Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEATURE]: Support adding policies to the buckets #74

Open
shanduur opened this issue Jun 28, 2024 · 0 comments
Open

[FEATURE]: Support adding policies to the buckets #74

shanduur opened this issue Jun 28, 2024 · 0 comments
Labels
help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. kind/feature Categorizes issue or PR as related to a new feature.

Comments

@shanduur
Copy link
Contributor

shanduur commented Jun 28, 2024
edited
Loading

Are you interested in contributing to the development of this feature?

Yes

Is your feature request related to a problem? Please describe.

Currently, our driver does not support the dynamic application of policies during the creation of buckets. This limits the flexibility and control over bucket configurations, making it necessary to apply policies manually after the bucket creation process. Automating this step would streamline the workflow and reduce the risk of misconfigurations or omissions.

Describe the solution you'd like.

Add a common parameter that can be included in the BucketClass specification to dynamically create desired policies. This can be specified using a new parameter, cosi.linode.com/v1/policy, which will accept a JSON formatted policy, e.g.:

parameters:
  cosi.linode.com/v1/policy: |
    {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Effect": "Allow",
          "Principal": "*",
          "Action": "s3:GetObject",
          "Resource": "arn:aws:s3:::{{ .BucketName }}/*"
        }
      ]
    }

This should also support templating - e.g. by referencing the .BucketName field.

flowchart TD
    policyField[cosi.linode.com/v1/policy] -->|read| policyTemplate(Policy Template)
    policyTemplate -->|execute text/template| policy(Policy)
    policy -->|validate| validatedPolicy[Validated Policy]
    validatedPolicy -->|apply| appliedPolicy[Applied Policy]
Loading

Describe alternatives you've considered.

N/A

Additional Information

The implementation should ensure that:

  1. Policies are validated to ensure they are in correct JSON format.
  2. The system handles scenarios where the policy application might fail, providing appropriate error messages and possibly rollback mechanisms.
  3. The existing functionality remains unaffected if no policy is specified.

This enhancement will improve the ease of use and flexibility of our bucket management system, allowing for more robust and automated configurations.

Suggested libraries:
@shanduur shanduur added kind/feature Categorizes issue or PR as related to a new feature. help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. labels Jun 28, 2024
@shanduur shanduur self-assigned this Jul 18, 2024
@shanduur shanduur mentioned this issue Jul 23, 2024
Draft
2 tasks
@shanduur shanduur removed their assignment Sep 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. kind/feature Categorizes issue or PR as related to a new feature.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@shanduur