Skip to content

Fix default canned ACL delta false positive #80

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ack-bot merged 1 commit into from
May 2, 2022
Merged

Fix default canned ACL delta false positive #80

ack-bot merged 1 commit into from
May 2, 2022

Conversation

@RedbackThomson
Copy link
Contributor

@RedbackThomson RedbackThomson commented May 2, 2022

Fixes aws-controllers-k8s/community#1282

Description of changes:
The custom ACL code was giving a false positive on the delta when comparing an empty Spec.ACL to the list of default ACL possibilities on a fresh bucket. This was causing the controller to always call SyncACL, throwing an error if the spec also defined properties which denied ACL use (such as ObjectOwnership). This pull request checks for the case where the Spec.ACL is nil and where the bucket has the default grants, and will ignore the delta, preventing the false positive.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@ack-bot ack-bot requested review from a-hilaly and jaypipes May 2, 2022 20:29
jaypipes
jaypipes approved these changes May 2, 2022
View reviewed changes
Copy link
Contributor

@jaypipes jaypipes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep, this works. I'm curious whether you could add a unit test for this, but then again, I'm not sure we're going to keep this dual way of handling ACLs long-term, so... meh :)

@jaypipes
Copy link
Contributor

jaypipes commented May 2, 2022

/lgtm

@ack-bot ack-bot added the lgtm Indicates that a PR is ready to be merged. label May 2, 2022
@ack-bot
Copy link
Collaborator

ack-bot commented May 2, 2022

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jaypipes, RedbackThomson

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • OWNERS [RedbackThomson,jaypipes]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@ack-bot ack-bot merged commit 9b2168d into aws-controllers-k8s:main May 2, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@a-hilaly a-hilaly Awaiting requested review from a-hilaly

1 more reviewer

@jaypipes jaypipes jaypipes approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@jaypipes jaypipes

Labels

approved lgtm Indicates that a PR is ready to be merged.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

S3 controller: handle bucket with objectOwnership=BucketOwnerEnforced

3 participants

@RedbackThomson @jaypipes @ack-bot