[ceph-users] s3 bucket policys
Adam C. Emerson
aemerson at redhat.com
Fri Nov 3 14:54:06 PDT 2017
On 03/11/2017, Simon Leinen wrote:
> Is this supported by the Luminous version of RadosGW?
Yes! There's a few bugfixes in master that are making their way into
Luminous, but Luminous has all the features at present.
> (Or even Jewel?)
> Does this work with Keystone integration, i.e. can we refer to Keystone
> users as principals?
In principle probably. I haven't tried it and I don't really know much
about Keystone at present. It is hooked into the various
IdentityApplier classes and if RGW thinks a Keystone user is a 'user'
and you supply whatever RGW thinks its username is, then it should
work fine. I haven't tried it, though.
> Let's say there are many read-only users rather than just one. Would we
> simply add a new clause under "Statement" for each such user, or is
> there a better way? (I understand that RadosGW doesn't support groups,
> which could solve this elegantly and efficiently.)
If you want to give a large number of users the same permissions, just
put them all in the Principal array.
Senior Software Engineer Red Hat Storage, Ann Arbor, MI, US
IRC: Aemerson at OFTC, Actinic at Freenode
0x80F7544B90EDBFB9 E707 86BA 0C1B 62CC 152C 7C12 80F7 544B 90ED BFB9
More information about the ceph-users