Hi everyone,
I wonder if this is intentional: when I create a new Swift key for an
existing subuser, which has previously been assigned "full control"
permissions, those permissions appear to get lost upon key creation.
# radosgw-admin subuser create --uid=johndoe --subuser=johndoe:swift
--access=full
{ "user_id": "johndoe",
"rados_uid": 0,
"display_name": "John Doe",
"email": "john@xxxxxxxxxxx",
"suspended": 0,
"subusers": [
{ "id": "johndoe:swift",
"permissions": "full-control"}],
"keys": [
{ "user": "johndoe",
"access_key": "QFAMEDSJP5DEKJO0DDXY",
"secret_key": "iaSFLDVvDdQt6lkNzHyW4fPLZugBAI1g17LO0+87"}],
"swift_keys": []}
Note "permissions": "full-control"
# radosgw-admin key create --subuser=johndoe:swift --key-type=swift
{ "user_id": "johndoe",
"rados_uid": 0,
"display_name": "John Doe",
"email": "john@xxxxxxxxxxx",
"suspended": 0,
"subusers": [
{ "id": "johndoe:swift",
"permissions": "<none>"}],
"keys": [
{ "user": "johndoe",
"access_key": "QFAMEDSJP5DEKJO0DDXY",
"secret_key": "iaSFLDVvDdQt6lkNzHyW4fPLZugBAI1g17LO0+87"}],
"swift_keys": [
{ "user": "johndoe:swift",
"secret_key": "E9T2rUZNu2gxUjcwUBO8n\/Ev4KX6\/GprEuH4qhu1"}]}
Note that while there is now a key, the permissions are gone. Is this
meant to be a security feature of sorts, or is this a bug? "subuser
modify" can obviously restore the permissions, but it seems to be less
than desirable to have to do that.
Cheers,
Florian
--
To unsubscribe from this list: send the line "unsubscribe ceph-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
