in your client to log the Response HTTP message with the body? You can enable logging per operation call to simplify the logs that are being produced.
The following is the test app I used to try to reproduce the issue.