Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GCP: Allow public access to buckets via IAM, not ACL #3383

Merged
merged 1 commit into from
Nov 7, 2023
Merged

GCP: Allow public access to buckets via IAM, not ACL #3383

merged 1 commit into from
Nov 7, 2023

Conversation

yuvipanda
Copy link
Member

Previously, we were mixing ACL and IAM, which led to basically the bucket not being accessible publicly - only to authenticated users.

This switches everything to using IAM, which does make the bucket properly publicly accessible.

In addition, there's now a policy that we only enable this when 2i2c is not handling billing, as there can be disastrous cost consequences.

We fix this for the LEAP bucket.

Config is moved to user_buckets rather than hub_permissions, as the config is purely set on the bucket and not related to which hub we are configuring.

Ref https://2i2c.freshdesk.com/a/tickets/954

@yuvipanda
Allow public access to buckets via IAM, not ACL
064c7bb 
Previously, we were mixing ACL and IAM, which led to
basically the bucket *not* being accessible publicly - only to
authenticated users.

This switches everything to using IAM, which *does* make the
bucket properly publicly accessible.

In addition, there's now a policy that we only enable this
when 2i2c is *not* handling billing, as there can be
disastrous cost consequences.

We fix this for the LEAP bucket.

Config is moved to `user_buckets` rather than `hub_permissions`,
as the config is purely set on the bucket and not related to
which hub we are configuring.

Ref https://2i2c.freshdesk.com/a/tickets/954
@yuvipanda yuvipanda requested a review from a team as a code owner November 6, 2023 18:16
@yuvipanda
Copy link
Member Author

I've applied this for LEAP and tested that it works

consideRatio
consideRatio approved these changes Nov 6, 2023
View reviewed changes
Copy link
Contributor

@consideRatio consideRatio left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would be good if the title clarifies this is GCP specific, otherwise this looks great to me!

@yuvipanda yuvipanda changed the title Allow public access to buckets via IAM, not ACL GCP: Allow public access to buckets via IAM, not ACL Nov 7, 2023
@yuvipanda yuvipanda merged commit 7b3cb71 into 2i2c-org:master Nov 7, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@consideRatio consideRatio consideRatio approved these changes

Assignees

@yuvipanda yuvipanda

Labels
None yet
Projects
No open projects
Sprint Board
Status: Done 🎉
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@yuvipanda @consideRatio