Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Users can see buckets they haven't been granted permissions for #61

Open
seankross opened this issue Apr 3, 2024 · 5 comments
Open

Users can see buckets they haven't been granted permissions for #61

seankross opened this issue Apr 3, 2024 · 5 comments
Assignees
@sckott
Labels
bug 🐞 Something isn't working
Milestone
v0.2

Comments

@seankross
Copy link
Collaborator

What would have to be done so that this doesn't happen?

six_user_create("amy")
ℹ Added policy UserInfo to amy
✔ Key pair created for amy
ℹ UserName: amy
...

aws_bucket_add_user("dasl-project1", "amy", permissions = "read")
✔ amy now has read access to bucket dasl-project1

aws_bucket_permissions("dasl-project1")
# A tibble: 3 × 4
  user  permissions policy_read                  policy_admin
  <chr> <chr>       <chr>                        <chr>       
1 amy   read        S3ReadOnlyAccessDaslProject1 NA          
2 scott admin       NA                           NA          
3 sean  admin       NA                           NA          

> Sys.setenv(
+   AWS_ACCESS_KEY_ID = "AmysKey",
+   AWS_SECRET_ACCESS_KEY = "AmysSecret",
+   AWS_REGION = "us-west-2"
+ )
aws_user_current()
[1] "amy"

aws_buckets()
# A tibble: 2 × 8
  bucket_name   key   uri                       size type   owner etag  last_modified
  <chr>         <chr> <chr>              <fs::bytes> <chr>  <chr> <chr> <dttm>       
1 dasl-project1 ""    s3://dasl-project1           0 bucket ""    ""    NA           
2 dasl-project2 ""    s3://dasl-project2           0 bucket ""    ""    NA
@sckott sckott added this to the v0.1 milestone Apr 3, 2024
@sckott sckott added the bug 🐞 Something isn't working label Apr 3, 2024
sckott added a commit that referenced this issue Apr 3, 2024
@sckott
#61 add creds refresher to s3 fxns that use s3fs to pick up new creds…
80e737a 
… if supplied
sckott added a commit that referenced this issue Apr 3, 2024
@sckott
use new con_iam iam client fetcher throughout #61
7dcf7b8
@sckott
Copy link
Member

sckott commented Apr 3, 2024

Thanks for reporting this.

I pushed changes to s3-iam branch. I assume that's the branch you were on. Pull down and try again.

@seankross
Copy link
Collaborator Author

seankross commented Apr 4, 2024
edited
Loading

@sckott I just ran through this again and now when I run aws_buckets() as amy I can't see any buckets. Ideally I would like to be able to see only the buckets I have any permissions for.

> library(sixtyfour)
> aws_user_current()
[1] "amy"
> aws_buckets()
Error: AccessDenied (HTTP 403). Access Denied

On branch s3-iam

@sckott
Copy link
Member

sckott commented Apr 5, 2024

thanks.

so I think this was fixed with the change in #66 -

the fact that aws_buckets doesn't work I think is correct. that is, the list all buckets command would require the user knowing about any buckets they don't have access to, and there isn't a way to list buckets only those you have access to

@seankross
Copy link
Collaborator Author

@sckott for now this is the expected behavior, right?: #61 (comment)

But in the future it would be cool if one could see only the buckets they have access to.

@sckott
Copy link
Member

sckott commented Apr 8, 2024

@seankross

for now this is the expected behavior, right?

yes

But in the future it would be cool if one could see only the buckets they have access to.

From my research so far I don't think it's possible. A user either has permissions to list buckets or not - there doesn't appear to be partial permissions just for the buckets they have acess to. But maybe there's a hack around it

@sckott sckott modified the milestones: v0.1, v0.2 Apr 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sckott sckott

Labels
bug 🐞 Something isn't working
Projects
None yet
Milestone
v0.2
Development

No branches or pull requests
2 participants
@sckott @seankross