CLDSRV-774: Add aclRequired field to server access logs#6142
CLDSRV-774: Add aclRequired field to server access logs#6142bert-e merged 3 commits intodevelopment/9.2from
Conversation
Hello dvasilas,My role is to assist you with the merge of this Available options
Available commands
Status report is not available. |
Incorrect fix versionThe
Considering where you are trying to merge, I ignored possible hotfix versions and I expected to find:
Please check the |
|
LGTM |
Request integration branchesWaiting for integration branch creation to be requested by the user. To request integration branches, please comment on this pull request with the following command: Alternatively, the |
| } | ||
| } | ||
| return processedResult; | ||
| return { allowed: processedResult, aclRequired }; |
There was a problem hiding this comment.
you could update the request.serverAccessLog.aclRequired immediately in that function instead of returning the value
There was a problem hiding this comment.
I didn't do it like that because there is 1 caller of this function that never uses ACLs, and we should skip aclRequired there.
lib/metadata/metadataUtils.js
Outdated
| }, | ||
| ], (err, bucket, objMD, raftSessionId) => { | ||
| storeServerAccessLogInfo(request, bucket, raftSessionId, params.serverAccessLogOptions); | ||
| if (isCopySource && request?.sourceServerAccessLog) { |
There was a problem hiding this comment.
Should this logic rather be in storeServerAccessLogInfo ?
There was a problem hiding this comment.
Yes, that's a bit better, done, thanks
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files
@@ Coverage Diff @@
## development/9.2 #6142 +/- ##
===================================================
+ Coverage 84.25% 84.33% +0.08%
===================================================
Files 204 204
Lines 13126 13140 +14
===================================================
+ Hits 11059 11082 +23
+ Misses 2067 2058 -9
Flags with carried forward coverage won't be shown. Click here to find out more. 🚀 New features to boost your workflow:
|
|
LGTM |
aclRequired indicates whether the request required an ACL for authorization. It is "Yes" when no bucket policy exists or when the bucket policy returns DEFAULT_DENY, falling back to ACL evaluation. It is "-" for owner requests, service accounts, and requests decided by IAM or bucket policy alone. For copy operations, the source bucket auth runs on the same request object and would overwrite the destination's aclRequired. The value is saved before source auth, then moved to sourceServerAccessLog and the destination's value is restored.
dvasilas
force-pushed
the
improvement/CLDSRV-774
branch
from
a4027ab to
9d6061a
Compare
|
/create_integration_branches |
ConflictA conflict has been raised during the creation of I have not created the integration branch. Here are the steps to resolve this conflict: git fetch
git checkout -B w/9.3/improvement/CLDSRV-774 origin/development/9.3
git merge origin/improvement/CLDSRV-774
# <intense conflict resolution>
git commit
git push -u origin w/9.3/improvement/CLDSRV-774The following options are set: create_integration_branches |
|
ping |
Integration data createdI have created the integration data for the additional destination branches.
The following branches will NOT be impacted:
You can set option The following options are set: create_integration_branches |
Waiting for approvalThe following approvals are needed before I can proceed with the merge:
The following options are set: create_integration_branches |
|
/approve |
|
LGTM |
|
I have successfully merged the changeset of this pull request
The following branches have NOT changed:
Please check the status of the associated issue CLDSRV-774. Goodbye dvasilas. The following options are set: approve, create_integration_branches |
4 participants
Add the
aclRequiredfield to access logs.From https://docs.aws.amazon.com/AmazonS3/latest/userguide/LogFormat.html#log-record-fields