feat(s3): add object ownership config parameter
Related to #909 (closed)
🌱
Why Historically S3 instance relied on ACLs as a means to specify ownership of a storage object when uploading an object. This would grant the uploader of a storage object the option of specifying who would own the resource from the instance it is uploaded (potentially having the right to exclude the bucket owner).
AWS S3 has now moved away from ACLs and are now recommending Object Ownership, which gives the bucket owner automatic ownership of every object in a bucket and grants access to the bucket via IAM roles.
From April 2023 amazon has announced that all new AWS S3 buckets will by default operate in Object Ownership mode, as opposed to the legacy ACL grant mode.
🔮
What does this mean for the registry? The registry currently relies on ACLs to interact with any S3 instance it utilizes as a storage backend. If the S3 instance used is re-configured to use S3 Object Ownership (non-ACL) then the registry will fail to upload blobs #909 (closed)
🎁
What's in the MR Adds registry s3 driver support for S3 Object Ownership by introducing a new storage
s3
configuration parameter called objectownership
true|false
. This new parameter can not be enabled together with the existing objectacl
parameter; When objectownership
is enabled all requests to upload objects via the registry to S3 will not use ACLs.