Bug #59136
openSupport bucket notification with bucket policy
0%
Description
1. Create 2 user(user1 and user2) for tenant1
2. create bucket using user1 of tenant1
3. putbucket notification to created bucket using user1 of tenant1
4. Create 2 user(user1 and user2) for tenant2
5. setbucketpolicy to bucket, so that it will be accesible to all user to perfrom all action (bucket_policy_generated:{'Version': '2012-10-17', 'Statement': [{'Action': ['s3:*'], 'Principal': {'AWS': '*'}, 'Resource': ['arn:aws:s3:::usera225e5b42efa45f3-bucky-4637-0', 'arn:aws:s3:::usera225e5b42efa45f3-bucky-4637-0/*'], 'Effect': 'Allow', 'Sid': 'statement'}]})
6. perform getbucketnotification from all user ---> getting failed with access denied for user1 of tenat1 and user1,user2 of tenant2
tried put with all user --> its working fine
Note: bucket notification feature is not supported with bucket policy observing AccessDenied
Updated by Yuval Lifshitz about 1 year ago
- Source set to Q/A
- Tags set to notifications
currently when any bucket notification operation is performed on a bucket, we verify that the user that sent the opration is the bucket owner.
any other user, even if permitted to do bucket operations accordign to the bucket policies, will not be allowed to perfrom bucket notification operations.
Updated by Casey Bodley about 1 year ago
- Status changed from New to Fix Under Review
- Pull request ID set to 50684
Updated by Casey Bodley about 1 year ago
- Status changed from Fix Under Review to Pending Backport
Updated by Backport Bot about 1 year ago
- Copied to Backport #59232: reef: Support bucket notification with bucket policy added
Updated by Backport Bot about 1 year ago
- Copied to Backport #59233: quincy: Support bucket notification with bucket policy added
Updated by Backport Bot about 1 year ago
- Tags changed from notifications to notifications backport_processed