-
Notifications
You must be signed in to change notification settings - Fork 367
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(bucket): Merge BucketPolicy with Bucket #1685
feat(bucket): Merge BucketPolicy with Bucket #1685
Conversation
8cce0d7
to
d42fc9d
Compare
Deprecate BucketPolicy. Signed-off-by: Maximilian Blatt <maximilian.blatt-extern@deutschebahn.com> (external expert on behalf of DB Netz AG)
d1a601b
to
6b6e213
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
The deprecation warning log is firing in the provider-aws pod constantly, even though I have no BucketPolicies specified. Also, given that we can't infer the ARN of the bucket, is there a suggested method to easily interpolate that value into the policy? |
Without BucketPolicy, this creates a situation that I'm in where I want to create an S3 bucket, and a CloudFront distribution. The Distribution needs the Bucket, but the Bucket needs the Distribution ARN in order to set the policy so that only CloudFront can communicate to the Bucket. So neither can be created without the other. |
That sounds more like an issue with the underlying
When you are creating a bucket MR you are also know the external name of the bucket. You can derive the ARN of the bucket as long as you know the ID of the AWS account it is created in.
Wouldn't it work if you create the bucket without a policy and add it later, once cloudfront has been initialized? |
Yes, and it does - however, the intent here is to deprecate bucket policy, no? |
Description of your changes
This adds a new field
spec.forProvider.policy
toBucket
to merge the functionality ofBucketPolicy
into the former.To avoid breaking changes with existing setups, policies are never deleted by the bucket controller by default. If
spec.forProvider.policy
is nil, the controller will do nothing.To change this behaviour the user can set the new field
spec.forProvider.policyUpdatePolicy.deletionPolicy
toIfNull
(default isNever
). This way, the controller will delete the external AWS policy.This also deprecates
BucketPolicy
with a warning to use the policy field inBucket
instead.Fixes #1684
I have:
make reviewable test
to ensure this PR is ready for review.How has this code been tested
See the provided example.