Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rgw/notifications: support bucket notification with bucket policy #50684

Merged
merged 1 commit into from Mar 30, 2023
Merged

rgw/notifications: support bucket notification with bucket policy #50684

merged 1 commit into from Mar 30, 2023

Conversation

yuvalif
Copy link
Contributor

@yuvalif yuvalif commented Mar 27, 2023
edited

following policy should be used to allow any user to get, put and delete bucket notification on a bucket called "my-bucket":

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Statement",
      "Effect": "Allow",
      "Principal": "*",
      "Action": ["s3:GetBucketNotification", "s3:PutBucketNotification"],
      "Resource": "arn:aws:s3:::my-bucket"
    }
  ]
}

note that notification deletion uses the "PUT" permission.

Fixes: https://tracker.ceph.com/issues/59136

Checklist

  • Tracker (select at least one)
    • References tracker ticket
    • Very recent bug; references commit where it was introduced
    • New feature (ticket optional)
    • Doc update (no ticket needed)
    • Code cleanup (no ticket needed)
  • Component impact
    • Affects Dashboard, opened tracker ticket
    • Affects Orchestrator, opened tracker ticket
    • No impact that needs to be tracked
  • Documentation (select at least one)
    • Updates relevant documentation
    • No doc update is appropriate
  • Tests (select at least one)
Show available Jenkins commands
  • jenkins retest this please
  • jenkins test classic perf
  • jenkins test crimson perf
  • jenkins test signed
  • jenkins test make check
  • jenkins test make check arm64
  • jenkins test submodules
  • jenkins test dashboard
  • jenkins test dashboard cephadm
  • jenkins test api
  • jenkins test docs
  • jenkins render docs
  • jenkins test ceph-volume all
  • jenkins test ceph-volume tox
  • jenkins test windows

@yuvalif
rgw/notifications: support bucket notification with bucket policy
e100d39 
following policy should be used to allow any user to get, put and delete
bucket notification on a bucket called "my-bucket":
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Statement",
      "Effect": "Allow",
      "Principal": "*",
      "Action": ["s3:GetBucketNotification", "s3:PutBucketNotification"],
      "Resource": "arn:aws:s3:::my-bucket"
    }
  ]
}

note that notification deletion uses the "PUT" permission.

Fixes: https://tracker.ceph.com/issues/59136

Signed-off-by: Yuval Lifshitz <ylifshit@redhat.com>
@yuvalif yuvalif requested a review from a team as a code owner March 27, 2023 10:41
@yuvalif yuvalif removed the tests label Mar 27, 2023
@yuvalif
Copy link
Contributor Author

yuvalif commented Mar 28, 2023

teutholgy passing: http://pulpito.front.sepia.ceph.com/yuvalif-2023-03-28_09:59:44-rgw:notifications-wip-yuval-fix-59136-distro-default-smithi/

@mattbenjamin mattbenjamin merged commit de776bc into ceph:main Mar 30, 2023
5 checks passed
@yuvalif yuvalif deleted the wip-yuval-fix-59136 branch August 14, 2023 08:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dang dang dang approved these changes

Assignees
No one assigned
Labels
rgw wip-yuval-testing
Projects
None yet
Milestone
No milestone
3 participants
@yuvalif @dang @mattbenjamin