Hi Ulrich, You are correct, there is no specific authorization needed for creating topics. User authentication is done as with any other REST call, but there are no restrictions and any user can create a topic. Would probably make sense to limit that ability. Would appreciate if you could open a tracker for that.
Thanks, Yuval On Mon, Dec 5, 2022 at 2:26 PM Ulrich Klein <ulrich.kl...@ulrichklein.de> wrote: > Hi, > > I'm experimenting with notifications for S3 buckets. > I got it working with notifications to HTTP(S) endpoints. > > What I did: > > Create a topic: > # cat create_topic.data > Action=CreateTopic > &Name=topictest2 > &Attributes.entry.1.key=verify-ssl&Attributes.entry.1.value=false > &Attributes.entry.2.key=use-ssl&Attributes.entry.2.value=false > &Attributes.entry.3.key=OpaqueData&Attributes.entry.3.value=Hallodrio > &Attributes.entry.4.key=push-endpoint&Attributes.entry.4.value= > http://helper.example.com/cgi-bin/topictest > &Attributes.entry.5.key=persistent&Attributes.entry.5.value=false > &Attributes.entry.6.key=cloudevents&Attributes.entry.6.value=false > <http://helper.example.com/cgi-bin/topictest&Attributes.entry.5.key=persistent&Attributes.entry.5.value=false&Attributes.entry.6.key=cloudevents&Attributes.entry.6.value=false> > > # curl --request POST 'https://rgw.example.com' --data @create_topic.data > <CreateTopicResponse xmlns="https://sns.amazonaws.com/doc/2010-03-31/ > "><CreateTopicResult><TopicArn>arn:aws:sns:example::topictest2</TopicArn></CreateTopicResult><ResponseMetadata><RequestId>f0904533-f4ed-4d60-886c-4125fcbed97b.4944109.3169009808426767767</RequestId></ResponseMetadata></CreateTopicResponse> > > > And then created a notification for some user, which I received ok via > http. > > > What I'm wondering: > There was no authentication/authorization necessary at all to create the > topic?? > Is that normal? Any <...> could create a million topics that way. > > Is there a way to prevent that from happening? I haven't found one in the > docs. > > I guess - being new to the topic of notifications - that I'm missing > something obvious? > > Ciao, Uli > _______________________________________________ > ceph-users mailing list -- ceph-users@ceph.io > To unsubscribe send an email to ceph-users-le...@ceph.io > > _______________________________________________ ceph-users mailing list -- ceph-users@ceph.io To unsubscribe send an email to ceph-users-le...@ceph.io
