rgw: notes on 'bucket chown'

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

use case: transfer the use of an existing bucket to a different user/tenant

the existing tool for this is 'bucket link':
$ radosgw-admin bucket link --bucket=b --uid=u [--tenant=t]
- makes bucket visible in new user/tenant's namespace
- and changes bucket acl's owner
- and unlinks it from the previous owner's namespace
however, the new bucket owner doesn't gain access to the objects because all of the object acls still point at the old owner. to address this, we propose a new command 'bucket chown' that rewrites the owner of all object acls in the bucket
this 'brute force' method of modifying every object is expensive, especially for buckets with millions of objects. this comes with some potential issues: 
- if the command may take hours/days, how do we report on progress?
- if interrupted, can we resume from a previous position?
- how do we pick the right owner for objects uploaded in the middle of 'bucket chown'?
as an optimization, we propose a new indirection for object acls, ie object owner={bucket-owner} such that the effective object owner=jerry when bucket's owner=jerry. for buckets that use this indirection, 'bucket chown' would only need to update the bucket acl owner to grant access to all of its objects. however, we can only take advantage of this optimization if we know that: - the bucket was created after the {bucket-owner} abstraction was added - ie all uploaded objects used owner={bucket-owner} where possible, or - the bucket has completed a previous brute-force chown to use {bucket-owner} 

to implement the acl owner indirection:
- extend ACLOwner so that it can represent/encode/decode this special {bucket-owner} value - when the bucket owner uploads an object, set its object acl to {bucket-owner} - when evaluating an object acl, owner={bucket-owner} redirects to req_state::bucket_owner
we probably also need to extend the RGWBucketFlags stored in the bucket instance to track whether or not 'bucket chown' needs to use the brute force strategy 


future work for 'bucket link'? (out of scope)
-allow a bucket to be linked into the namespaces of several users/tenants
-ie make 'bucket link/unlink' only responsible for -visibility- of buckets, and leave the permissions to 'bucket chown' -you could then use bucket policy to grant access to users/roles instead of relying on individual acl owner/grants
[Index of Archives]     [CEPH Users]     [Ceph Large]     [Information on CEPH]     [Linux BTRFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux