-- Removed CreateMetaRage permission, including docs. (#8552)

-- Closes #8528
treeverse · Jan 27, 2025 · 9d179c7 · 9d179c7
1 parent 7e93e63
commit 9d179c7
Show file tree

Hide file tree

Showing 7 changed files with 2 additions and 9 deletions.
diff --git a/contrib/auth/acl/service_test.go b/contrib/auth/acl/service_test.go
@@ -600,7 +600,6 @@ func TestACL(t *testing.T) {
 					{Action: permissions.DeleteObjectAction, Resource: permissions.ObjectArn("foo", "some/path")},
 					{Action: permissions.CreateBranchAction, Resource: permissions.BranchArn("foo", "twig")},
 					{Action: permissions.CreateCommitAction, Resource: permissions.BranchArn("foo", "twig")},
-					{Action: permissions.CreateMetaRangeAction, Resource: permissions.RepoArn("foo")},
 				},
 				authacl.SuperPermission: []permissions.Permission{
 					{Action: permissions.AttachStorageNamespaceAction, Resource: permissions.StorageNamespace("storage://bucket/path")},

diff --git a/docs/howto/import.md b/docs/howto/import.md
@@ -91,7 +91,7 @@ lakeFS Enterprise
 {: .label .label-purple }
 
 With RBAC support, The lakeFS user running the import command should have the following permissions in lakeFS:
-`fs:WriteObject`, `fs:CreateMetaRange`, `fs:CreateCommit`, `fs:ImportFromStorage` and `fs:ImportCancel`.
+`fs:WriteObject`, `fs:CreateCommit`, `fs:ImportFromStorage` and `fs:ImportCancel`.
 
 As mentioned above, all of these permissions are available by default to the Supers (open-source) group or the SuperUsers (Cloud/Enterprise).
 

diff --git a/docs/howto/mirroring.md b/docs/howto/mirroring.md
@@ -95,7 +95,6 @@ The user should have the following [RBAC policy](../security/rbac.html) attached
             "fs:DeleteObject",
             "fs:ListObjects",
             "fs:CreateCommit",
-            "fs:CreateMetaRange",
             "fs:ReadCommit",
             "fs:ListCommits",
             "fs:CreateBranch",
@@ -149,7 +148,6 @@ The user should have the following [RBAC policy](../security/rbac.html) attached
             "fs:DeleteObject",
             "fs:ListObjects",
             "fs:CreateCommit",
-            "fs:CreateMetaRange",
             "fs:ReadCommit",
             "fs:ListCommits",
             "fs:CreateBranch",

diff --git a/docs/security/rbac.md b/docs/security/rbac.md
@@ -221,8 +221,7 @@ The following Policies are created during initial setup:
                 "fs:CreateTag",
                 "fs:DeleteBranch",
                 "fs:DeleteTag",
-                "fs:CreateCommit",
-                "fs:CreateMetaRange"
+                "fs:CreateCommit"
             ],
             "effect": "allow",
             "resource": "*"

diff --git a/pkg/auth/base.go b/pkg/auth/base.go
@@ -37,7 +37,6 @@ var statementByName = map[string]model.Statement{
 			permissions.DeleteBranchAction,
 			permissions.DeleteTagAction,
 			permissions.CreateCommitAction,
-			permissions.CreateMetaRangeAction,
 		},
 		Effect: model.StatementEffectAllow,
 	},

diff --git a/pkg/permissions/actions.gen.go b/pkg/permissions/actions.gen.go
diff --git a/pkg/permissions/actions.go b/pkg/permissions/actions.go
@@ -27,7 +27,6 @@ const (
 	DeleteObjectAction                        = "fs:DeleteObject"
 	ListObjectsAction                         = "fs:ListObjects"
 	CreateCommitAction                        = "fs:CreateCommit"
-	CreateMetaRangeAction                     = "fs:CreateMetaRange"
 	ReadCommitAction                          = "fs:ReadCommit"
 	ListCommitsAction                         = "fs:ListCommits"
 	CreateBranchAction                        = "fs:CreateBranch"