You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "Zachery Harley (Jira)" <ji...@apache.org> on 2022/05/10 11:09:00 UTC

[jira] [Created] (NIFI-10008) PutS3Object Canned ACL Ignored

Zachery Harley created NIFI-10008:
-------------------------------------

             Summary: PutS3Object Canned ACL Ignored
                 Key: NIFI-10008
                 URL: https://issues.apache.org/jira/browse/NIFI-10008
             Project: Apache NiFi
          Issue Type: Bug
    Affects Versions: 1.16.1, 1.15.3, 1.15.1
            Reporter: Zachery Harley
         Attachments: image-2022-05-10-11-50-25-192.png, image-2022-05-10-11-54-53-139.png, image-2022-05-10-11-56-20-461.png, image-2022-05-10-11-58-10-719.png, image-2022-05-10-11-58-57-099.png

h2. Issue

Our simplified flow is reading a file from S3 using `FetchS3Object`, modifying the object and writing it back to another S3 bucket to another AWS account.

When reading the object, the `s3.owner` attribute is set on it, we then do all of our modifications and write it back using the `PutS3Object` processor.

The relevant configuration for that processor is:

!image-2022-05-10-11-50-25-192.png!

 

We are attempting to use the canned ACL `BucketOwnerFullControl' however since the value of `s3.owner` is set from the reading from S3 it canned ACL is not being set.

The below image shows that the bucket owner cannot view the permissions list due to the ACL not being set.

!image-2022-05-10-11-54-53-139.png!

When we change the PutS3Object configuration as follows, however:

!image-2022-05-10-11-56-20-461.png!

On applying the changes, the value of `Owner` is reset back to "${s3.owner}"due to there being a default setting on a non-required field.
h2. Workaround

The only solution to this issue is to set the value of `Owner` to be a non-existant tag (`Owner` has a non-empty validator).

With the following configuration:
!image-2022-05-10-11-58-10-719.png!

The uploaded object ACL is now correct:

!image-2022-05-10-11-58-57-099.png!

Although this works it does leave a lot of room for improvement. 
A better solution would be either:
 * Allow for an empty string to be set in the `Owner` field, a similar issue is likely present on other ACL related configurations.
 * Allow for "required(false)" fields with a default value to be unset without defaulting back to the set default with a check box, or similar feature.

 

 



--
This message was sent by Atlassian Jira
(v8.20.7#820007)