Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

S3 Bucket Policy Support #289

Merged
merged 1 commit into from
Aug 13, 2020
Merged

S3 Bucket Policy Support #289

merged 1 commit into from
Aug 13, 2020

Conversation

krishchow
Copy link
Collaborator

@krishchow krishchow commented Jul 15, 2020
edited

Description of your changes

Fixes #280
This is a semi-complete PR that aims to add support for Bucket Policies which can be provided within the CRD for an S3 Bucket.

Checklist

I have:

  • [ ✅ ] Run make reviewable to ensure this PR is ready for review.
  • [ ✅ ] Ensured this PR contains a neat, self documenting set of commits.
  • [ ✅ ] Updated any relevant documentation, examples, or release notes.
  • [ ✅ ] Updated the dependencies in app.yaml to include any new role permissions.

hasheddan
hasheddan reviewed Jul 16, 2020
View reviewed changes
apis/storage/v1alpha3/bucket_types.go Outdated Show resolved Hide resolved
apis/storage/v1alpha3/policy_types.go Outdated Show resolved Hide resolved
@krishchow krishchow force-pushed the S3BucketPolicy branch 5 times, most recently from bfa74ac to e62b392 Compare July 24, 2020 03:56
@krishchow
Copy link
Collaborator Author

@hasheddan I think this PR should be ready for review now

hasheddan
hasheddan requested changes Jul 27, 2020
View reviewed changes
Copy link
Member

@hasheddan hasheddan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for working on this @krishchow! A few questions and suggestions below. @muvaf and @negz, how do you feel about AWS taking a string for the policy but us presenting it as structured here to users? Definitely a nice experience from the aspect of implementing referencers within the policy, but could be seen as a deviation from the interface AWS provides to users.

apis/storage/v1alpha3/bucketpolicy_types.go Outdated Show resolved Hide resolved
apis/storage/v1alpha3/bucketpolicy_types.go Outdated Show resolved Hide resolved
apis/storage/v1alpha3/bucketpolicy_types.go Outdated Show resolved Hide resolved
pkg/clients/s3/fake/fake.go Outdated Show resolved Hide resolved
pkg/controller/s3/s3bucketpolicy/s3bucketpolicy.go Outdated Show resolved Hide resolved
pkg/clients/s3/fake/fake.go Outdated Show resolved Hide resolved
apis/storage/v1alpha3/bucketpolicy_types.go Outdated Show resolved Hide resolved
apis/storage/v1alpha3/bucketpolicy_types.go Outdated Show resolved Hide resolved
apis/storage/v1alpha3/bucketpolicy_types.go Outdated Show resolved Hide resolved
apis/storage/v1alpha3/bucketpolicy_types.go Outdated Show resolved Hide resolved
muvaf
muvaf reviewed Jul 29, 2020
View reviewed changes
Copy link
Member

@muvaf muvaf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@muvaf and @negz, how do you feel about AWS taking a string for the policy but us presenting it as structured here to users? Definitely a nice experience from the aspect of implementing referencers within the policy, but could be seen as a deviation from the interface AWS provides to users.

I think it's a good idea if we're able to get the struct and its fields correctly representative of what works in AWS, which could be challenging. One thing I'd want to make sure it works is that the copy-paste of an existing policy should work as-is for a good UX. For example, I have a policy in AWS console and I edit a few small things in my local and copy it to spec of my managed resource. If we keep it as raw string then there is no reason that this wouldn't work but there could be some weird exceptions related to format that we didn't take into account. Is there a formal specification of the JSON schema by AWS that we can refer to?

Other than that, I didn't review the PR very deeply but it looks pretty good, had a few nitpicks caught my eye during my skimming. Thanks @krishchow !

pkg/controller/s3/s3bucketpolicy/s3bucketpolicy.go Outdated Show resolved Hide resolved
pkg/controller/s3/s3bucketpolicy/s3bucketpolicy.go Outdated Show resolved Hide resolved
@krishchow
Copy link
Collaborator Author

Hey @muvaf! Thanks for the review, these changes look good, I'll make them ASAP. This is the documentation I used.

For example, I have a policy in AWS console and I edit a few small things in my local and copy it to spec of my managed resource. If we keep it as raw string then there is no reason that this wouldn't work but there could be some weird exceptions related to format that we didn't take into account

I can introduce another string field under the spec, should this take priority over the generated body if both are provided, or should this cause an error?

@muvaf
Copy link
Member

muvaf commented Jul 29, 2020

This is the documentation I used.

@krishchow Great, could you refer to this doc in the code as well? If it's a match, copy-paste YAML should just work. I don't think we need an additional raw input field since it seems they pinned down the format to a specific version and we can rely on that.

@hasheddan
Copy link
Member

@krishchow it appears some of the fields in the documentation you linked are not reflected here such as Not variations and Condition. Are those intentionally excluded?

@krishchow krishchow force-pushed the S3BucketPolicy branch 4 times, most recently from fef3791 to 05f3957 Compare August 5, 2020 01:17
@hasheddan hasheddan self-assigned this Aug 5, 2020
@krishchow krishchow force-pushed the S3BucketPolicy branch 5 times, most recently from ef43bbd to 79a9916 Compare August 5, 2020 22:09
@mcavoyk mcavoyk mentioned this pull request Aug 6, 2020
Closed
@krishchow krishchow force-pushed the S3BucketPolicy branch 2 times, most recently from 33b3b5a to 9e59da3 Compare August 10, 2020 00:04
@krishchow
added S3BucketPolicy CR
5c16c4d 
Signed-off-by: Krish Chowdhary <krish@redhat.com>
hasheddan
hasheddan approved these changes Aug 13, 2020
View reviewed changes
Copy link
Member

@hasheddan hasheddan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@krishchow thanks for working on this! If you have any examples you have been using and want to follow with a PR to drop one in the examples/ directory that would be awesome!

@hasheddan hasheddan merged commit a5802fe into crossplane-contrib:master Aug 13, 2020
@prasek prasek mentioned this pull request Oct 28, 2020
Closed
26 tasks
wolffbe pushed a commit to wolffbe/provider-aws that referenced this pull request Feb 12, 2021
@hasheddan
Merge pull request crossplane-contrib#289 from krishchow/S3BucketPolicy
1eff26e 
S3 Bucket Policy Support
namku pushed a commit to namku/provider-aws that referenced this pull request Mar 9, 2021
@hasheddan
Merge pull request crossplane-contrib#289 from krishchow/S3BucketPolicy
c92a0f4 
S3 Bucket Policy Support
tektondeploy pushed a commit to gtn3010/provider-aws that referenced this pull request Mar 12, 2024
@kdibrov
Merge pull request crossplane-contrib#289 from kdibrov/issue-216
634400a 
Added (6) resources to DirectConnect group for issue 216
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@muvaf muvaf muvaf left review comments

@hasheddan hasheddan hasheddan approved these changes

Assignees

@hasheddan hasheddan

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add support for S3 BucketPolicy
3 participants
@krishchow @muvaf @hasheddan