Skip to content

[Hackathon] Add extension method: verifyBucketOwnership #3076

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Mar 3, 2022
Merged

[Hackathon] Add extension method: verifyBucketOwnership #3076

merged 3 commits into from
Mar 3, 2022

Conversation

Bennett-Lynch
Copy link
Contributor

No description provided.

@Bennett-Lynch Bennett-Lynch requested a review from a team as a code owner March 3, 2022 01:15
cenedhryn
cenedhryn reviewed Mar 3, 2022
View reviewed changes
...java/software/amazon/awssdk/services/s3/internal/extensions/DefaultS3ClientSdkExtension.java

@Override
public void verifyBucketOwnership(String bucket) {
boolean isBucketOwner = s3.listBuckets()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What if there are many many buckets?
Is it possible to use a headBucket request, or is that too inconclusive?

Copy link
Contributor Author

@Bennett-Lynch Bennett-Lynch Mar 3, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. The maximum number of buckets is 1,000. listBuckets isn't a paginated operation.
  2. Simply verifying access to a bucket via headBucket doesn't verify that we own it. The intent here is to verify that we own a bucket that we may be potentially writing to.
  3. To use headBucket we would need to use the expectedBucketOwner parameter, but the difficulty here is that we don't necessarily know the caller's AWS Account ID. However, listBuckets works as a clever workaround here because it "returns a list of all buckets owned by the authenticated sender of the request".

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds good! Thanks for clarifying.

@Bennett-Lynch Bennett-Lynch merged commit 272d438 into aws:hackathon-2022-extension-methods Mar 3, 2022
@sonarqubecloud
Copy link

sonarqubecloud bot commented Mar 3, 2022

SonarCloud Quality Gate failed.    Quality Gate failed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 1 Code Smell

0.0% 0.0% Coverage
0.0% 0.0% Duplication

aws-sdk-java-automation added a commit that referenced this pull request Jun 18, 2024
@aws-sdk-java-automation
Merge pull request #3076 from aws/staging/1ef9dcd3-af44-4770-8f97-350…
fc264e8 
…679627e5f

Pull request: release <- staging/1ef9dcd3-af44-4770-8f97-350679627e5f
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cenedhryn cenedhryn cenedhryn approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Bennett-Lynch @cenedhryn