[Bug] - versitygw assumes that POST command with bucket and key is create-multipart-upload command

[lrm25]

Describe the bug When attempting a create-multipart-upload operation direct-to-s3 with an invalid query key (e.g. "upload", rather than "uploads"), an error similar to the following, with a response code of 405, is returned:

<?xml version="1.0" encoding="UTF-8"?>
     <Error><Code>MethodNotAllowed</Code><Message>The specified method is not allowed against this resource.</Message><Method>POST</Method><ResourceType>OBJECT</ResourceType><RequestId>K9HXTYX87YZM9114</RequestId><HostId>cPL4AoRLdD7keoTLWbTSMKaF7z4WbFKmFmgCbssjtBKSnTPNoF6JgfIXme9EzhdQ4ED3zCwhTCQ=</HostId></Error>

versitygw, on the other hand, allows the method to succeed, for any query key or even none at all, provided that that signatures are correctly calculated. Even with a gibberish or no key, versitygw returns an upload ID.

To Reproduce

1. Start versitygw, e.g.: ./versitygw --access=******** --secret=******** --region=us-east-1 --cert /Users/lukemccrone/devel/versitygw/cert.pem --key /Users/lukemccrone/devel/versitygw/versitygw.pem posix --versioning-dir /tmp/versioning /tmp/gw
2. Create bucket, e.g.: aws --no-verify-ssl s3api create-bucket --bucket versity-gwtest-bucket-luke-four-1
3. Run the following script, but change "uploads" to something else, ensuring that they match in the canonical request string and the curl command (otherwise, a 403 signature mismatch will be returned): https://github.com/versity/versitygw/blob/test_cmdline_lock_versioning/tests/rest_scripts/create_multipart_upload.sh.

Expected behavior versitygw returns a 405 as with direct-to-s3.

Server Version Version : v1.0.7 Build : b921246 BuildTime: 2024-10-16_05:47:24PM Darwin Lukes-MacBook-Pro.local 23.4.0 Darwin Kernel Version 23.4.0: Fri Mar 15 00:12:25 PDT 2024; root:xnu-10063.101.17~1/RELEASE_ARM64_T6030 arm64

[jonaustin09]

908 Will resolve this.