1849771 – [RFE] Account created by OBC should have same permissions as bucket owner

Bug 1849771 - [RFE] Account created by OBC should have same permissions as bucket owner

Summary: [RFE] Account created by OBC should have same permissions as bucket owner

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenShift Container Storage
Classification:	Red Hat Storage
Component:	Multi-Cloud Object Gateway
Sub Component:
Version:	unspecified
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Target Release:	OCS 4.6.0
Assignee:	Jacky Albo
QA Contact:	Ben Eli
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2020-06-22 19:06 UTC by Vagner Farias
Modified:	2020-12-17 06:23 UTC (History)
CC List:	9 users (show)
Fixed In Version:	v4.6.0-86.ci
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-12-17 06:22:31 UTC
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Github	noobaa noobaa-core pull 6069	None	closed	Adding bucket_claim_owner support for accounts created by operator	2021-02-10 12:01:32 UTC
Github	noobaa noobaa-core pull 6168	None	closed	Backport to 5.6	2021-02-10 12:01:32 UTC
Github	noobaa noobaa-operator pull 416	None	closed	Adding bucket_claim_owner to obc accounts	2021-02-10 12:01:32 UTC
Github	noobaa noobaa-operator pull 418	None	closed	Backport to 5.6	2021-02-10 12:01:32 UTC
Red Hat Product Errata	RHSA-2020:5605	None	None	None	2020-12-17 06:23:46 UTC

Description Vagner Farias 2020-06-22 19:06:05 UTC

Description of problem:
Buckets created through an OBC are owned by operator. It seems it'd be better if the bucket were owned by the account created by the OBC, so that this account has less chances of losing access to bucket because of broken policies.

Version of all relevant components (if applicable):
OCS 4.4

Comment 3 Michael Adam 2020-06-25 09:00:16 UTC

Not sure why no auto-pm-ack by bot... fixing.

Comment 9 Ben Eli 2020-09-17 13:53:08 UTC

I created a new OBC called "testobc".
I then checked the NooBaa UI, and saw that a new account with the same name was created for the OBC, and said account has S3 access to it.
According to Jacky, this verifies the bug.

Verified
OCP 4.6.0-0.nightly-2020-09-16-062819
OCS 4.6.0-87.ci

Comment 11 Mudit Agarwal 2020-10-28 14:41:37 UTC

Jacky, do we need doc text for this (being an RFE)

Comment 12 Nimrod Becker 2020-10-28 16:03:40 UTC

I think this is the expected behavior, even though its an RFE. So I would say no

Comment 14 errata-xmlrpc 2020-12-17 06:22:31 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: Red Hat OpenShift Container Storage 4.6.0 security, bug fix, enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:5605

Note You need to log in before you can comment on or make changes to this bug.