On 05/30/2018 10:18 AM, Volker Theile wrote:
I've enhanced the RGW Admin OPS API to get the metadata of the user without using the URL /admin/metadata/user?key=<username>, instead the URL /admin/metadata/user?myself will return the metadata of the user that is used to sign the request. You're asking what this is good for? In the Dashboard it is necessary to check if a RGW user that is going to be deleted is not the user account that is used to access the RGW Admin OPS API (see feature https://tracker.ceph.com/issues/24335). The problem is that the Dashboard only knows about the access/secret key of the administration account. With the above feature it is easy to retrieve the user name of the administration account by requesting the metadata via /admin/metadata/user?myself. You can find the already working implementation at https://github.com/votdev/ceph/commit/581374fb22734ba3fd904407210add6351df59cd. Is this a good approach or can this be done better? Feel free to comment this email. Volker
That looks reasonable enough to me. If the mgr/dashboard is the one creating this user, maybe it would be easier to store its user id along with the access/secret keys?
Casey -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
