search

kubernetes-sigs / container-object-storage-interface-spec

Container Object Storage (COSI) Specification
Apache License 2.0
63 stars 21 forks source link

[19-December-2023] - COSI Bucket Names #45

Closed thotz closed 4 months ago

thotz commented 9 months ago

Copy pasting request from https://github.com/rook/rook/issues/13396

When creating buckets with a bucket claim like this:

apiVersion: objectstorage.k8s.io/v1alpha1
kind: BucketClaim
metadata:
  name: my-bucket
spec:
  bucketClassName: ceph-bucket-class
  protocols:
    - s3

The bucket created is ceph is not my-bucket but instead a random auto generated name. In our use case we need to be able to create buckets with specified names. Is that possible somehow?

BlaineEXE commented 9 months ago

From my understanding, this is as intended. If the COSI spec were to allow creating buckets with user-specified names it would be a security risk that could allow users to "hijack" other users' buckets by specifying the same bucket name multiple times in different COSI BucketClaims intentionally or unintentionally.

This feature is already documented in the KEP to the extent that it is allowed today, here: https://github.com/kubernetes/enhancements/tree/master/keps/sig-storage/1979-object-storage-support#add-bucket-instance-name-to-bucketaccessclass-brownfield

@wlan0 @xing-yang did I capture the upstream design considerations correctly?

thotz commented 9 months ago

@cfis ^^

k8s-triage-robot commented 6 months ago

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

You can:

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot commented 5 months ago

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

You can:

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

k8s-triage-robot commented 4 months ago

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues according to the following rules:

You can:

Please send feedback to sig-contributor-experience at kubernetes/community.

/close not-planned

k8s-ci-robot commented 4 months ago

@k8s-triage-robot: Closing this issue, marking it as "Not Planned".

In response to [this](https://github.com/kubernetes-sigs/container-object-storage-interface-spec/issues/45#issuecomment-2143350172): >The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. > >This bot triages issues according to the following rules: >- After 90d of inactivity, `lifecycle/stale` is applied >- After 30d of inactivity since `lifecycle/stale` was applied, `lifecycle/rotten` is applied >- After 30d of inactivity since `lifecycle/rotten` was applied, the issue is closed > >You can: >- Reopen this issue with `/reopen` >- Mark this issue as fresh with `/remove-lifecycle rotten` >- Offer to help out with [Issue Triage][1] > >Please send feedback to sig-contributor-experience at [kubernetes/community](https://github.com/kubernetes/community). > >/close not-planned > >[1]: https://www.kubernetes.dev/docs/guide/issue-triage/ Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.