NC | NSFS | Versioning | Delete of partial directory of nested key results in `AccessDeniedError`

[shirady]

Environment info

• NooBaa Version: 5.18.0 (current master)
• Platform: NC

Actual behavior

1. When a bucket with versioning enabled and there is a nested key inside and the client tries to delete the parent directory of the file without the last slash '/' (let's say it was by accident) will result in an error AccessDenied and in FS layer it is Error: Operation not permitted, code: 'EPERM'

Expected behavior

1. Create a delete marker without an error.

Steps to reproduce

1. Create an account with the CLI: sudo node src/cmd/manage_nsfs account add --name <account-name> --new_buckets_path /tmp/nsfs_root1 --access_key <access-key> --secret_key <secret-key> --uid <uid> --gid <gid> Note: before creating the account need to give permission to the new_buckets_path: chmod 777 /tmp/nsfs_root1, chmod 777 /tmp/nsfs_root2.
2. Start the NSFS server with: sudo node src/cmd/nsfs --debug 5 Notes:

• I Change the config.NSFS_CHECK_BUCKET_BOUNDARIES = false; //SDSD because I’m using the /tmp/ and not /private/tmp/.

3. Create the alias for S3 service:alias nc-user-1-s3=‘AWS_ACCESS_KEY_ID=<access-key> AWS_SECRET_ACCESS_KEY=<secret-key> aws --no-verify-ssl --endpoint-url https://localhost:6443’.
4. Check the connection to the endpoint and try to list the buckets (should be empty): nc-user-1-s3 s3 ls; echo $?
5. Add bucket to the account using AWS CLI: nc-user-1-s3 s3 mb s3://bucket-v (bucket-v is the bucket name in this example)
6. Enable versioning: nc-user-1-s3 s3api put-bucket-versioning --bucket bucket-v --versioning-configuration Status=Enabled
7. Put a nested object: nc-user-1-s3 s3api put-object --bucket bucket-v --key /a/b/c/lala.txt
8. Delete the key /a/b/c (without the last slash): nc-user-1-s3 s3api delete-object --bucket bucket-v --key /a/b/c Note: deleting the directory creates the delete marker as expected (nc-user-1-s3 s3api delete-object --bucket bucket-v --key /a/b/c/).

More information - Screenshots / Logs / Other output

Might be that this issue is with the same root cause of the issue - #8320

Oct-10 16:13:38.960 [nsfs/79233]  [WARN] core.sdk.namespace_fs:: NamespaceFS._delete_latest_version error: retries=10 latest_ver_path=/tmp/nsfs_root1/bucket-v/a/b/c [Error: Operation not permitted] { code: 'EPERM', context: 'SafeLink _link_from.c_str()=/tmp/nsfs_root1/bucket-v/a/b/c _link_to.c_str()=/tmp/nsfs_root1/bucket-v/a/b/.versions/c_null _link_expected_mtime=1728566008914826496 _link_expected_inode=152582414 ' }
Oct-10 16:13:38.961 [nsfs/79233] [ERROR] core.endpoint.s3.s3_rest:: S3 ERROR <?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access Denied</Message><Resource>/bucket-v//a/b/c</Resource><RequestId>m23bksck-csss5c-135r</RequestId></Error> DELETE /bucket-v//a/b/c {"host":"localhost:6443","accept-encoding":"identity","user-agent":"aws-cli/2.17.11 md/awscrt#0.20.11 ua/2.0 os/macos#24.0.0 md/arch#arm64 lang/python#3.11.9 md/pyimpl#CPython cfg/retry-mode#standard md/installer#source md/prompt#off md/command#s3api.delete-object","x-amz-date":"20241010T131338Z","x-amz-content-sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","authorization":"AWS4-HMAC-SHA256 Credential=<>/20241010/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=4dc8ae840909447ab17ef08ce5c6d25c62a422ed1ba7fa79900a210ac1cfa3b5","content-length":"0"} Error: Operation not permitted - context: SafeLink _link_from.c_str()=/tmp/nsfs_root1/bucket-v/a/b/c _link_to.c_str()=/tmp/nsfs_root1/bucket-v/a/b/.versions/c_null _link_expected_mtime=1728566008914826496 _link_expected_inode=152582414