Skip to content

Commit

Permalink
upload helper: support upload to S3 buckets that block ACLs
Browse files Browse the repository at this point in the history 
Similar to GCS with UBLA, S3 is now encouraging buckets that block
ACLs.  When we upload to one of these buckets, we cannot set ACLs.

When we detect one of these buckets, we simply skip setting the ACL,
assuming the object ACLs are instead managed at the bucket level, when
the bucket was created.
  • Loading branch information
@justinsb
justinsb committed May 4, 2023
1 parent c7b5e70 commit 3425d9d
Showing 1 changed file with 7 additions and 1 deletion.
8 changes: 7 additions & 1 deletion hack/upload
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,13 @@ if [[ -z "${DEST}" ]]; then
fi

if [[ "${DEST:0:5}" == "s3://" ]]; then
aws s3 sync ${PUBLIC:+--acl public-read} ${SRC} ${DEST}
acl_flag="${PUBLIC:+--acl public-read}"
bucket=$(echo "${DEST}" | cut -d/ -f3)
# S3 buckets with BucketOwnerEnforced error on attempts to set ACLs
if aws s3api get-bucket-ownership-controls --bucket "${bucket}" | grep -q "BucketOwnerEnforced" 2>/dev/null; then
acl_flag=""
fi
aws s3 sync ${acl_flag} ${SRC} ${DEST}
exit 0
fi

Expand Down

0 comments on commit 3425d9d

Please sign in to comment.