On Mon, 9 Nov 2015 21:36:47 -0800 Yehuda Sadeh-Weinraub <yehuda@xxxxxxxxxx> wrote: > In the supported domains configuration, we can specify for each domain > whether a subdomain for it would be a bucket (as it is now), or > whether it would be a tenant (which implies the possibility of > bucket.tenant). This only affects the global (a.k.a the "empty") > tenant. > > E.g., we can have two domains: > > legacy-foo.com > new-foo.com > > We'd specify that legacy-foo.com is a global tenant endpoint. In which > case, when accessing buck.legacy-foo.com, it will access the global > tenant, and bucket=buck. > Whereas, new-foo.com isn't a global tenant endpoint, in which case, if > we'd access buck.new-foo.com, it will mean that we accessed the 'buck' > tenant. I think I found another issue with this. Suppose we want a client authenticated under an explicit tenant accessing a legacy bucket. The only way for it to work is for it to use a different endpoint (in your example above it's legacy-foo.com). The client cannot use buck.new-foo.com syntax, as mentioned. So, there's a certain asymmetry built into the system. Oddly enough, the X-amz-copy-source: syntax always includes bucket, and tenant:bucket syntax is recognized there, so miraclously we're good there. -- Pete -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
