Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GCS: Don't try to set ACLs if bucket-policy only is set #8493

Merged
merged 1 commit into from
Feb 6, 2020
Merged

GCS: Don't try to set ACLs if bucket-policy only is set #8493

merged 1 commit into from
Feb 6, 2020

Conversation

justinsb
Copy link
Member

@justinsb justinsb commented Feb 6, 2020

This means we won't be able to work unless there's a bucket permission
(which actually will typically happen if the state store is in the
same GCS project).

This is the minimal workaround for cherry-picking.

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Feb 6, 2020
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: justinsb

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Feb 6, 2020
@justinsb
GCS: Don't try to set ACLs if bucket-policy only is set
187d5e5 
This means we won't be able to work unless there's a bucket permission
(which actually will typically happen if the state store is in the
same GCS project).

This is the minimal workaround for cherry-picking.
@justinsb
Copy link
Member Author

justinsb commented Feb 6, 2020

Some background: we set ACLs to enable a remote GCS bucket. But if the bucket has uniform bucket level access then we simply can't set ACLs.

For the common case where the kops-state-store GCS bucket is in the same project, we likely don't need these ACLs anyway, so this is a minimal fix to unblock functionality there, that we can cherry-pick.

Future PRs will try to handle the cross-project case, but we probably wouldn't cherry-pick them.

@rifelpet
Copy link
Member

rifelpet commented Feb 6, 2020

Looking forward to our kops-gce job turning green :)

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Feb 6, 2020
@k8s-ci-robot k8s-ci-robot merged commit 3c85693 into kubernetes:master Feb 6, 2020
@k8s-ci-robot k8s-ci-robot added this to the v1.18 milestone Feb 6, 2020
This was referenced Feb 6, 2020
Merged
Merged
Merged
k8s-ci-robot added a commit that referenced this pull request Feb 7, 2020
@k8s-ci-robot
Merge pull request #8500 from justinsb/cherrypick_8493_release-1.15
9405236 
Cherry pick of #8493 onto release-1.15
k8s-ci-robot added a commit that referenced this pull request Feb 7, 2020
@k8s-ci-robot
Merge pull request #8498 from justinsb/cherrypick_8493_release-1.17
e3e1b32 
Cherry pick of #8493 onto release-1.17
k8s-ci-robot added a commit that referenced this pull request Feb 7, 2020
@k8s-ci-robot
Merge pull request #8499 from justinsb/cherrypick_8493_release-1.16
1ef1a71 
Cherry pick of #8493 onto release-1.16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joshbranham joshbranham Awaiting requested review from joshbranham

@robinpercy robinpercy Awaiting requested review from robinpercy

Assignees

@rifelpet rifelpet

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
v1.18
Development

Successfully merging this pull request may close these issues.
3 participants
@justinsb @k8s-ci-robot @rifelpet