Skip to content

HDDS-14899. [STS] Updates to ACLs in IamSessionPolicyResolver#9977

Open
fmorg-git wants to merge 2 commits intoapache:HDDS-13323-stsfrom
fmorg-git:HDDS-14899
Open

HDDS-14899. [STS] Updates to ACLs in IamSessionPolicyResolver#9977
fmorg-git wants to merge 2 commits intoapache:HDDS-13323-stsfrom
fmorg-git:HDDS-14899

Conversation

@fmorg-git
Copy link
Copy Markdown
Contributor

@fmorg-git fmorg-git commented Mar 25, 2026
edited
Loading

Please describe your PR in detail:

  • Smoke testing revealed that the acls that IamSessionPolicyResolver produced for certain APIs did not match the acls that Ozone checked against. Specifically the following:
  1. PutBucketAcl requires READ and READ_ACL (in addition to the already existing WRITE_ACL) on the bucket
  2. AbortMultipartUpload requires WRITE on the key not DELETE
  3. DeleteObjectTagging requires WRITE on the key not DELETE

This ticket addresses these acl updates. Separately, GetBucketLocation is not implemented so remove from the IamSessionPolicyResolver.

What is the link to the Apache JIRA

https://issues.apache.org/jira/browse/HDDS-14899

How was this patch tested?

unit tests, smoke tests

@fmorg-git fmorg-git marked this pull request as draft March 25, 2026 21:10
@fmorg-git fmorg-git mentioned this pull request Mar 31, 2026
Draft
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 16, 2026

This PR has been marked as stale due to 21 days of inactivity. Please comment or remove the stale label to keep it open. Otherwise, it will be automatically closed in 7 days.

@github-actions github-actions Bot added the stale label Apr 16, 2026
@fmorg-git
Copy link
Copy Markdown
Contributor Author

fmorg-git commented Apr 16, 2026

commenting to remove stale label

@github-actions github-actions Bot removed the stale label Apr 17, 2026
Fabian Morgan added 2 commits April 29, 2026 15:27
updates to ACLs in IamSessionPolicyResolver
f1769e6 
 Conflicts:
	hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/security/acl/iam/TestIamSessionPolicyResolver.java
getBucketLocation is not implemented
a989642
@fmorg-git fmorg-git marked this pull request as ready for review April 29, 2026 22:34
sodonnel
sodonnel approved these changes Apr 30, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@sodonnel sodonnel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sodonnel sodonnel sodonnel approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@fmorg-git @sodonnel