Merge pull request ceph#62119 from MartinNowak/patch-2

zdover23 · web-flow · commit d4ce7b60b2f2 · 2025-03-14T16:54:17.000+10:00
doc/radosgw: Improve bucketpolicy.rst ceph#58689 - document SSE-C IAM condition key Reviewed-by: Anthony D'Atri <anthony.datri@gmail.com>
diff --git a/doc/radosgw/bucketpolicy.rst b/doc/radosgw/bucketpolicy.rst
@@ -155,53 +155,56 @@ Bucket Related Operations
 Object Related Operations
 ~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-+-----------------------------+-----------------------------------------------+-------------------+
-|Permission                   |Condition Keys                                 | Comments          |
-|                             |                                               |                   |
-+-----------------------------+-----------------------------------------------+-------------------+
-|                             |s3:x-amz-acl & s3:x-amz-grant-<perm>           |                   |
-|                             |                                               |                   |
-|                             +-----------------------------------------------+-------------------+
-|                             |s3:x-amz-copy-source                           |                   |
-|                             |                                               |                   |
-|                             +-----------------------------------------------+-------------------+
-|                             |s3:x-amz-server-side-encryption                |                   |
-|                             |                                               |                   |
-|                             +-----------------------------------------------+-------------------+
-|s3:PutObject                 |s3:x-amz-server-side-encryption-aws-kms-key-id |                   |
-|                             |                                               |                   |
-|                             +-----------------------------------------------+-------------------+
-|                             |s3:x-amz-metadata-directive                    |PUT & COPY to      |
-|                             |                                               |overwrite/preserve |
-|                             |                                               |metadata in COPY   |
-|                             |                                               |requests           |
-|                             +-----------------------------------------------+-------------------+
-|                             |s3:RequestObjectTag/<tag-key>                  |                   |
-|                             |                                               |                   |
-+-----------------------------+-----------------------------------------------+-------------------+
-|s3:PutObjectAcl              |s3:x-amz-acl & s3-amz-grant-<perm>             |                   |
-|s3:PutObjectVersionAcl       |                                               |                   |
-|                             +-----------------------------------------------+-------------------+
-|                             |s3:ExistingObjectTag/<tag-key>                 |                   |
-|                             |                                               |                   |
-+-----------------------------+-----------------------------------------------+-------------------+
-|                             |s3:RequestObjectTag/<tag-key>                  |                   |
-|s3:PutObjectTagging &        +-----------------------------------------------+-------------------+
-|s3:PutObjectVersionTagging   |s3:ExistingObjectTag/<tag-key>                 |                   |
-|                             |                                               |                   |
-+-----------------------------+-----------------------------------------------+-------------------+
-|s3:GetObject &               |s3:ExistingObjectTag/<tag-key>                 |                   |
-|s3:GetObjectVersion          |                                               |                   |
-+-----------------------------+-----------------------------------------------+-------------------+
-|s3:GetObjectAcl &            |s3:ExistingObjectTag/<tag-key>                 |                   |
-|s3:GetObjectVersionAcl       |                                               |                   |
-+-----------------------------+-----------------------------------------------+-------------------+
-|s3:GetObjectTagging &        |s3:ExistingObjectTag/<tag-key>                 |                   |
-|s3:GetObjectVersionTagging   |                                               |                   |
-+-----------------------------+-----------------------------------------------+-------------------+
-|s3:DeleteObjectTagging &     |s3:ExistingObjectTag/<tag-key>                 |                   |
-|s3:DeleteObjectVersionTagging|                                               |                   |
-+-----------------------------+-----------------------------------------------+-------------------+
++-----------------------------+---------------------------------------------------+-------------------+
+|Permission                   |Condition Keys                                     | Comments          |
+|                             |                                                   |                   |
++-----------------------------+---------------------------------------------------+-------------------+
+|                             |s3:x-amz-acl & s3:x-amz-grant-<perm>               |                   |
+|                             |                                                   |                   |
+|                             +---------------------------------------------------+-------------------+
+|                             |s3:x-amz-copy-source                               |                   |
+|                             |                                                   |                   |
+|                             +---------------------------------------------------+-------------------+
+|                             |s3:x-amz-server-side-encryption                    |                   |
+|                             |                                                   |                   |
+|                             +---------------------------------------------------+-------------------+
+|s3:PutObject                 |s3:x-amz-server-side-encryption-aws-kms-key-id     |                   |
+|                             |                                                   |                   |
+|                             +---------------------------------------------------+-------------------+
+|                             |s3:x-amz-server-side-encryption-customer-algorithm |                   |
+|                             |                                                   |                   |
+|                             +---------------------------------------------------+-------------------+
+|                             |s3:x-amz-metadata-directive                        |PUT & COPY to      |
+|                             |                                                   |overwrite/preserve |
+|                             |                                                   |metadata in COPY   |
+|                             |                                                   |requests           |
+|                             +---------------------------------------------------+-------------------+
+|                             |s3:RequestObjectTag/<tag-key>                      |                   |
+|                             |                                                   |                   |
++-----------------------------+---------------------------------------------------+-------------------+
+|s3:PutObjectAcl              |s3:x-amz-acl & s3-amz-grant-<perm>                 |                   |
+|s3:PutObjectVersionAcl       |                                                   |                   |
+|                             +---------------------------------------------------+-------------------+
+|                             |s3:ExistingObjectTag/<tag-key>                     |                   |
+|                             |                                                   |                   |
++-----------------------------+---------------------------------------------------+-------------------+
+|                             |s3:RequestObjectTag/<tag-key>                      |                   |
+|s3:PutObjectTagging &        +---------------------------------------------------+-------------------+
+|s3:PutObjectVersionTagging   |s3:ExistingObjectTag/<tag-key>                     |                   |
+|                             |                                                   |                   |
++-----------------------------+---------------------------------------------------+-------------------+
+|s3:GetObject &               |s3:ExistingObjectTag/<tag-key>                     |                   |
+|s3:GetObjectVersion          |                                                   |                   |
++-----------------------------+---------------------------------------------------+-------------------+
+|s3:GetObjectAcl &            |s3:ExistingObjectTag/<tag-key>                     |                   |
+|s3:GetObjectVersionAcl       |                                                   |                   |
++-----------------------------+---------------------------------------------------+-------------------+
+|s3:GetObjectTagging &        |s3:ExistingObjectTag/<tag-key>                     |                   |
+|s3:GetObjectVersionTagging   |                                                   |                   |
++-----------------------------+---------------------------------------------------+-------------------+
+|s3:DeleteObjectTagging &     |s3:ExistingObjectTag/<tag-key>                     |                   |
+|s3:DeleteObjectVersionTagging|                                                   |                   |
++-----------------------------+---------------------------------------------------+-------------------+
 
 
 More may be supported soon as we integrate with the recently rewritten
