kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

upload helper: support upload to S3 buckets that block ACLs 

Similar to GCS with UBLA, S3 is now encouraging buckets that block
ACLs.  When we upload to one of these buckets, we cannot set ACLs.

When we detect one of these buckets, we simply skip setting the ACL,
assuming the object ACLs are instead managed at the bucket level, when
the bucket was created.
This commit is contained in:
justinsb 2023-05-03 10:46:38 -04:00
parent c7b5e706ce
commit 3425d9dc52
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
hack/upload
View File

@ -21,7 +21,13 @@ if [[ -z "${DEST}" ]]; then
fi
if [[ "${DEST:0:5}" == "s3://" ]]; then
aws s3 sync ${PUBLIC:+--acl public-read} ${SRC} ${DEST}
acl_flag="${PUBLIC:+--acl public-read}"
bucket=$(echo "${DEST}" | cut -d/ -f3)
# S3 buckets with BucketOwnerEnforced error on attempts to set ACLs
if aws s3api get-bucket-ownership-controls --bucket "${bucket}" | grep -q "BucketOwnerEnforced" 2>/dev/null; then
acl_flag=""
fi
aws s3 sync ${acl_flag} ${SRC} ${DEST}
exit 0
fi