Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

s3_enable_logging_job keeps adding ACL permissions #14

Closed
mzkhan opened this issue Sep 16, 2020 · 1 comment · Fixed by #15 or #17
Closed

s3_enable_logging_job keeps adding ACL permissions #14

mzkhan opened this issue Sep 16, 2020 · 1 comment · Fixed by #15 or #17
Assignees

Comments

@mzkhan
Copy link
Contributor

mzkhan commented Sep 16, 2020

When enabling the access logging, the target bucket is updated with log delivery acl permissions, even though it might already be present.
This leads to duplicate Grants being added to the target bucket ACL, which if reaches at 99, starts giving Bad Request error on call to put_bucket_acl.

One such example

{'Owner': {'DisplayName': 'awsmasteremail+*******a-022', 'ID': 'b101f924005dbb04273************d43ad46757f21f65c40d48d75368c3'}, 'Grants': [{'Grantee': {'DisplayName': 'awsmasteremail+*******-022', 'ID': 'b101f924005dbb04273************d43ad46757f21f65c40d48d75368c3', 'Type': 'CanonicalUser'}, 'Permission': 'FULL_CONTROL'}, {'Grantee': {'Type': 'Group', 'URI': 'http://acs.amazonaws.com/groups/s3/LogDelivery'}, 'Permission': 'READ_ACP'}, {'Grantee': {'Type': 'Group', 'URI': 'http://acs.amazonaws.com/groups/s3/LogDelivery'}, 'Permission': 'READ_ACP'}, {'Grantee': {'Type': 'Group', 'URI': 'http://acs.amazonaws.com/groups/s3/LogDelivery'}, 'Permission': 'READ_ACP'}, {'Grantee': {'Type': 'Group', 'URI': 'http://acs.amazonaws.com/groups/s3/LogDelivery'}, 'Permission': 'READ_ACP'}, {'Grantee': {'Type': 'Group', 'URI': 'http://acs.amazonaws.com/groups/s3/LogDelivery'}, 'Permission': 'READ_ACP'}, {'Grantee': {'Type': 'Group', 'URI': 'http://acs.amazonaws.com/groups/s3/LogDelivery'}, 'Permission': 'READ_ACP'}, {'Grantee': {'Type': 'Group', 'URI': 'http://acs.amazonaws.com/groups/s3/LogDelivery'}, 'Permission': 'READ_ACP'}, {'Grantee': {'Type': 'Group', 'URI': 'http://acs.amazonaws.com/groups/s3/LogDelivery'}, 'Permission': 'READ_ACP'}, {'Grantee': {'Type': 'Group', 'URI': 'http://acs.amazonaws.com/groups/s3/LogDelivery'}, 'Permission': 'READ_ACP'}, {'Grantee': {'Type': 'Group', 'URI': 'http://acs.amazonaws.com/groups/s3/LogDelivery'}, 'Permission': 'READ_ACP'}, {'Grantee': {'Type': 'Group', 'URI': 'http://acs.amazonaws.com/groups/s3/LogDelivery'}, 'Permission': 'READ_ACP'}, {'Grantee': {'Type': 'Group', 'URI': 'http://acs.amazonaws.com/groups/s3/LogDelivery'}, 'Permission': 'READ_ACP'}, {'Grantee': {'Type': 'Group', 'URI': 'http://acs.amazonaws.com/groups/s3/LogDelivery'}, 'Permission': 'READ_ACP'}, {'Grantee': {'Type': 'Group', 'URI': 'http://acs.amazonaws.com/groups/s3/LogDelivery'}, 'Permission': 'READ_ACP'}, {'Grantee': {'Type': 'Group', 'URI': 'http://acs.amazonaws.com/groups/s3/LogDelivery'}, 'Permission': 'READ_ACP'}, {'Grantee': {'Type': 'Group', 'URI': 'http://acs.amazonaws.com/groups/s3/LogDelivery'}, 'Permission': 'READ_ACP'}, {'Grantee': {'Type': 'Group', 'URI': 'http://acs.amazonaws.com/groups/s3/LogDelivery'}, 'Permission': 'READ_ACP'}, {'Grantee': {'Type': 'Group', 'URI': 'http://acs.amazonaws.com/groups/s3/LogDelivery'}, 'Permission': 'READ_ACP'}, {'Grantee': {'Type': 'Group', 'URI': 'http://acs.amazonaws.com/groups/s3/LogDelivery'}, 'Permission': 'READ_ACP'}, {'Grantee': {'Type': 'Group', 'URI': 'http://acs.amazonaws.com/groups/s3/LogDelivery'}, 'Permission': 'READ_ACP'}, {'Grantee': {'Type': 'Group', 'URI': 'http://acs.amazonaws.com/groups/s3/LogDelivery'}, 'Permission': 'READ_ACP'}, {'Grantee': {'Type': 'Group', 'URI': 'http://acs.amazonaws.com/groups/s3/LogDelivery'}, 'Permission': 'READ_ACP'}, {'Grantee': {'Type': 'Group', 'URI': 'http://acs.amazonaws.com/groups/s3/LogDelivery'}, 'Permission': 'READ_ACP'}, {'Grantee': {'Type': 'Group', 'URI': 'http://acs.amazonaws.com/groups/s3/LogDelivery'}, 'Permission': 'READ_ACP'}, {'Grantee': {'Type': 'Group', 'URI': 'http://acs.amazonaws.com/groups/s3/LogDelivery'}, 'Permission': 'WRITE'}, {'Grantee': {'Type': 'Group', 'URI': 'http://acs.amazonaws.com/groups/s3/LogDelivery'}, 'Permission': 'READ_ACP'}]}

@mzkhan mzkhan self-assigned this Sep 16, 2020
@vikramsinghvirdi
Copy link
Contributor

@mzkhan can you also create an issue ticket for this PR.

@mzkhan mzkhan linked a pull request Sep 16, 2020 that will close this issue
@vikramsinghvirdi vikramsinghvirdi linked a pull request Sep 16, 2020 that will close this issue
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
2 participants