From 5c7f8f28d530e6cbdedb0cc9a819dabfc9d04172 Mon Sep 17 00:00:00 2001 From: dawg Date: Wed, 5 Mar 2025 10:12:57 +0100 Subject: [PATCH] doc: fixup #58689 - document SSE-C iam condition key Signed-off-by: dawg (cherry picked from commit 7b4ac886621b71abb9356bce6c44b3c36b2c0ee2) --- doc/radosgw/bucketpolicy.rst | 97 +++++++++++++++++++----------------- 1 file changed, 50 insertions(+), 47 deletions(-) diff --git a/doc/radosgw/bucketpolicy.rst b/doc/radosgw/bucketpolicy.rst index 26a2431603f8c..98a408a5acbad 100644 --- a/doc/radosgw/bucketpolicy.rst +++ b/doc/radosgw/bucketpolicy.rst @@ -179,53 +179,56 @@ Bucket Related Operations Object Related Operations ~~~~~~~~~~~~~~~~~~~~~~~~~~ -+-----------------------------+-----------------------------------------------+-------------------+ -|Permission |Condition Keys | Comments | -| | | | -+-----------------------------+-----------------------------------------------+-------------------+ -| |s3:x-amz-acl & s3:x-amz-grant- | | -| | | | -| +-----------------------------------------------+-------------------+ -| |s3:x-amz-copy-source | | -| | | | -| +-----------------------------------------------+-------------------+ -| |s3:x-amz-server-side-encryption | | -| | | | -| +-----------------------------------------------+-------------------+ -|s3:PutObject |s3:x-amz-server-side-encryption-aws-kms-key-id | | -| | | | -| +-----------------------------------------------+-------------------+ -| |s3:x-amz-metadata-directive |PUT & COPY to | -| | |overwrite/preserve | -| | |metadata in COPY | -| | |requests | -| +-----------------------------------------------+-------------------+ -| |s3:RequestObjectTag/ | | -| | | | -+-----------------------------+-----------------------------------------------+-------------------+ -|s3:PutObjectAcl |s3:x-amz-acl & s3-amz-grant- | | -|s3:PutObjectVersionAcl | | | -| +-----------------------------------------------+-------------------+ -| |s3:ExistingObjectTag/ | | -| | | | -+-----------------------------+-----------------------------------------------+-------------------+ -| |s3:RequestObjectTag/ | | -|s3:PutObjectTagging & +-----------------------------------------------+-------------------+ -|s3:PutObjectVersionTagging |s3:ExistingObjectTag/ | | -| | | | -+-----------------------------+-----------------------------------------------+-------------------+ -|s3:GetObject & |s3:ExistingObjectTag/ | | -|s3:GetObjectVersion | | | -+-----------------------------+-----------------------------------------------+-------------------+ -|s3:GetObjectAcl & |s3:ExistingObjectTag/ | | -|s3:GetObjectVersionAcl | | | -+-----------------------------+-----------------------------------------------+-------------------+ -|s3:GetObjectTagging & |s3:ExistingObjectTag/ | | -|s3:GetObjectVersionTagging | | | -+-----------------------------+-----------------------------------------------+-------------------+ -|s3:DeleteObjectTagging & |s3:ExistingObjectTag/ | | -|s3:DeleteObjectVersionTagging| | | -+-----------------------------+-----------------------------------------------+-------------------+ ++-----------------------------+---------------------------------------------------+-------------------+ +|Permission |Condition Keys | Comments | +| | | | ++-----------------------------+---------------------------------------------------+-------------------+ +| |s3:x-amz-acl & s3:x-amz-grant- | | +| | | | +| +---------------------------------------------------+-------------------+ +| |s3:x-amz-copy-source | | +| | | | +| +---------------------------------------------------+-------------------+ +| |s3:x-amz-server-side-encryption | | +| | | | +| +---------------------------------------------------+-------------------+ +|s3:PutObject |s3:x-amz-server-side-encryption-aws-kms-key-id | | +| | | | +| +---------------------------------------------------+-------------------+ +| |s3:x-amz-server-side-encryption-customer-algorithm | | +| | | | +| +---------------------------------------------------+-------------------+ +| |s3:x-amz-metadata-directive |PUT & COPY to | +| | |overwrite/preserve | +| | |metadata in COPY | +| | |requests | +| +---------------------------------------------------+-------------------+ +| |s3:RequestObjectTag/ | | +| | | | ++-----------------------------+---------------------------------------------------+-------------------+ +|s3:PutObjectAcl |s3:x-amz-acl & s3-amz-grant- | | +|s3:PutObjectVersionAcl | | | +| +---------------------------------------------------+-------------------+ +| |s3:ExistingObjectTag/ | | +| | | | ++-----------------------------+---------------------------------------------------+-------------------+ +| |s3:RequestObjectTag/ | | +|s3:PutObjectTagging & +---------------------------------------------------+-------------------+ +|s3:PutObjectVersionTagging |s3:ExistingObjectTag/ | | +| | | | ++-----------------------------+---------------------------------------------------+-------------------+ +|s3:GetObject & |s3:ExistingObjectTag/ | | +|s3:GetObjectVersion | | | ++-----------------------------+---------------------------------------------------+-------------------+ +|s3:GetObjectAcl & |s3:ExistingObjectTag/ | | +|s3:GetObjectVersionAcl | | | ++-----------------------------+---------------------------------------------------+-------------------+ +|s3:GetObjectTagging & |s3:ExistingObjectTag/ | | +|s3:GetObjectVersionTagging | | | ++-----------------------------+---------------------------------------------------+-------------------+ +|s3:DeleteObjectTagging & |s3:ExistingObjectTag/ | | +|s3:DeleteObjectVersionTagging| | | ++-----------------------------+---------------------------------------------------+-------------------+ More may be supported soon as we integrate with the recently rewritten -- 2.39.5