Re: [PR] [#6028] feat(core): add GCS get bucket permission for GCS fileset operation [gravitino]

via GitHub Sun, 05 Jan 2025 19:16:43 -0800


yuqi1129 commented on code in PR #6041:
URL: https://github.com/apache/gravitino/pull/6041#discussion_r1903608510



##########
bundles/gcp/src/main/java/org/apache/gravitino/gcs/credential/GCSTokenProvider.java:
##########
@@ -146,6 +146,13 @@ private CredentialAccessBoundary getAccessBoundary(
         CredentialAccessBoundary.newBuilder();
     readBuckets.forEach(
         bucket -> {
+          // Hadoop GCS connector needs to get bucket info
+          AccessBoundaryRule bucketInfoRule =
+              AccessBoundaryRule.newBuilder()
+                  .setAvailableResource(toGCSBucketResource(bucket))
+                  
.setAvailablePermissions(Arrays.asList("inRole:roles/storage.legacyBucketReader"))
+                  .build();
+          credentialAccessBoundaryBuilder.addRule(bucketInfoRule);

Review Comment:
   This part of the code logic has been verified by 
https://github.com/apache/gravitino/pull/5974/files#diff-9648afc1108b659efec079440f8e204f9be42501c87bf560cefc2b294a1261c7
 and as a fix for permission is not enough for GCS fileset. 



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Re: [PR] [#6028] feat(core): add GCS get bucket permission for GCS fileset operation [gravitino]

Reply via email to