Hi,
Can someone help to raise a pull request for this?
Due to some official reason, I can not give the pull request.
On Tue, Jul 27, 2021 at 9:37 PM Great Info <gubt...@gmail.com> wrote:
> Move method is getting called in S3NotebookRepo whenever notebook is
> deleted, in this method serverside encryption is not set, so adding the
> below code will fix the issue.
>
> @Override
> public void move(String noteId, String notePath, String newNotePath,
> AuthenticationInfo subject) throws IOException {
> String key = rootFolder + "/" + buildNoteFileName(noteId, notePath);
> String newKey = rootFolder + "/" + buildNoteFileName(noteId,
> newNotePath);
> CopyObjectRequest copReq = new CopyObjectRequest(bucketName, key,
> bucketName, newKey);
> if (useServerSideEncryption) {
> // Request server-side encryption.
> ObjectMetadata objectMetadata = new ObjectMetadata();
>
> objectMetadata.setSSEAlgorithm(ObjectMetadata.AES_256_SERVER_SIDE_ENCRYPTION);
> copReq.setNewObjectMetadata(objectMetadata);
> }
> //s3client.copyObject(bucketName, key, bucketName, newKey);
> s3client.copyObject(copReq);
> s3client.deleteObject(bucketName, key);
> }
>
>
> P.S Due to some official reason I can not give the pull request.
>
> On Mon, Jul 26, 2021 at 7:42 AM Jeff Zhang <zjf...@gmail.com> wrote:
>
>> Not sure what's the root cause, do you mind to help fix it ? I am not
>> sure whether others in the community familiar with s3 and has
>> environment to test it.
>>
>> Great Info <gubt...@gmail.com> 于2021年7月26日周一 上午12:06写道:
>>
>>> I have deployed zeppelin 0.9.0 on AWS e2 and configured the s3 Notebook
>>> store. I have IAM role created, ec2 uses that role and defined right bucket
>>> permission for that role.
>>> Create Notebook, modify notebook works but delete is not working,
>>> getting 403 error.
>>>
>>> I have the right policy defined, below is my policy JSON(Camel case here
>>> last due to some content move). How to know which action is used during
>>> Delete notebooks
>>>
>>>
>>>
>>> {
>>> "version": "2012-10-17",
>>> "id": "bucket_policy",
>>> "statement": [{
>>> "sid": "denyreadaccess",
>>> "effect": "deny",
>>> "principal": "*",
>>> "action": ["s3:getobject", "s3:getobjectversion"],
>>> "resource": "arn:aws:s3:::zeppelin-tes/*",
>>> "condition": {
>>> "arnnotlike": {
>>> "aws:principalarn": "arn:aws:iam::985767567532:role/app/zeppelin-tes"
>>> }
>>> }
>>> }, {
>>> "sid": "denywriteaccess",
>>> "effect": "deny",
>>> "principal": "*",
>>> "action": ["s3:putobject", "s3:putobjectacl"],
>>> "resource": "arn:aws:s3:::zeppelin-tes/*",
>>> "condition": {
>>> "arnnotlike": {
>>> "aws:principalarn": "arn:aws:iam::985767567532:role/app/zeppelin-tes"
>>> }
>>> }
>>> }, {
>>> "sid": "denydeleteaccess",
>>> "effect": "deny",
>>> "principal": "*",
>>> "action": ["s3:deleteobject", "s3:deleteobjectversion",
>>> "s3:abortmultipartupload"],
>>> "resource": "arn:aws:s3:::zeppelin-tes/*",
>>> "condition": {
>>> "arnnotlike": {
>>> "aws:principalarn": "arn:aws:iam::985767567532:role/app/zeppelin-tes"
>>> }
>>> }
>>> }, {
>>> "sid": "denyreplicateaccessallexceptmasterroles",
>>> "effect": "deny",
>>> "principal": "*",
>>> "action": ["s3:replicateobject", "s3:replicatetags",
>>> "s3:replicatedelete"],
>>> "resource": "arn:aws:s3:::zeppelin-tes/*",
>>> "condition": {
>>> "arnlike": {
>>> "aws:principalarn": "arn:aws:iam::985767567532:role/app/zeppelin-tes"
>>> }
>>> }
>>> }, {
>>> "sid": "denyaccessexceptformasterroles",
>>> "effect": "deny",
>>> "principal": "*",
>>> "action": ["s3:deletebucket", "s3:deletebucketpolicy",
>>> "s3:deletebucketwebsite", "s3:putbucketacl", "s3:putbucketcors",
>>> "s3:putbucketpolicy", "s3:putbucketlogging", "s3:putbucketnotification",
>>> "s3:putbucketobjectlockconfiguration", "s3:putbucketpublicaccessblock",
>>> "s3:putbucketrequestpayment", "s3:putbucketwebsite", "s3:restoreobject*"],
>>> "resource": ["arn:aws:s3:::zeppelin-tes", "arn:aws:s3:::zeppelin-tes/*"],
>>> "condition": {
>>> "arnlike": {
>>> "aws:principalarn": "arn:aws:iam::985767567532:role/app/zeppelin-tes"
>>> }
>>> }
>>> }, {
>>> "sid": "denynonsecuretraffic",
>>> "effect": "deny",
>>> "principal": "*",
>>> "action": "s3:*",
>>> "resource": ["arn:aws:s3:::zeppelin-tes", "arn:aws:s3:::zeppelin-tes/*"],
>>> "condition": {
>>> "bool": {
>>> "aws:securetransport": "false"
>>> }
>>> }
>>> }]
>>> }
>>>
>>
>>
>> --
>> Best Regards
>>
>> Jeff Zhang
>>
>
