This 'juggle keys' is a bit cryptic to me. If I create a subuser it becomes a swift user not? So how can that have access to the s3 or be used in a s3 client. I have to put in the client the access and secret key, in the subuser I only have a secret key.
Is this multi tentant basically only limiting this buckets namespace to the tenants users and nothing else? -----Original Message----- From: David Turner [mailto:drakonst...@gmail.com] Sent: zondag 29 april 2018 14:52 To: Yehuda Sadeh-Weinraub Cc: ceph-users@lists.ceph.com; Безруков Илья Алексеевич Subject: Re: [ceph-users] How to configure s3 bucket acl so that one user's bucket is visible to another. You can create subuser keys to allow other users to have access to a bucket. You have to juggle keys, but it works pretty well. On Sun, Apr 29, 2018, 4:00 AM Yehuda Sadeh-Weinraub <yeh...@redhat.com> wrote: You can't. A user can only list the buckets that it owns, it cannot list other users' buckets. Yehuda On Sat, Apr 28, 2018 at 11:10 AM, Безруков Илья Алексеевич <bezru...@iaaras.ru> wrote: > Hello, > > How to configure s3 bucket acl so that one user's bucket is visible to > another. > > > I can create a bucket, objects in it and give another user access to it. > But another user does not see this bucket in the list of available buckets. > > > ## User1 > > ``` > s3cmd -c s3cfg_user1 ls s3:// > > 2018-04-28 07:50 s3://example1 > > #set ACL > s3cmd -c s3cfg_user1 setacl --acl-grant=all:user2 s3://example1 > s3://example1/: ACL updated > > # Check > s3cmd -c s3cfg_user1 info s3://example1 > s3://example1/ (bucket): > Location: us-east-1 > Payer: BucketOwner > Expiration Rule: none > Policy: none > CORS: none > ACL: User1: FULL_CONTROL > ACL: User2: FULL_CONTROL > > # Put some data > s3cmd -c s3cfg_user1 put /tmp/dmesg s3://example1 > upload: '/tmp/dmesg' -> 's3://example1/dmesg' [1 of 1] > 5305 of 5305 100% in 0s 27.28 kB/s done > > #set ACL > s3cmd -c s3cfg_user1 setacl --acl-grant=all:bondarenko s3://example1/dmesg > s3://example1/dmesg: ACL updated > > ``` > > ## User2 > ``` > s3cmd -c ~/.s3cfg_user2 ls s3:// > 2018-04-27 14:23 s3://only_itself_dir > > # Check info > s3cmd -c ~/.s3cfg_user2 info s3://example1 > ERROR: Access to bucket 'example1' was denied > ERROR: S3 error: 403 (AccessDenied) > > # ls bucket > s3cmd -c ~/.s3cfg_user2 ls s3://example1 > 2018-04-28 07:58 5305 s3://example1/dmesg > > #Get info > s3cmd -c ~/.s3cfg_user2 info s3://example1/dmesg > s3://example1/dmesg (object): > File size: 5305 > Last mod: Sat, 28 Apr 2018 07:58:03 GMT > MIME type: text/plain > Storage: STANDARD > MD5 sum: 47ddc4780956cb55abe27e851aa02cfa > SSE: none > Policy: none > ERROR: Access to bucket 'example1' was denied > ERROR: S3 error: 403 (AccessDenied) > > #Get object > s3cmd -c ~/.s3cfg_user2 get s3://example1/dmesg /tmp/test > download: 's3://example1/dmesg' -> '/tmp/test' [1 of 1] > 5305 of 5305 100% in 0s 160.54 kB/s done > > #Put some oject to bucket > s3cmd -c ~/.s3cfg_user2 put /tmp/dmesg2 s3://example1/dmesg2 > upload: '/tmp/dmesg2' -> 's3://example1/dmesg2' [1 of 1] > 38136 of 38136 100% in 0s 455.18 kB/s done > ``` > > Best regards, > > Ilya > > > _______________________________________________ > ceph-users mailing list > ceph-users@lists.ceph.com > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com > _______________________________________________ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com _______________________________________________ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
