noobaa-operator
noobaa-operator copied to clipboard
Object can be deleted from Read-Only Bucket
Environment info
- NooBaa Operator Version: 5.13.0
- Platform: Kubernetes v1.25.8
Actual behavior
file can be deleted from the read-only bucket using the following python code.
import logging
from botocore.exceptions import ClientError
import os
import urllib3
urllib3.disable_warnings()
import os
import boto3
s3_client = boto3.resource('s3',
endpoint_url='http://s3.noobaa.svc.cluster.local/',
aws_access_key_id='...',
aws_secret_access_key='...',
config=boto3.session.Config(
signature_version = 's3v4',
s3={'addressing_style': 'path'},
),
use_ssl=False,
verify=False,
region_name='eu-de-2',)
s3_client.Object('aittest2.ro','dummy.txt').delete()
Expected behavior
File should not be deleted and error message will be raised.
Steps to reproduce
The bucket class was defined as follows to create a read-only bucket.
apiVersion: noobaa.io/v1alpha1
kind: BucketClass
metadata:
name: bucket-ro
namespace: noobaa
spec:
namespacePolicy:
type: Multi
multi:
writeResource: "unwritable-bucket"
readResources:
- bucket
Best regards