noobaa-operator icon indicating copy to clipboard operation
noobaa-operator copied to clipboard

Published 20 hours ago verified publisher icon noobaa

Object can be deleted from Read-Only Bucket

Open schwienbier opened this issue 10 months ago • 0 comments

Environment info

  • NooBaa Operator Version: 5.13.0
  • Platform: Kubernetes v1.25.8

Actual behavior

file can be deleted from the read-only bucket using the following python code.

import logging
from botocore.exceptions import ClientError
import os
import urllib3
urllib3.disable_warnings()
import os

import boto3


s3_client = boto3.resource('s3', 
    endpoint_url='http://s3.noobaa.svc.cluster.local/',
    aws_access_key_id='...',
    aws_secret_access_key='...',        
    config=boto3.session.Config(
                                signature_version = 's3v4',
                                s3={'addressing_style': 'path'},
                                ),
    use_ssl=False,
    verify=False,
    region_name='eu-de-2',)

s3_client.Object('aittest2.ro','dummy.txt').delete()

Expected behavior

File should not be deleted and error message will be raised.

Steps to reproduce

The bucket class was defined as follows to create a read-only bucket.

apiVersion: noobaa.io/v1alpha1
kind: BucketClass
metadata:
  name: bucket-ro
  namespace: noobaa
spec:
  namespacePolicy:
    type: Multi
    multi:
      writeResource: "unwritable-bucket"
      readResources:
      - bucket

Best regards

schwienbier avatar Aug 22 '23 10:08 schwienbier