linode · Shunpoco · May 21, 2024 · May 20, 2024 · May 20, 2024 · May 20, 2024
diff --git a/apis/provider-ceph/v1alpha1/bucket_types.go b/apis/provider-ceph/v1alpha1/bucket_types.go
@@ -85,6 +85,12 @@ type BucketParameters struct {
 	// AssumeRoleTags may be used to add custom values to an AssumeRole request.
 	// +optional
 	AssumeRoleTags []Tag `json:"assumeRoleTags,omitempty"`
+
+	// BucketPolicy is a JSON string of BucketPolicy.
+	// If it is set, Provider-Ceph calls PutBucketPolicy API after creating the bucket.
+	// Before adding it, you should validate the JSON string.
+	// +optional
+	BucketPolicy string `json:"bucketPolicy,omitempty"`
 }
 
 // BackendInfo contains relevant information about an S3 backend for

diff --git a/internal/backendstore/backend.go b/internal/backendstore/backend.go
@@ -41,6 +41,9 @@ type S3Client interface {
 	DeleteBucketLifecycle(context.Context, *s3.DeleteBucketLifecycleInput, ...func(*s3.Options)) (*s3.DeleteBucketLifecycleOutput, error)
 	GetBucketAcl(context.Context, *s3.GetBucketAclInput, ...func(*s3.Options)) (*s3.GetBucketAclOutput, error)
 	PutBucketAcl(context.Context, *s3.PutBucketAclInput, ...func(*s3.Options)) (*s3.PutBucketAclOutput, error)
+	PutBucketPolicy(context.Context, *s3.PutBucketPolicyInput, ...func(*s3.Options)) (*s3.PutBucketPolicyOutput, error)
+	GetBucketPolicy(context.Context, *s3.GetBucketPolicyInput, ...func(*s3.Options)) (*s3.GetBucketPolicyOutput, error)
+	DeleteBucketPolicy(context.Context, *s3.DeleteBucketPolicyInput, ...func(*s3.Options)) (*s3.DeleteBucketPolicyOutput, error)
 }
 
 //counterfeiter:generate . STSClient

diff --git a/internal/backendstore/backendstorefakes/fake_s3client.go b/internal/backendstore/backendstorefakes/fake_s3client.go
diff --git a/internal/controller/bucket/consts.go b/internal/controller/bucket/consts.go
@@ -24,5 +24,9 @@ const (
 	errObserveAcl = "failed to observe bucket acl"
 	errHandleAcl  = "failed to handle bucket acl"
 
+	// BucketPolicy error messages.
+	errObservePolicy = "failed to observe bucket policy"
+	errHandlePolicy  = "failed to handle bucket policy"
+
 	True = "true"
 )
diff --git a/internal/controller/bucket/lifecycleconfiguration.go b/internal/controller/bucket/lifecycleconfiguration.go
@@ -37,6 +37,7 @@ func NewLifecycleConfigurationClient(b *backendstore.BackendStore, h *s3clientha
 	return &LifecycleConfigurationClient{backendStore: b, s3ClientHandler: h, log: l}
 }
 
+//nolint:dupl // LifecycleConfiguration and BucketPolicy are different feature.
 func (l *LifecycleConfigurationClient) Observe(ctx context.Context, bucket *v1alpha1.Bucket, backendNames []string) (ResourceStatus, error) {
 	ctx, span := otel.Tracer("").Start(ctx, "bucket.LifecycleConfigurationClient.Observe")
 	defer span.End()