Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Is devstorage.full_control really necessary? #48

Open
Shtutnik opened this issue Dec 6, 2018 · 2 comments
Open

Is devstorage.full_control really necessary? #48

Shtutnik opened this issue Dec 6, 2018 · 2 comments
Labels
enhancement

Comments

@Shtutnik
Copy link

Shtutnik commented Dec 6, 2018

Hi,

Wouldn't 'devstorage.read_write' be enough for this plugin?

Is there any chance someone could check this?
@stephenashank
Copy link
Contributor

I've just looked into this. devstorage.read_write is sufficient for the upload and download steps. It is not sufficient for the "Bucket Lifecycle" step.

One thing we'll need to do is to limit the StorageScopeRequirement to the devstorage.read_write permission, then create another scope requirement with devstorage.full_control, and change the @RequiresDomain annotation on the ExpiringBucketLifecycleManagerStep. There's probably more that needs to be changed.

@dylan-tock
Copy link

Any progress on this issue? My security folks give serious side eye for full_control but are much more tolerant for read_write. Being able to avoid their side eye is a goal I've been able to maintain for a while and is something I'd like to continue doing :-)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Shtutnik @stephenashank @dylan-tock