Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Block public access to S3 bucket created by integration tests #615

Merged
merged 2 commits into from
May 3, 2023

Conversation

shreyas-s-rao
Copy link
Collaborator

/area backup
/area security
/area compliance
/kind task
/kind test
/platform aws

What this PR does / why we need it:
This PR configures the S3 buckets created by integration tests to be blocked from public access as per standard practices. This is achieved by putting a public-access-block on the created bucket, as per AWS documentation.

Which issue(s) this PR fixes:
Fixes #

Special notes for your reviewer:
cc @vlerenc

Release note:

Block public access for S3 buckets created by integration tests.

@shreyas-s-rao shreyas-s-rao added this to the v0.24.0 milestone Apr 19, 2023
@shreyas-s-rao shreyas-s-rao requested a review from a team as a code owner April 19, 2023 10:29
@gardener-robot gardener-robot added area/backup Backup related area/compliance Compliance related area/security Security related kind/task General task kind/test Test platform/aws Amazon web services platform/infrastructure needs/review Needs review size/xs Size of pull request is tiny (see gardener-robot robot/bots/size.py) labels Apr 19, 2023
@gardener-robot-ci-2 gardener-robot-ci-2 added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Apr 19, 2023
Copy link
Contributor

@abdasgupta abdasgupta left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I put a comment. It's just a suggestion for you to consider. We have buckets created with policy, so I was wondering if it's necessary here. You may ignore if you think it not needed.

.ci/integration_test Show resolved Hide resolved
@gardener-robot-ci-2 gardener-robot-ci-2 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Apr 21, 2023
@gardener-robot-ci-1 gardener-robot-ci-1 removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Apr 21, 2023
@gardener-robot-ci-1 gardener-robot-ci-1 added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Apr 21, 2023
@shreyas-s-rao
Copy link
Collaborator Author

@abdasgupta thanks for your comment. I've addressed it now, PTAL

@shreyas-s-rao shreyas-s-rao added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Apr 21, 2023
@gardener-robot-ci-1 gardener-robot-ci-1 removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Apr 21, 2023
Copy link
Contributor

@abdasgupta abdasgupta left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@gardener-robot gardener-robot added reviewed/lgtm Has approval for merging and removed needs/review Needs review labels Apr 24, 2023
@gardener-robot-ci-2 gardener-robot-ci-2 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Apr 24, 2023
@shreyas-s-rao shreyas-s-rao merged commit afa352a into gardener:master May 3, 2023
@shreyas-s-rao shreyas-s-rao deleted the fix/s3-bucket-access branch May 3, 2023 03:36
@gardener-robot gardener-robot added the status/closed Issue is closed (either delivered or triaged) label May 3, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/backup Backup related area/compliance Compliance related area/security Security related kind/task General task kind/test Test needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD) platform/aws Amazon web services platform/infrastructure reviewed/lgtm Has approval for merging reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) size/xs Size of pull request is tiny (see gardener-robot robot/bots/size.py) status/closed Issue is closed (either delivered or triaged)
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants