[ceph-users] s3 bucket policys

Adam C. Emerson aemerson at redhat.com
Fri Nov 3 14:54:06 PDT 2017

On 03/11/2017, Simon Leinen wrote:
> Is this supported by the Luminous version of RadosGW?

Yes! There's a few bugfixes in master that are making their way into
Luminous, but Luminous has all the features at present.

> (Or even Jewel?)


> Does this work with Keystone integration, i.e. can we refer to Keystone
> users as principals?

In principle probably. I haven't tried it and I don't really know much
about Keystone at present. It is hooked into the various
IdentityApplier classes and if RGW thinks a Keystone user is a 'user'
and you supply whatever RGW thinks its username is, then it should
work fine. I haven't tried it, though.

> Let's say there are many read-only users rather than just one.  Would we
> simply add a new clause under "Statement" for each such user, or is
> there a better way? (I understand that RadosGW doesn't support groups,
> which could solve this elegantly and efficiently.)

If you want to give a large number of users the same permissions, just
put them all in the Principal array.

Senior Software Engineer           Red Hat Storage, Ann Arbor, MI, US
IRC: Aemerson at OFTC, Actinic at Freenode
0x80F7544B90EDBFB9 E707 86BA 0C1B 62CC 152C  7C12 80F7 544B 90ED BFB9

More information about the ceph-users mailing list