Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add preserve ACL grants feature #51

Merged
merged 4 commits into from
Nov 28, 2024
Merged

Add preserve ACL grants feature #51

merged 4 commits into from
Nov 28, 2024

Conversation

pablo1664
Copy link
Contributor

@pablo1664 pablo1664 commented Nov 26, 2024
edited
Loading

Add option syncACLGrants to ensure all ACL bucket/object have grants synchronized.
Default value to false

@pablo1664
fix: Use grant ID for grants on MappedOwenersACL
97b9f5d 
Object ACL grants are replaced by source owner and replicate all existing grants
@aiivashchenko
Copy link
Collaborator

Hi @pablo1664! Can you elaborate a little bit more on a PR? I.e. what is the issue you have faced, and how is this change resolving it?

@pablo1664
Copy link
Contributor Author

Hi,
Sorry, yes little more context, I have 2 ceph cluster, one legacy and new one.
The needed is to migrate all bucket to the new one.
One admin user is configured that is the owner of all buckets, and many users that have full control on multiple buckets.
ACL are used by default and some buckets have also policies configured.

On the worker, source and destination use same user ID to access buckets.

When I add bucket replication, object ACL are not the same from the source, by the way Object owner have to be the same ID used by the worked.

Bucket ACL seems to be good, but all grants on Object ACL are set with only the ID used by the worker.
If bucket have only ACL configured Users can no longer GET/PUT on existing object.

Finaly this fix can work in this case, but after reflection can not the good way on different configuration with other provider.
Probably add an option to replicate ACL Grants source if needed.

@pablo1664 pablo1664 changed the title Use grant ID for grants on MappedOwenersACL Add sync ACL grants option from source Nov 27, 2024
arttor
arttor requested changes Nov 28, 2024
View reviewed changes
docker-compose/s3-credentials.yaml Outdated Show resolved Hide resolved
@pablo1664 pablo1664 changed the title Add sync ACL grants option from source Add preserve ACL grants feature Nov 28, 2024
@arttor arttor merged commit a60e25d into clyso:main Nov 28, 2024
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@arttor arttor arttor approved these changes

@schucly schucly Awaiting requested review from schucly schucly is a code owner

@fa-at-pulsit fa-at-pulsit Awaiting requested review from fa-at-pulsit fa-at-pulsit is a code owner

@aiivashchenko aiivashchenko Awaiting requested review from aiivashchenko aiivashchenko is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@pablo1664 @aiivashchenko @arttor