Add object ownership s3 parameter
Signed-off-by: Suleimi Ahmed <sahmed@gitlab.com>
This commit is contained in:
Suleimi Ahmed
parent
e5d5810851
commit
e412eb112f
3 changed files with 34 additions and 0 deletions
|
|
@ -26,6 +26,7 @@ Amazon S3 or S3 compatible services for object storage.
|
||||||
| `rootdirectory` | no | This is a prefix that is applied to all S3 keys to allow you to segment data in your bucket if necessary. |
|
| `rootdirectory` | no | This is a prefix that is applied to all S3 keys to allow you to segment data in your bucket if necessary. |
|
||||||
| `storageclass` | no | The S3 storage class applied to each registry file. The default is `STANDARD`. |
|
| `storageclass` | no | The S3 storage class applied to each registry file. The default is `STANDARD`. |
|
||||||
| `objectacl` | no | The S3 Canned ACL for objects. The default value is "private". |
|
| `objectacl` | no | The S3 Canned ACL for objects. The default value is "private". |
|
||||||
|
| `objecownership` | no | Indicates whether the S3 storage bucket to be used by the registry disabled access control lists (ACLs). The default value is `true`. |
|
||||||
|
|
||||||
> **Note** You can provide empty strings for your access and secret keys to run the driver
|
> **Note** You can provide empty strings for your access and secret keys to run the driver
|
||||||
> on an ec2 instance and handles authentication with the instance's credentials. If you
|
> on an ec2 instance and handles authentication with the instance's credentials. If you
|
||||||
|
|
@ -56,6 +57,8 @@ Amazon S3 or S3 compatible services for object storage.
|
||||||
|
|
||||||
`objectacl`: (optional) The canned object ACL to be applied to each registry object. Defaults to `private`. If you are using a bucket owned by another AWS account, it is recommended that you set this to `bucket-owner-full-control` so that the bucket owner can access your objects. Other valid options are available in the [AWS S3 documentation](http://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl).
|
`objectacl`: (optional) The canned object ACL to be applied to each registry object. Defaults to `private`. If you are using a bucket owned by another AWS account, it is recommended that you set this to `bucket-owner-full-control` so that the bucket owner can access your objects. Other valid options are available in the [AWS S3 documentation](http://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl).
|
||||||
|
|
||||||
|
`objectownership`: (optional) Whether your s3 bucket only supports object ownership as opposed to canned ACLs. This defaults to `false` if not specified. This parameter can not be `true` if the `objectacl` parameter is also set. S3 Object Ownership is an Amazon S3 bucket-level setting that you can use to disable access control lists (ACLs) and take ownership of every object in your bucket. More information is availaible in the [AWS S3 documentation](https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html).
|
||||||
|
|
||||||
|
|
||||||
## S3 permission scopes
|
## S3 permission scopes
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -117,6 +117,7 @@ type DriverParameters struct {
|
||||||
SessionToken string
|
SessionToken string
|
||||||
UseDualStack bool
|
UseDualStack bool
|
||||||
Accelerate bool
|
Accelerate bool
|
||||||
|
ObjectOwnership bool
|
||||||
}
|
}
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
|
|
@ -164,6 +165,7 @@ type driver struct {
|
||||||
RootDirectory string
|
RootDirectory string
|
||||||
StorageClass string
|
StorageClass string
|
||||||
ObjectACL string
|
ObjectACL string
|
||||||
|
ObjectOwnership bool
|
||||||
}
|
}
|
||||||
|
|
||||||
type baseEmbed struct {
|
type baseEmbed struct {
|
||||||
|
|
@ -368,9 +370,22 @@ func FromParameters(parameters map[string]interface{}) (*Driver, error) {
|
||||||
userAgent = ""
|
userAgent = ""
|
||||||
}
|
}
|
||||||
|
|
||||||
|
objectOwnership := false
|
||||||
|
objectOwnershipParam := parameters["objectownership"]
|
||||||
|
if objectOwnershipParam != nil {
|
||||||
|
objectOwnershipBool, ok := objectOwnershipParam.(bool)
|
||||||
|
if !ok {
|
||||||
|
return nil, fmt.Errorf("invalid value for objectownership parameter must be either %v or %v", true, false)
|
||||||
|
}
|
||||||
|
objectOwnership = objectOwnershipBool
|
||||||
|
}
|
||||||
|
|
||||||
objectACL := s3.ObjectCannedACLPrivate
|
objectACL := s3.ObjectCannedACLPrivate
|
||||||
objectACLParam := parameters["objectacl"]
|
objectACLParam := parameters["objectacl"]
|
||||||
if objectACLParam != nil {
|
if objectACLParam != nil {
|
||||||
|
if objectOwnership {
|
||||||
|
return nil, fmt.Errorf("objectacl parameter can not be set when objectownership parameter is set to %v", objectOwnership)
|
||||||
|
}
|
||||||
objectACLString, ok := objectACLParam.(string)
|
objectACLString, ok := objectACLParam.(string)
|
||||||
if !ok {
|
if !ok {
|
||||||
return nil, fmt.Errorf("invalid value for objectacl parameter: %v", objectACLParam)
|
return nil, fmt.Errorf("invalid value for objectacl parameter: %v", objectACLParam)
|
||||||
|
|
@ -459,6 +474,7 @@ func FromParameters(parameters map[string]interface{}) (*Driver, error) {
|
||||||
fmt.Sprint(sessionToken),
|
fmt.Sprint(sessionToken),
|
||||||
useDualStackBool,
|
useDualStackBool,
|
||||||
accelerateBool,
|
accelerateBool,
|
||||||
|
objectOwnership,
|
||||||
}
|
}
|
||||||
|
|
||||||
return New(params)
|
return New(params)
|
||||||
|
|
@ -578,6 +594,7 @@ func New(params DriverParameters) (*Driver, error) {
|
||||||
RootDirectory: params.RootDirectory,
|
RootDirectory: params.RootDirectory,
|
||||||
StorageClass: params.StorageClass,
|
StorageClass: params.StorageClass,
|
||||||
ObjectACL: params.ObjectACL,
|
ObjectACL: params.ObjectACL,
|
||||||
|
ObjectOwnership: params.ObjectOwnership,
|
||||||
}
|
}
|
||||||
|
|
||||||
return &Driver{
|
return &Driver{
|
||||||
|
|
@ -1239,6 +1256,10 @@ func (d *driver) getContentType() *string {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (d *driver) getACL() *string {
|
func (d *driver) getACL() *string {
|
||||||
|
|
||||||
|
if d.ObjectOwnership {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
return aws.String(d.ObjectACL)
|
return aws.String(d.ObjectACL)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -49,6 +49,7 @@ func init() {
|
||||||
useDualStack = os.Getenv("S3_USE_DUALSTACK")
|
useDualStack = os.Getenv("S3_USE_DUALSTACK")
|
||||||
combineSmallPart = os.Getenv("MULTIPART_COMBINE_SMALL_PART")
|
combineSmallPart = os.Getenv("MULTIPART_COMBINE_SMALL_PART")
|
||||||
accelerate = os.Getenv("S3_ACCELERATE")
|
accelerate = os.Getenv("S3_ACCELERATE")
|
||||||
|
objectOwnership = os.Getenv("S3_OBJECT_OWNERSHIP")
|
||||||
)
|
)
|
||||||
|
|
||||||
root, err := os.MkdirTemp("", "driver-")
|
root, err := os.MkdirTemp("", "driver-")
|
||||||
|
|
@ -118,6 +119,14 @@ func init() {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
objectOwnershipBool := false
|
||||||
|
if objectOwnership != "" {
|
||||||
|
objectOwnershipBool, err = strconv.ParseBool(objectOwnership)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
parameters := DriverParameters{
|
parameters := DriverParameters{
|
||||||
accessKey,
|
accessKey,
|
||||||
secretKey,
|
secretKey,
|
||||||
|
|
@ -142,6 +151,7 @@ func init() {
|
||||||
sessionToken,
|
sessionToken,
|
||||||
useDualStackBool,
|
useDualStackBool,
|
||||||
accelerateBool,
|
accelerateBool,
|
||||||
|
objectOwnershipBool,
|
||||||
}
|
}
|
||||||
|
|
||||||
return New(parameters)
|
return New(parameters)
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue