I am having an issue with the 'radosgw-admin subuser create' command
doing something different than the '/{admin}/user?subuser&format=json'
admin API.  I want to leverage subusers in S3 which looks to be possible
in my testing for bit more control without resorting to ACLs.

radosgw-admin subuser create --uid=-staff --subuser=test1
--access-key=aaaaaaaaa --secret=zzzzzzzzz --access=read

This command will work and create a both a subuser -staff:test1 with
permission read and a s3 key with the the correct access and secret key set.

The Admin API will not allow me to do this it would seem as the
following is accepted and a subuser is created however a swift_key is
created instead.

HTTP/1.1" 200 130

The documentation for the admin API[0] does not seem to indicate that
access-key is accepted at all.  Also if you pass key-type=s3 it will
return a 400 with InvalidArgument although the documentation says it
should accept the key type s3.

Bug? Design?

One other issue is that a command that uses the --purge-keys from
radosgw-admin seems to have no effect.  The following command removes
the subuser and leaves the swift keys it has (but also any s3 keys too).

radosgw-admin subuser rm --uid=-staff --subuser=test2 --purge-keys

[0] - http://docs.ceph.com/docs/master/radosgw/adminops/#create-subuser

Derek T. Yarnell
University of Maryland
Institute for Advanced Computer Studies
To unsubscribe from this list: send the line "unsubscribe ceph-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to