Open copejon opened 5 years ago
screeley44
commented
5 years ago I totally agree almost...I guess the scenario I'm thinking about is brownfield - if I have a bucket and I want to give access to another user/namespace to be able to use the bucket BUT only in read-only mode, if I leave it to the obc, the user can give him/herself full access. Wondering if this should be controlled via the SC and not the OBC?? thoughts?
copejon
commented
5 years ago This proposal is only for users requesting dynamic buckets. I agree that static buckets are a different story. I'll edit the name to make it more apparent
jeffvance
commented
5 years ago Also consider that use of ACLs is being discouraged by Amazon and policy is preferred. Also, we need to decide if Policies/ACLs are their own resource (CRD), and if so, how that relates to RBAC. And if not new CRDs then their representation is limited, eg. [string]string map. Default, min and max Policy/ACLs need to be considered.
See also #94
ACLs are a common feature of S3 API implementations and provide an easy method for defining access at creation time. Users requesting dynamic buckets should be the ones defining the public/private access policies of their buckets and should do so via the OBC.
A spec sub-structure should be added to encapsulate these ACLs and the library should have to capability to check that the value matches a supported list. Creation of the ACLs via an S3 interface should be left to provisioner authors.
Edit - static buckets (a.k.a. brownfield) should not be considered in this design - users should not be allowed to alter static bucket ACLs.