[AWS S3 Exporter] support canned_acl #37935

KevinThompsonYCRX · 2025-02-14T17:57:18Z

Component(s)

No response

Is your feature request related to a problem? Please describe.

The exporter does not allow users to provide an ACL, which many organizations will need.

Describe the solution you'd like

By default this is set to "private", users should be able to pass any of the allowed canned ACLs that Amazon supports

Describe alternatives you've considered

No response

Additional context

The ACL field on the PutObjectInput provides a little more detail, this can be just a straight passthrough from a user input & it would suffice as long as you provide a valid default: https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/s3#PutObjectInput

github-actions · 2025-02-14T18:43:51Z

Pinging code owners for exporter/awss3: @atoulme @pdelewski. See Adding Labels via Comments if you do not have permissions to add labels yourself. For example, comment '/label priority:p2 -needs-triaged' to set the priority and remove the needs-triaged label.

atoulme · 2025-02-15T20:56:52Z

Alright, would you like to become codeowner to help maintain that feature moving forward?

kevthompson · 2025-02-15T21:20:40Z

Yeah you can add this account

atoulme · 2025-02-15T21:22:29Z

Not so fast ; you need to be an OpenTelemetry member first. You can count on my sponsorship if you go through with it. See here: https://github.com/open-telemetry/community/issues/new?template=membership.md

More info in CONTRIBUTING.md.

kevthompson · 2025-02-16T22:31:27Z

Looks like I'll need another sponsor as well, I'll look to see if I can contribute somewhere else to find one

Erog38 · 2025-04-11T17:25:15Z

This appears to have broken working configurations where S3 buckets do not have an ACL enabled, should this be defaulted to not having the acl decoration enabled unless the option is defined?

kevthompson · 2025-04-14T00:34:38Z

This appears to have broken working configurations where S3 buckets do not have an ACL enabled, should this be defaulted to not having the acl decoration enabled unless the option is defined?

Based on AWS docs & the description in the Go SDK I though private was the correct default: "By default, all objects are private."

Looking at it again, I see further down it mentions: "Buckets that [disable ACLs] only accept PUT requests that don't specify an ACL or PUT requests that specify bucket owner full control ACLs", so you're correct and this should be left off. I'm out of town this week if you or someone else can take a look at it, and using bucket-owner-full-control should work as an input for now.

Erog38 · 2025-04-14T04:42:48Z

No worries dude, I opened #39346 and submitted a PR attached to it #39354 which makes them completely optional.

If you have a sec to stamp your ok with the change, it would likely help get it through.

KevinThompsonYCRX added enhancement New feature or request needs triage New item requiring triage labels Feb 14, 2025

crobert-1 added the exporter/awss3 label Feb 14, 2025

kevthompson mentioned this issue Feb 15, 2025

[exporter/awss3exporter] Add canned_acl as an input #37953

Merged

atoulme removed the needs triage New item requiring triage label Feb 15, 2025

github-actions bot mentioned this issue Feb 18, 2025

Weekly Report: 2025-02-11 - 2025-02-18 #37985

Closed

andrzej-stencel closed this as completed in #37953 Mar 3, 2025

andrzej-stencel closed this as completed in 8a5f4cc Mar 3, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[AWS S3 Exporter] support canned_acl #37935

[AWS S3 Exporter] support canned_acl #37935

KevinThompsonYCRX commented Feb 14, 2025

github-actions bot commented Feb 14, 2025

atoulme commented Feb 15, 2025

kevthompson commented Feb 15, 2025

atoulme commented Feb 15, 2025

kevthompson commented Feb 16, 2025

Erog38 commented Apr 11, 2025

kevthompson commented Apr 14, 2025

Erog38 commented Apr 14, 2025