Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Restrict access to state store bucket #365

Merged
merged 2 commits into from
Aug 27, 2016
Merged

Restrict access to state store bucket #365

merged 2 commits into from
Aug 27, 2016

Conversation

weargoggles
Copy link
Contributor

@weargoggles weargoggles commented Aug 24, 2016
edited
Loading

This change increases the specificity of the master and node state store bucket contents permission to only the top-level folder named after the cluster.

Fixes #364 and #365

Restrict master access to state store bucket
369a6ea 
This change increases the specificity of the master's state store bucket contents permission to only the top-level folder named after the cluster.

Fixes kubernetes#365
@googlebot
Copy link

Thanks for your pull request. It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please visit https://cla.developers.google.com/ to sign.

Once you've signed, please reply here (e.g. I signed it!) and we'll verify. Thanks.

  • If you've already signed a CLA, it's possible we don't have your GitHub username or you're using a different email address. Check your existing CLA data and verify that your email is set on your git commits.
  • If you signed the CLA as a corporation, please let us know the company's name.

@weargoggles
Copy link
Contributor Author

I signed it!

@googlebot
Copy link

CLAs look good, thanks!

@weargoggles weargoggles changed the title Restrict master access to state store bucket Restrict access to state store bucket Aug 24, 2016
@justinsb
Copy link
Member

Works great - thanks!

@justinsb justinsb merged commit 65f73ec into kubernetes:master Aug 27, 2016
@shamil
Copy link
Contributor

shamil commented Aug 27, 2016

This is bad. @weargoggles @justinsb this breaks the use-case where the state-store contains a sub-path for example: s3://my-bucket/kubernetes

@justinsb
Copy link
Member

Ah OK - I'll revert, add the fix and then reapply @weargoggles 's patch . Thanks for letting me know @shamil

justinsb added a commit that referenced this pull request Aug 27, 2016
@justinsb
Merge pull request #377 from justinsb/temp_revert_365
4608ef5 
Temporarily revert #365
@justinsb
Copy link
Member

Reverted in #377

justinsb added a commit that referenced this pull request Sep 9, 2016
@justinsb
Merge pull request #378 from justinsb/reapply_365
9ee6637 
Reapply #365
justinsb added a commit to justinsb/kops that referenced this pull request Dec 2, 2020
@justinsb
Update etcd-manager to 3.0.20201202
0ea98a1 
The important PR we want to pick up is 369, fixing a bug when
ListenMetricsURLS is set as an env var.

Full changelist:

* Release notes for 3.0.20201117 [kubernetes#364](kopeio/etcd-manager#364)
* Fix gofmt [kubernetes#365](kopeio/etcd-manager#365)
* Add gofmt check to github actions [kubernetes#366](kopeio/etcd-manager#366)
* Add boilerplate to tools/deb-tools/main.go [kubernetes#367](kopeio/etcd-manager#367)
* Do not set ListenMetricsURLS [kubernetes#369](kopeio/etcd-manager#369)
* Fix bazel formatting [kubernetes#370](kopeio/etcd-manager#370)
hakman pushed a commit to hakman/kops that referenced this pull request Dec 2, 2020
@justinsb
Update etcd-manager to 3.0.20201202
d25f7a5 
The important PR we want to pick up is 369, fixing a bug when
ListenMetricsURLS is set as an env var.

Full changelist:

* Release notes for 3.0.20201117 [kubernetes#364](kopeio/etcd-manager#364)
* Fix gofmt [kubernetes#365](kopeio/etcd-manager#365)
* Add gofmt check to github actions [kubernetes#366](kopeio/etcd-manager#366)
* Add boilerplate to tools/deb-tools/main.go [kubernetes#367](kopeio/etcd-manager#367)
* Do not set ListenMetricsURLS [kubernetes#369](kopeio/etcd-manager#369)
* Fix bazel formatting [kubernetes#370](kopeio/etcd-manager#370)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@weargoggles @googlebot @justinsb @shamil