[
https://issues.apache.org/jira/browse/HDDS-14899?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Fabian Morgan updated HDDS-14899:
---------------------------------
Status: Patch Available (was: In Progress)
> [STS] Updates to ACLs in IamSessionPolicyResolver
> -------------------------------------------------
>
> Key: HDDS-14899
> URL: https://issues.apache.org/jira/browse/HDDS-14899
> Project: Apache Ozone
> Issue Type: Sub-task
> Reporter: Fabian Morgan
> Assignee: Fabian Morgan
> Priority: Major
> Labels: pull-request-available
>
> Smoke testing revealed that the acls that IamSessionPolicyResolver produced
> for certain APIs did not match the acls that Ozone checked against.
> Specifically the following:
> 1) PutBucketAcl requires READ and READ_ACL (in addition to the already
> existing WRITE_ACL) on the bucket
> 2) AbortMultipartUpload requires WRITE on the key not DELETE
> 3) DeleteObjectTagging requires WRITE on the key not DELETE
> 4) Acl checks were added to ListParts in
> https://github.com/apache/ozone/pull/9976 so use LIST on the key instead of
> READ (in order to prevent giving download permission with just ListParts
> authorization)
> This ticket addresses these acl updates.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
