[EPIC] [DTM] Use of a single bucket #5234
Labels
customer
Epic
multitenancy
refactoring
Code enhencements that don't alter software behaviour
security
Comments
chibenwa
added
security
refactoring
|
linagora/tmail-flutter#3028 (comment) CF @ducnm0711 Though this could be an important improvment, I do not foresee work on this in a short timeframe due to competing customer projects. |
chibenwa
changed the title
|
While we are at it we shall study feasability of per-domain isolation strategy of deleted message vault CF #5263 |
|
Got bitten hard on CNB prod by this: deleted-messages-2024-09-01 bucket did not exist and TMail had no right to create it... |
Ideally Twake Mail should create all necessary data in a single bucket. Restricting access right to a set of buckets is a feature of s3 Service Provider. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Why?
Ideally we shall restrict Twake Mail rights to a restricted set of buckets.
How?
Instead of using the following buckets:
Use a single
deleted-message-vaultbucket.Keys in there would be organized by month:
2024/07/{UUID}We could provide a custom implementation of the DeletedMessageVault relying directly on the S3 client without relying on the BlobStore for ease of implementation if needed. Ideally we would reuse the existing Cassandra / PGSQL metadata.
This could be a Twake Mail component first.
The text was updated successfully, but these errors were encountered: