[ceph-users] s3 bucket policys
simon.leinen at switch.ch
Tue Nov 7 02:17:03 PST 2017
Adam C Emerson writes:
> On 03/11/2017, Simon Leinen wrote:
>> Is this supported by the Luminous version of RadosGW?
> Yes! There's a few bugfixes in master that are making their way into
> Luminous, but Luminous has all the features at present.
Does that mean it should basically work in 10.2.1?
>> (Or even Jewel?)
I see; this will definitely motivate us to speed up our Luminous upgrade!
>> Does this work with Keystone integration, i.e. can we refer to Keystone
>> users as principals?
> In principle probably. I haven't tried it and I don't really know
> much about Keystone at present. It is hooked into the various
> IdentityApplier classes and if RGW thinks a Keystone user is a
> 'user' and you supply whatever RGW thinks its username is, then it
> should work fine. I haven't tried it, though.
Unless someone beats us to it, we'll try as soon as we have our
cluster (with Keystone integration) in Luminous.
>> Let's say there are many read-only users rather than just one. Would we
>> simply add a new clause under "Statement" for each such user, or is
>> there a better way? (I understand that RadosGW doesn't support groups,
>> which could solve this elegantly and efficiently.)
> If you want to give a large number of users the same permissions, just
> put them all in the Principal array.
Right, thanks for the tip! That makes it more compact. For our use
case it won't be hundreds of users, I guess, more like dozens at most.
More information about the ceph-users