Re: [ceph-users] Bucket policies in Luminous

2017-07-27 Thread Graham Allan
On 07/21/2017 02:23 AM, Pritha Srivastava wrote: - Original Message - From: "Pritha Srivastava" - Original Message - From: "Graham Allan" I'm a bit surprised that allowing "s3:GetObject" doesn't seem to permit reading the same object back out again. Even using a wildcard

Re: [ceph-users] Bucket policies in Luminous

2017-07-21 Thread Pritha Srivastava
- Original Message - > From: "Pritha Srivastava" > To: "Graham Allan" > Cc: "Adam C. Emerson" , "Ceph Users" > > Sent: Friday, July 21, 2017 10:27:33 AM > Subject: Re: [ceph-users] Bucket policies in Luminous > >

Re: [ceph-users] Bucket policies in Luminous

2017-07-20 Thread Pritha Srivastava
- Original Message - > From: "Graham Allan" > To: "Pritha Srivastava" , "Adam C. Emerson" > > Cc: "Ceph Users" > Sent: Friday, July 21, 2017 3:17:02 AM > Subject: Re: [ceph-users] Bucket policies in Luminous > > Hm

Re: [ceph-users] Bucket policies in Luminous

2017-07-20 Thread Graham Allan
icy s3policy s3://gta ERROR: S3 error: 400 (InvalidArgument) I have "debug rgw = 20" but nothing revealing in the logs. Do you see anything obviously wrong in my policy file? Thanks, Graham On 07/12/2017 11:27 PM, Pritha Srivastava wrote: ----- Original Message - From: "Adam C.

Re: [ceph-users] Bucket policies in Luminous

2017-07-17 Thread Graham Allan
07/12/2017 11:27 PM, Pritha Srivastava wrote: ----- Original Message - From: "Adam C. Emerson" To: "Graham Allan" Cc: "Ceph Users" Sent: Thursday, July 13, 2017 1:23:27 AM Subject: Re: [ceph-users] Bucket policies in Luminous Graham Allan Wrote: I thought I&

Re: [ceph-users] Bucket policies in Luminous

2017-07-12 Thread Pritha Srivastava
- Original Message - > From: "Adam C. Emerson" > To: "Graham Allan" > Cc: "Ceph Users" > Sent: Thursday, July 13, 2017 1:23:27 AM > Subject: Re: [ceph-users] Bucket policies in Luminous > > Graham Allan Wrote: > > I thought

Re: [ceph-users] Bucket policies in Luminous

2017-07-12 Thread Graham Allan
I'm not sure if it is the blank tenant - I should have thought to try before writing, but I added a new user which does have a tenancy, but get the same issue. policy: { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::lemming:

Re: [ceph-users] Bucket policies in Luminous

2017-07-12 Thread Adam C. Emerson
Graham Allan Wrote: > I thought I'd try out the new bucket policy support in Luminous. My goal > was simply to permit access on a bucket to another user. [snip] > Thanks for any ideas, It's probably the 'blank' tenant. I'll make up a test case to exercise this and come up with a patch for it. Sorr

[ceph-users] Bucket policies in Luminous

2017-07-12 Thread Graham Allan
I thought I'd try out the new bucket policy support in Luminous. My goal was simply to permit access on a bucket to another user. I have 2 users, "gta" and "gta2", both of which are in the default ("") tenant. "gta" also owns the bucket named "gta". I want to grant access on this bucket to use