search

spiffe / spiffe.io

Source for the SPIFFE and SPIRE project websites. Hosted by the Cloud Native Computing Foundation
https://spiffe.io/
Other
25 stars 59 forks source link

Removed HeadBucket #297

Closed quintessence closed 6 months ago

quintessence commented 7 months ago

Description of the change

This PR removes HeadBucket as it is not currently valid JSON for the IAM policy. Source page:

https://spiffe.io/docs/latest/keyless/oidc-federation-aws/

Which issue this PR fixes

Fixes a prior PR (#253 ) with the latest state of the GitHub repository.

netlify[bot] commented 7 months ago

Deploy Preview for spiffe ready!

Name Link
Latest commit 8822efcae18d43b583220ad3d3a682e548d736a0
Latest deploy log https://app.netlify.com/sites/spiffe/deploys/65d91f0460227100083cc35d
Deploy Preview https://deploy-preview-297--spiffe.netlify.app
Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

evan2645 commented 7 months ago

Thanks @quintessence! Would you mind also replacing s3:ListAllMyBuckets with s3:ListBuckets as part of this?

quintessence commented 7 months ago

Thanks @quintessence! Would you mind also replacing s3:ListAllMyBuckets with s3:ListBuckets as part of this?

I was able to get it to work with s3:ListAllMyBuckets in the end. The original error message made it look like more lines were a problem than there actually were.* The only one that ultimately needed to be changed was HeadBucket. (ListAllMyBuckets is what I have working in my work through right now.)

evan2645 commented 6 months ago

👍 thanks for the clarification @quintessence, I think the confusion previously was on API actions vs permissions actions. The AWS docs I've just referenced suggest that s3:ListallMyBuckets is the correct permissions action. Sorry for the confusion!

sanderson042 commented 6 months ago

Hi Quintessence - the checks under "Some checks haven’t completed yet" still did not re-run after you fixed the DCO issue. You might try this hack to nudge GitHub to re-run those checks: change something minor in the file in your branch, save the file, commit that change, and push the change to this pull request. For example, in the first sentence, you could change "SPIRE identified" to "SPIRE-identified".

mchurichi commented 6 months ago

Hi Quintessence - the checks under "Some checks haven’t completed yet" still did not re-run after you fixed the DCO issue.

@sanderson042 That's actually because we had not approved the build to run on Netlify :) it's running now and checks should show in a minute.

quintessence commented 6 months ago

Looks like they're all clear :D

sanderson042 commented 6 months ago

Hi Quintessence - the checks under "Some checks haven’t completed yet" still did not re-run after you fixed the DCO issue.

@sanderson042 That's actually because we had not approved the build to run on Netlify :) it's running now and checks should show in a minute.

Thanks, Maxi! I was going to bug you if the check-in trick didn't work.