Bug #53186
opennotifications: add zonegrouop to bucket ARN
0%
Description
"bucket":{"name":"rhcs5-vbkt-np1111","ownerIdentity":{"principalId":"kvm-ssl"},"arn":"arn:aws:s3:::rhcs5-vbkt-np1111","id":"rhcs5-vbkt-np1111:198e8943-17f1-428c-8885-925cb9dc18d0.5134.2"},
Updated by Casey Bodley over 2 years ago
hi Yuval, can you add a bit of context here? does this just apply to notifications, or to our IAM policy handling in general? can we make changes there without breaking backward compatibility?
Updated by Yuval Lifshitz over 2 years ago
just for notifications. i guess that the best way to preserve backward compatibility is to add another ARN bucket constructor:
ARN::ARN(const rgw_bucket& b, const std::string& region) : partition(Partition::aws), service(Service::s3), region(region), account(b.tenant), resource(b.name) { }
and we should invoke that with the zonegroup when creating the notification, in:
https://github.com/ceph/ceph/blob/master/src/rgw/rgw_notify.cc#L687
Updated by Yuval Lifshitz almost 2 years ago
- new constructor for ARN that includes bucket and region:
ARN::ARN(const rgw_bucket& b, const std::string& region) : partition(Partition::aws), service(Service::s3), region(region), account(b.tenant), resource(b.name) { }
should be added here: https://github.com/ceph/ceph/blob/main/src/rgw/rgw_arn.h#L58 - this constructor should be used here: https://github.com/ceph/ceph/blob/master/src/rgw/rgw_notify.cc#L690
instead of the existing one thta does not accept region. the region itself should be used similarly to here: https://github.com/ceph/ceph/blob/master/src/rgw/rgw_notify.cc#L695
Updated by Yuval Lifshitz almost 2 years ago
sample bucket notification:
{ "Records":[ { "eventVersion":"2.2", "eventSource":"ceph:s3", "awsRegion":"default", "eventTime":"2022-05-29T11:50:46.013741Z", "eventName":"ObjectCreated:Put", "userIdentity":{ "principalId":"raz" }, "requestParameters":{ "sourceIPAddress":"" }, "responseElements":{ "x-amz-request-id":"48f61eac-ee4a-4545-bf1b-2716a7cfae53.22501.15612936367609597389", "x-amz-id-2":"57e5-default-default" }, "s3":{ "s3SchemaVersion":"1.0", "configurationId":"notif1", "bucket":{ "name":"hello", "ownerIdentity":{ "principalId":"raz" }, "arn":"arn:aws:s3:::hello", "id":"48f61eac-ee4a-4545-bf1b-2716a7cfae53.22503.12" }, "object":{ "key":"myfile", "size":512, "eTag":"274749f9dc01555f5954ceb205d161fe", "versionId":"", "sequencer":"165E9362D3BD4301", "metadata":[ { "key":"x-amz-content-sha256", "val":"92e078b5db587083bcf7aaa56227018743b6d71bfc3e58780356b960577efc28" }, { "key":"x-amz-date", "val":"20220529T115046Z" } ], "tags":[ ] } }, "eventId":"1653825046.021216.274749f9dc01555f5954ceb205d161fe", "opaqueData":"" } ] }
after the fix, the expected result should be:
{ "Records":[ { "eventVersion":"2.2", "eventSource":"ceph:s3", "awsRegion":"default", "eventTime":"2022-05-29T11:50:46.013741Z", "eventName":"ObjectCreated:Put", "userIdentity":{ "principalId":"raz" }, "requestParameters":{ "sourceIPAddress":"" }, "responseElements":{ "x-amz-request-id":"48f61eac-ee4a-4545-bf1b-2716a7cfae53.22501.15612936367609597389", "x-amz-id-2":"57e5-default-default" }, "s3":{ "s3SchemaVersion":"1.0", "configurationId":"notif1", "bucket":{ "name":"hello", "ownerIdentity":{ "principalId":"raz" }, "arn":"arn:aws:s3:defailt::hello", <-- this is where the change is "id":"48f61eac-ee4a-4545-bf1b-2716a7cfae53.22503.12" }, "object":{ "key":"myfile", "size":512, "eTag":"274749f9dc01555f5954ceb205d161fe", "versionId":"", "sequencer":"165E9362D3BD4301", "metadata":[ { "key":"x-amz-content-sha256", "val":"92e078b5db587083bcf7aaa56227018743b6d71bfc3e58780356b960577efc28" }, { "key":"x-amz-date", "val":"20220529T115046Z" } ], "tags":[ ] } }, "eventId":"1653825046.021216.274749f9dc01555f5954ceb205d161fe", "opaqueData":"" } ] }
this is following this specification: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
Updated by Yuval Lifshitz over 1 year ago
- Backport changed from pacific, octopus to quincy, pacific
Updated by Yuval Lifshitz over 1 year ago
- Status changed from New to Fix Under Review
Updated by Yuval Lifshitz over 1 year ago
- Status changed from Fix Under Review to Pending Backport
Updated by Backport Bot over 1 year ago
- Copied to Backport #57551: pacific: notifications: add zonegrouop to bucket ARN added
Updated by Backport Bot over 1 year ago
- Copied to Backport #57552: quincy: notifications: add zonegrouop to bucket ARN added
Updated by Backport Bot over 1 year ago
- Tags changed from notifications to notifications backport_processed