Move method is getting called in S3NotebookRepo whenever notebook is
deleted, in this method serverside encryption is not set, so adding the
below code will fix the issue.
@Override
public void move(String noteId, String notePath, String newNotePath,
AuthenticationInfo subject) throws IOException {
String key = rootFolder + "/" + buildNoteFileName(noteId, notePath);
String newKey = rootFolder + "/" + buildNoteFileName(noteId,
newNotePath);
CopyObjectRequest copReq = new CopyObjectRequest(bucketName, key,
bucketName, newKey);
if (useServerSideEncryption) {
// Request server-side encryption.
ObjectMetadata objectMetadata = new ObjectMetadata();
objectMetadata.setSSEAlgorithm(ObjectMetadata.AES_256_SERVER_SIDE_ENCRYPTION);
copReq.setNewObjectMetadata(objectMetadata);
}
//s3client.copyObject(bucketName, key, bucketName, newKey);
s3client.copyObject(copReq);
s3client.deleteObject(bucketName, key);
}
P.S Due to some official reason I can not give the pull request.
On Mon, Jul 26, 2021 at 7:42 AM Jeff Zhang <zjf...@gmail.com> wrote:
> Not sure what's the root cause, do you mind to help fix it ? I am not sure
> whether others in the community familiar with s3 and has environment to
> test it.
>
> Great Info <gubt...@gmail.com> 于2021年7月26日周一 上午12:06写道:
>
>> I have deployed zeppelin 0.9.0 on AWS e2 and configured the s3 Notebook
>> store. I have IAM role created, ec2 uses that role and defined right bucket
>> permission for that role.
>> Create Notebook, modify notebook works but delete is not working, getting
>> 403 error.
>>
>> I have the right policy defined, below is my policy JSON(Camel case here
>> last due to some content move). How to know which action is used during
>> Delete notebooks
>>
>>
>>
>> {
>> "version": "2012-10-17",
>> "id": "bucket_policy",
>> "statement": [{
>> "sid": "denyreadaccess",
>> "effect": "deny",
>> "principal": "*",
>> "action": ["s3:getobject", "s3:getobjectversion"],
>> "resource": "arn:aws:s3:::zeppelin-tes/*",
>> "condition": {
>> "arnnotlike": {
>> "aws:principalarn": "arn:aws:iam::985767567532:role/app/zeppelin-tes"
>> }
>> }
>> }, {
>> "sid": "denywriteaccess",
>> "effect": "deny",
>> "principal": "*",
>> "action": ["s3:putobject", "s3:putobjectacl"],
>> "resource": "arn:aws:s3:::zeppelin-tes/*",
>> "condition": {
>> "arnnotlike": {
>> "aws:principalarn": "arn:aws:iam::985767567532:role/app/zeppelin-tes"
>> }
>> }
>> }, {
>> "sid": "denydeleteaccess",
>> "effect": "deny",
>> "principal": "*",
>> "action": ["s3:deleteobject", "s3:deleteobjectversion",
>> "s3:abortmultipartupload"],
>> "resource": "arn:aws:s3:::zeppelin-tes/*",
>> "condition": {
>> "arnnotlike": {
>> "aws:principalarn": "arn:aws:iam::985767567532:role/app/zeppelin-tes"
>> }
>> }
>> }, {
>> "sid": "denyreplicateaccessallexceptmasterroles",
>> "effect": "deny",
>> "principal": "*",
>> "action": ["s3:replicateobject", "s3:replicatetags",
>> "s3:replicatedelete"],
>> "resource": "arn:aws:s3:::zeppelin-tes/*",
>> "condition": {
>> "arnlike": {
>> "aws:principalarn": "arn:aws:iam::985767567532:role/app/zeppelin-tes"
>> }
>> }
>> }, {
>> "sid": "denyaccessexceptformasterroles",
>> "effect": "deny",
>> "principal": "*",
>> "action": ["s3:deletebucket", "s3:deletebucketpolicy",
>> "s3:deletebucketwebsite", "s3:putbucketacl", "s3:putbucketcors",
>> "s3:putbucketpolicy", "s3:putbucketlogging", "s3:putbucketnotification",
>> "s3:putbucketobjectlockconfiguration", "s3:putbucketpublicaccessblock",
>> "s3:putbucketrequestpayment", "s3:putbucketwebsite", "s3:restoreobject*"],
>> "resource": ["arn:aws:s3:::zeppelin-tes", "arn:aws:s3:::zeppelin-tes/*"],
>> "condition": {
>> "arnlike": {
>> "aws:principalarn": "arn:aws:iam::985767567532:role/app/zeppelin-tes"
>> }
>> }
>> }, {
>> "sid": "denynonsecuretraffic",
>> "effect": "deny",
>> "principal": "*",
>> "action": "s3:*",
>> "resource": ["arn:aws:s3:::zeppelin-tes", "arn:aws:s3:::zeppelin-tes/*"],
>> "condition": {
>> "bool": {
>> "aws:securetransport": "false"
>> }
>> }
>> }]
>> }
>>
>
>
> --
> Best Regards
>
> Jeff Zhang
>
