Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add bucket authentication for server side encryption algorithm #7273

Merged
merged 1 commit into from
Aug 27, 2023
Merged

add bucket authentication for server side encryption algorithm #7273

merged 1 commit into from
Aug 27, 2023

Conversation

nadavMiz
Copy link
Contributor

Explain the changes

expend bucket policy to enable statements containing conditions for authenticating based on server side encryption algorithm. providing base for farther adding other condition statements. enabling deny, accept bucket policies for stringEquals StringNotEquals and null conditions for server side encryptions

Testing Instructions:

  1. ceph s3 test: s3tests_boto3.functional.test_s3:test_bucket_policy_put_obj_s3_noenc

@nadavMiz nadavMiz requested review from a team and nbecker-cibot and removed request for a team April 19, 2023 09:12
@nadavMiz nadavMiz self-assigned this Apr 19, 2023
@nadavMiz nadavMiz requested review from a team, naveenpaul1 and liranmauda and removed request for nbecker-cibot and a team April 19, 2023 09:13
@aspandey aspandey self-requested a review April 19, 2023 09:45
@nadavMiz nadavMiz force-pushed the authenticate_encryption branch 2 times, most recently from a1a3ead to f51ab06 Compare April 19, 2023 10:18
liranmauda
liranmauda reviewed Apr 19, 2023
View reviewed changes
src/api/common_api.js Outdated Show resolved Hide resolved
@nadavMiz nadavMiz requested a review from aspandey April 27, 2023 09:02
liranmauda
liranmauda reviewed Apr 30, 2023
View reviewed changes
src/api/common_api.js Show resolved Hide resolved
src/endpoint/s3/ops/s3_put_bucket_policy.js Outdated Show resolved Hide resolved
src/endpoint/s3/ops/s3_put_bucket_policy.js Outdated Show resolved Hide resolved
src/endpoint/s3/ops/s3_put_bucket_policy.js Outdated Show resolved Hide resolved
src/api/common_api.js Outdated Show resolved Hide resolved
@nadavMiz nadavMiz force-pushed the authenticate_encryption branch 4 times, most recently from 2a315bb to dc57609 Compare May 3, 2023 09:22
jackyalbo
jackyalbo reviewed May 17, 2023
View reviewed changes
Copy link
Contributor

@jackyalbo jackyalbo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should add unit tests to cover these changes in test_s3_bucket_policy. Please add.

@nadavMiz nadavMiz force-pushed the authenticate_encryption branch 2 times, most recently from 9ac1f2b to eea5c65 Compare May 21, 2023 14:50
@nadavMiz
Copy link
Contributor Author

We should add unit tests to cover these changes in test_s3_bucket_policy. Please add.

I have added unit tests. also I have noticed I didn't handle returning the condition values to their original values in get _bucket_policy, so I have added that, and unit test for it

@nadavMiz nadavMiz requested a review from jackyalbo May 21, 2023 14:52
jackyalbo
jackyalbo reviewed May 23, 2023
View reviewed changes
src/endpoint/s3/ops/s3_get_bucket_policy.js Outdated Show resolved Hide resolved
src/endpoint/s3/ops/s3_put_bucket_policy.js Outdated Show resolved Hide resolved
src/endpoint/s3/ops/s3_put_bucket_policy.js Outdated Show resolved Hide resolved
liranmauda
liranmauda previously requested changes May 24, 2023
View reviewed changes
Copy link
Contributor

@liranmauda liranmauda left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should think if this is actually required.
@dannyzaken WDYT?

I don't think that we should add bucket authentication for server-side encryption algorithm In a PR just for fixing a ceph test.

As @dannyzaken and I suggested before, this feels too big of a change as it is touching the authentication, and we should do it as a feature and not partially as part of a ceph test.

I think that we should close this PR.

@nimrod-becker @dannyzaken @jackyalbo WDYT?

@nadavMiz nadavMiz force-pushed the authenticate_encryption branch 5 times, most recently from d2f00a9 to 8c61e2c Compare July 5, 2023 06:45
guymguym
guymguym reviewed Jul 5, 2023
View reviewed changes
src/api/common_api.js Outdated Show resolved Hide resolved
guymguym
guymguym reviewed Jul 5, 2023
View reviewed changes
src/api/common_api.js Outdated Show resolved Hide resolved
guymguym
guymguym reviewed Jul 5, 2023
View reviewed changes
src/endpoint/s3/s3_rest.js Outdated Show resolved Hide resolved
@nadavMiz nadavMiz force-pushed the authenticate_encryption branch 3 times, most recently from 3c21ee2 to 9ba289e Compare August 23, 2023 15:03
jackyalbo
jackyalbo reviewed Aug 27, 2023
View reviewed changes
src/endpoint/s3/s3_bucket_policy_utils.js Outdated Show resolved Hide resolved
src/endpoint/s3/s3_bucket_policy_utils.js Outdated Show resolved Hide resolved
src/endpoint/s3/s3_bucket_policy_utils.js Outdated Show resolved Hide resolved
src/server/system_services/bucket_server.js Outdated Show resolved Hide resolved
@nadavMiz
change bucket policy schema to fit AWS json
f375893 
Signed-off-by: nadav mizrahi <nadav.mizrahi16@gmail.com>
@nadavMiz nadavMiz merged commit c497a4f into noobaa:master Aug 27, 2023
7 checks passed
@romayalon romayalon mentioned this pull request Feb 12, 2024
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@guymguym guymguym guymguym left review comments

@jackyalbo jackyalbo jackyalbo approved these changes

@liranmauda liranmauda liranmauda left review comments

@naveenpaul1 naveenpaul1 Awaiting requested review from naveenpaul1 naveenpaul1 was automatically assigned from noobaa/dev

@aspandey aspandey Awaiting requested review from aspandey

Assignees

@nadavMiz nadavMiz

Labels
size/XL
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@nadavMiz @guymguym @aspandey @jackyalbo @liranmauda