Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added permissions for s3 copy to have permission to write to cache bucket #531

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Added permissions for s3 copy to have permission to write to cache bucket #531

wants to merge 2 commits into from

Conversation

alexiswl
Copy link
Member

Resolves #530

@alexiswl alexiswl self-assigned this Jan 23, 2025
@andrewpatto
Copy link
Member

Should we limit it to a "sharing" keyspace in the bucket..

@alexiswl
Copy link
Member Author

Sure, or a 'restore' keyspace?

@andrewpatto
Copy link
Member

Yes -name to be decided .. "restore" sounds good. @reisingerf ?

@andrewpatto
Copy link
Member

So the Get and List should be *, and the Put and Delete restricted I think.

@andrewpatto
Copy link
Member

Also, "s3:GetObjectVersion" seems to be missing from the lists.. if GetObjectVersionTagging is there - so should the ability to get the actual versioned objects too

@reisingerf
Copy link
Member

reisingerf commented Jan 24, 2025
edited
Loading

Yes, a restriction to a "restore" prefix would be good. Also happy with 'restore' or perhaps better 'restored' as it sounds more of a fact and less of a ToDo.

As for the permissions, they are probably a bit too generous. I don't think we need to deal with version (of tags nor objects). Versioning at the moment is an emergency backup in case something went wrong and then it generally requires an admin to sort things out.

@andrewpatto andrewpatto reopened this Jan 24, 2025
@alexiswl
Copy link
Member Author

alexiswl commented Jan 24, 2025
edited
Loading

Updated, split read / write statements and added restore prefix to write roles

reisingerf
reisingerf approved these changes Jan 24, 2025
View reviewed changes
Copy link
Member

@reisingerf reisingerf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@reisingerf reisingerf reisingerf approved these changes

@andrewpatto andrewpatto andrewpatto approved these changes

Assignees

@alexiswl alexiswl

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Give steps_s3_copy_restore_share_access write access to pipeline cache bucket
3 participants
@alexiswl @andrewpatto @reisingerf