Skip to content

CLDSRV-616 [hf-7.70.51] Fix bucket policy check for anonymous requests#5750

Merged
bert-e merged 2 commits intohotfix/7.70.51from
bugfix/CLDSRV-616-hf-77051
Feb 26, 2025
Merged

CLDSRV-616 [hf-7.70.51] Fix bucket policy check for anonymous requests#5750
bert-e merged 2 commits intohotfix/7.70.51from
bugfix/CLDSRV-616-hf-77051

Conversation

@dvasilas
Copy link
Copy Markdown
Contributor

@dvasilas dvasilas commented Feb 26, 2025

Cherry-pick from #5748

@dvasilas
CLDSRV-616: Fix bucket policy check for anonymous req
d0b91f2 
When checking bucket policies and the following conditions
are true:
- The request is anonymous (`--no-sign-request`)
- There is a bucket policy with AWS principal

Then `_getAccountId` is called in arn === undefined and
causes an exception to be thrown.

The reason is that vault return the following authInfo
with anonymous requests:
{
  arn: undefined,
  canonicalID: 'http://acs.amazonaws.com/groups/global/AllUsers',
  shortid: undefined,
  email: undefined,
  accountDisplayName: undefined,
  IAMdisplayName: undefined
}

The fix is to check is to check is arn === undefined and fail
the check if the policy principal is not '*'

(cherry picked from commit d57e3a9)
@dvasilas
CLDSRV-616: Bump version
0332744
@bert-e
Copy link
Copy Markdown
Contributor

bert-e commented Feb 26, 2025

Hello dvasilas,

My role is to assist you with the merge of this
pull request. Please type @bert-e help to get information
on this process, or consult the user documentation.

Available options
name description privileged authored
/after_pull_request Wait for the given pull request id to be merged before continuing with the current one.
/bypass_author_approval Bypass the pull request author's approval
/bypass_build_status Bypass the build and test status
/bypass_commit_size Bypass the check on the size of the changeset TBA
/bypass_incompatible_branch Bypass the check on the source branch prefix
/bypass_jira_check Bypass the Jira issue check
/bypass_peer_approval Bypass the pull request peers' approval
/bypass_leader_approval Bypass the pull request leaders' approval
/approve Instruct Bert-E that the author has approved the pull request. ✍️
/create_pull_requests Allow the creation of integration pull requests.
/create_integration_branches Allow the creation of integration branches.
/no_octopus Prevent Wall-E from doing any octopus merge and use multiple consecutive merge instead
/unanimity Change review acceptance criteria from one reviewer at least to all reviewers
/wait Instruct Bert-E not to run until further notice.
Available commands
name description privileged
/help Print Bert-E's manual in the pull request.
/status Print Bert-E's current status in the pull request TBA
/clear Remove all comments from Bert-E from the history TBA
/retry Re-start a fresh build TBA
/build Re-start a fresh build TBA
/force_reset Delete integration branches & pull requests, and restart merge process from the beginning.
/reset Try to remove integration branches unless there are commits on them which do not appear on the source branch.

Status report is not available.

@bert-e
Copy link
Copy Markdown
Contributor

bert-e commented Feb 26, 2025

Incorrect fix version

The Fix Version/s in issue CLDSRV-616 contains:

  • 7.10.52

  • 7.70.61

  • 8.8.44

  • 9.0.3

Considering where you are trying to merge, I expected to find at least:

  • 7.70.51.1

Please check the Fix Version/s of CLDSRV-616, or the target
branch of this pull request.

@bert-e
Copy link
Copy Markdown
Contributor

bert-e commented Feb 26, 2025

Waiting for approval

The following approvals are needed before I can proceed with the merge:

  • the author

  • 2 peers

@dvasilas
Copy link
Copy Markdown
Contributor Author

dvasilas commented Feb 26, 2025

/approve

@bert-e
Copy link
Copy Markdown
Contributor

bert-e commented Feb 26, 2025

I have successfully merged the changeset of this pull request
into targetted development branches:

  • ✔️ hotfix/7.70.51

The following branches have NOT changed:

  • development/7.10
  • development/7.4
  • development/7.70
  • development/8.8
  • development/9.0

Please check the status of the associated issue CLDSRV-616.

Goodbye dvasilas.

The following options are set: approve

@bert-e bert-e merged commit 0332744 into hotfix/7.70.51 Feb 26, 2025
11 checks passed
@bert-e bert-e deleted the bugfix/CLDSRV-616-hf-77051 branch February 26, 2025 15:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@anurag4DSB anurag4DSB anurag4DSB approved these changes

@fredmnl fredmnl fredmnl approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@dvasilas @bert-e @anurag4DSB @fredmnl