[
https://issues.apache.org/jira/browse/HDDS-14894?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Fabian Morgan updated HDDS-14894:
---------------------------------
Description: Currently, there are no acl checks in the S3
ListMultipartUploads implementation. This affects STS because, for example, if
a token is scoped to have only PutObject access, the token can also call
ListMultipartUploads because there are no acl checks. This ticket adds the acl
checks. (was: Currently, there are no acl checks in the S3
ListMultipartUploads implementation. This affects STS because, for example, if
a token is scoped to have only PutObject access, the token can also call
ListMultipartUploads because there are no acl checks. This ticket adds the acl
checks for STS requests because it is unclear how many users would be affected
if acl checks were added to the base S3 apis.)
> [STS] Fix Latent S3 API Issue having No Acl Check for ListMultipartUploads
> --------------------------------------------------------------------------
>
> Key: HDDS-14894
> URL: https://issues.apache.org/jira/browse/HDDS-14894
> Project: Apache Ozone
> Issue Type: Sub-task
> Reporter: Fabian Morgan
> Assignee: Fabian Morgan
> Priority: Major
> Labels: pull-request-available
>
> Currently, there are no acl checks in the S3 ListMultipartUploads
> implementation. This affects STS because, for example, if a token is scoped
> to have only PutObject access, the token can also call ListMultipartUploads
> because there are no acl checks. This ticket adds the acl checks.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
