Project

General

Profile

Actions
Copy link

Bug #48926

open

rgw: apparent failure to honor glob actions in bucket policy

Added by Matt Benjamin over 3 years ago. Updated over 2 years ago.

Status:
New
Priority:
Normal
Assignee:
Pritha Srivastava
Target version:
-
% Done:

0%

Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

Policy with Action of 's3:*' parse, but Kyle Bader found he had to expand the full list to get correct behavior:

'Principal': '*',
        'Action': ['s3:*'],
        #'Action': ['s3:*', 's3:GetObject', 's3:PutObject', 's3:PutObjectAcl', 's3:ListBucket', 's3:DeleteObject'],
        'Resource': f'arn:aws:s3:::{bucket_name}/*'
Actions
Copy link
 #1

Updated by Kyle Bader over 3 years ago

Upon further investigation, this policy seems to be the ticket for me:

bucket_policy = {
    'Version': '2012-10-17',
    'Statement': [{
        'Sid': 'AllAccess',
        'Effect': 'Allow',
        'Principal': '*',
        'Action': ['s3:*'],
        #'Action': ['s3:*', 's3:GetObject', 's3:PutObject', 's3:PutObjectAcl', 's3:ListBucket', 's3:DeleteObject'],
        #'Resource': f'arn:aws:s3:::{bucket_name}/*'
        'Resource': '*'
    }]
}
Actions
Copy link
 #2

Updated by Adam Emerson over 2 years ago

  • Assignee changed from Adam Emerson to Pritha Srivastava
Actions
Copy link

Also available in: Atom PDF