[
https://issues.apache.org/jira/browse/HDDS-14894?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Fabian Morgan updated HDDS-14894:
---------------------------------
Description: Currently, there are no acl checks in the S3
ListMultipartUploads implementation. This affects STS because, for example, if
a token is scoped to have only PutObject access, the token can also call
ListMultipartUploads because there are no acl checks. This ticket adds the acl
checks for STS requests because it is unclear how many users would be affected
if acl checks were added to the base S3 apis. (was: Currently, there are no
acl checks in the S3 ListMultipartUploads implementation. This affects STS
because, for example, if a token is scoped to have only PutObject access, the
token can also call ListMultipartUploads because there are no acl checks. This
ticket adds the acl checks for STS requests because it is unclear how many
users would be affected if acl checks are added to the base S3 apis.)
> [STS] Fix Latent S3 API Issue having No Acl Check for ListMultipartUploads
> --------------------------------------------------------------------------
>
> Key: HDDS-14894
> URL: https://issues.apache.org/jira/browse/HDDS-14894
> Project: Apache Ozone
> Issue Type: Sub-task
> Reporter: Fabian Morgan
> Assignee: Fabian Morgan
> Priority: Major
> Labels: pull-request-available
>
> Currently, there are no acl checks in the S3 ListMultipartUploads
> implementation. This affects STS because, for example, if a token is scoped
> to have only PutObject access, the token can also call ListMultipartUploads
> because there are no acl checks. This ticket adds the acl checks for STS
> requests because it is unclear how many users would be affected if acl checks
> were added to the base S3 apis.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
