fmorg-git opened a new pull request, #9977: URL: https://github.com/apache/ozone/pull/9977
Please describe your PR in detail: * Smoke testing revealed that the acls that IamSessionPolicyResolver produced for certain APIs did not match the acls that Ozone checked against. Specifically the following: 1) PutBucketAcl requires READ and READ_ACL (in addition to the already existing WRITE_ACL) on the bucket 2) AbortMultipartUpload requires WRITE on the key not DELETE 3) DeleteObjectTagging requires WRITE on the key not DELETE 4) Acl checks were added to ListParts in https://github.com/apache/ozone/pull/9976 so use LIST on the key instead of READ (in order to prevent giving download permission with just ListParts authorization) This ticket addresses these acl updates. * This PR depends on https://github.com/apache/ozone/pull/9976 ## What is the link to the Apache JIRA https://issues.apache.org/jira/browse/HDDS-14899 ## How was this patch tested? unit tests, smoke tests -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
