noobaa-core icon indicating copy to clipboard operation
noobaa-core copied to clipboard

Published 20 hours ago verified publisher icon noobaa

NSFS | NC | CLI | Remove system owner from bucket config files and bucket schema

Open romayalon opened this issue 1 year ago • 1 comments

Environment info

  • NooBaa Version: master
  • Platform: NC

Actual behavior

The system owner is a bucket property, kept on the bucket level and a part of the bucket schema.

Expected behavior

  1. The system owner is not a bucket property, and therefore it should not be kept on the bucket config file. We should consider having a system owner kept on system.json if needed. The system owner is often needed as a "root" account to be able to get access across the system.
  2. Keep attention that on bucketspace_fs.js - read_bucket_sdk_info() we will need to "load" a system owner but not from the bucket config file.

romayalon avatar Feb 05 '24 12:02 romayalon

@guymguym @nimrod-becker a new related BZ was opened - https://bugzilla.redhat.com/show_bug.cgi?id=2280212. In the BZ, it's mentioned that Bucket policies can't limit a bucket owner's access to his own buckets (that's because system_owner is set to bucket_owner). I believe that the above scenario is not that frequent but it's still an unexpected behavior, we need to consider it when re-evaluating priorities to the coming version.

romayalon avatar May 15 '24 06:05 romayalon