Be able to remove ACL in S3 hook's copy_object#40518
Merged
potiuk merged 7 commits intoapache:mainfrom Jul 2, 2024
Merged
Conversation
Contributor
Author
|
@eladkal @o-nikolas I've tried to keep it as restrictive as possible and make sure that anybody who relies on the default value keeps it. Anyway let me know if you know any other places where it could have side effects. Thanks a lot! |
vincbeck
approved these changes
Jul 2, 2024
potiuk
approved these changes
Jul 2, 2024
This was referenced Jul 9, 2024
romsharon98
pushed a commit
to romsharon98/airflow
that referenced
this pull request
Jul 26, 2024
* Be able to remove ACL in S3 hook's copy_object * Add default test as well * Update s3.py
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
In
providers.amazon.aws.hooks.s3.S3Hook, it is currently not possible to run thecopy_objectmethod without an ACL policy.As mentioned in the doc, the copy_object method will default to the canned ACL "private". Despite the capability to not write ACL in load/upload methods, It is not possible to copy without an ACL when implemented as such.
This change adds the capability to not write ACL on the destination object.
Since many users may rely on the default value being private, I suggest we used an explicit value that would remove the ACL.
The explicit value suggested: "no-acl". This value is not a Canned ACL so we are not conflicting with any provider value.