Project buckets#3124
Merged
Merged
Conversation
… to alternate buckets in the same acocunt
AndrewPlayer3
approved these changes
Jun 4, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
In v10.17.0, we released the ability for users to specify an external bucket to publish HyP3 products to, but due to security concerns, we disallowed writing to any bucket within the AWS containing the HyP3 deployment except the hyp3 content (product) bucket, since those buckets are generally used for other purposes.
However, some of our project deployments also have a long-term archive bucket within the same account, and this condition disallowed the new bucket feature from writing to the archive buckets.
This PR adds a deployment parameter that removes this condition and allows writing to any bucket within the account. Notably, I've enabled same-account-publishing for 10/28 deployments (~1/3 of hyp3 deployments).
Since all these project deployments are strictly controlled and largely managed internally by ASF, there isn't enough risk to require explicitly listing the allowed buckets and requiring redeployment (releases) to update the list, so I think this setup is the best of the available options.