[ceph-users] s3 bucket policys

Adam C. Emerson aemerson at redhat.com
Mon Nov 6 08:19:09 PST 2017


On 06/11/2017, nigel davies wrote:
> ok i am using Jewel vershion
> 
> when i try setting permissions using s3cmd or an php script using s3client
> 
> i get the error
> 
> <?xml version="1.0"
> encoding="UTF-8"?><Error><Code>InvalidArgument</Code><BucketName>test_bucket</BucketName><RequestId>
> (truncated...)
>    InvalidArgument (client):  - <?xml version="1.0"
> encoding="UTF-8"?><Error><Code>InvalidArgument</Code><BucketName>test_bucket</BucketName><RequestId>tx00000000
> 
> 000000000000a-005a005b91-109f-default</RequestId><HostId>109f-default-default</HostId></Error>
> 
> 
> 
> in the log on the s3 server i get
> 
> 2017-11-06 12:54:41.987704 7f67a9feb700  0 failed to parse input: {
>     "Version": "2012-10-17",
>     "Statement": [
>         {
>             "Sid": "usr_upload_can_write",
>             "Effect": "Allow",
>             "Principal": {"AWS": ["arn:aws:iam:::user/test"]},
>             "Action": ["s3:ListBucket", "s3:PutObject"],
>             "Resource": ["arn:aws:s3:::test_bucket"]
>         }
> 2017-11-06 12:54:41.988219 7f67a9feb700  1 ====== req done
> req=0x7f67a9fe57e0 op status=-22 http_status=400 ======
> 
> 
> Any advice on this one

Well! If you upgrade to Luminous the advice I gave you will work
perfectly. Also Luminous has a bunch of awesome, wonderful new
features like Bluestore in it (and really what other enterprise
storage platform promises to color your data such a lovely hue?)

But, if you can't, I think something like:

s3cmd setacl s3://bucket_name --acl_grant=read:someuser
s3cmd setacl s3://bucket_name --acl_grant=write:differentuser

Should work. Other people than I know a lot more about ACLs.

-- 
Senior Software Engineer           Red Hat Storage, Ann Arbor, MI, US
IRC: Aemerson at OFTC, Actinic at Freenode
0x80F7544B90EDBFB9 E707 86BA 0C1B 62CC 152C  7C12 80F7 544B 90ED BFB9


More information about the ceph-users mailing list