Open copejon opened 5 years ago
I totally agree almost...I guess the scenario I'm thinking about is brownfield - if I have a bucket and I want to give access to another user/namespace to be able to use the bucket BUT only in read-only mode, if I leave it to the obc, the user can give him/herself full access. Wondering if this should be controlled via the SC and not the OBC?? thoughts?
This proposal is only for users requesting dynamic buckets. I agree that static buckets are a different story. I'll edit the name to make it more apparent
Also consider that use of ACLs is being discouraged by Amazon and policy is preferred. Also, we need to decide if Policies/ACLs are their own resource (CRD), and if so, how that relates to RBAC. And if not new CRDs then their representation is limited, eg. [string]string map. Default, min and max Policy/ACLs need to be considered.
See also #94
ACLs are a common feature of S3 API implementations and provide an easy method for defining access at creation time. Users requesting dynamic buckets should be the ones defining the public/private access policies of their buckets and should do so via the OBC.
A spec sub-structure should be added to encapsulate these ACLs and the library should have to capability to check that the value matches a supported list. Creation of the ACLs via an S3 interface should be left to provisioner authors.
Edit - static buckets (a.k.a. brownfield) should not be considered in this design - users should not be allowed to alter static bucket ACLs.