Re: bucket owner vs S3 ACL?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Valery,

With the old account did you try to give FULL access to the new one user ID ?

Process should be :
>From OLD account add FULL access to NEW account (S3 ACL with CloudBerry for example) 
With radosgw admin update link from OLD account to NEW account (link allow user to see bucket with bucket list command)
>From NEW account remove FULL access to old account (S3 ACL with CloudBerry for example)

Thanks


> On Jun 29, 2015, at 11:46 AM, Valery Tschopp <valery.tschopp@xxxxxxxxx> wrote:
> 
> Hi guys,
> 
> We use the radosgw (v0.80.9) with the Openstack Keystone integration.
> 
> One project have been deleted, so now I have to transfer the ownership of all the buckets to another user/project.
> 
> Using radosgw-admin I have changed the owner:
> 
> radosgw-admin bucket link --uid <NEW_USER_ID> --bucket <BUCKET_NAME>
> 
> And the owner have been update:
> 
> radosgw-admin bucket stats --bucket <BUCKET_NAME>
> 
> { "bucket": "<BUCKET_NAME>",
>  "pool": ".rgw.buckets",
>  "index_pool": ".rgw.buckets.index",
>  "id": "default.4063334.17",
>  "marker": "default.4063334.17",
>  "owner": "<NEW_USER_ID>",
>  "ver": 66301,
>  "master_ver": 0,
>  "mtime": 1435583681,
>  "max_marker": "",
>  "usage": { "rgw.main": { "size_kb": 189433890,
>          "size_kb_actual": 189473684,
>          "num_objects": 19043},
>      "rgw.multimeta": { "size_kb": 0,
>          "size_kb_actual": 0,
>          "num_objects": 0}},
>  "bucket_quota": { "enabled": false,
>      "max_size_kb": -1,
>      "max_objects": -1}
> }
> 
> But the S3 ACL of this bucket is still referencing the old user/project (from radosgw.log) when I try to access it with the new owner:
> 
> 2015-06-29 17:08:33.236265 7f40d8a76700 15 Read AccessControlPolicy<AccessControlPolicy xmlns="http://s3.amazonaws.com/doc/2006-03-01/";><Owner><ID>OLD_USER_ID</ID><DisplayName>OLD_PROJECT_NAME</DisplayName></Owner><AccessControlList><Grant><Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:type="CanonicalUser"><ID>OLD_USER_ID</ID><DisplayName>OLD_PROJECT_NAME</DisplayName></Grantee><Permission>FULL_CONTROL</Permission></Grant></AccessControlList></AccessControlPolicy>
> 
> 
> Therefore I get a 403, because the S3 ACL still enforce the old owner, not the new one.
> 
> How can I update these S3 ACL, and fully transfer the ownership to the new owner/project???
> 
> Cheers,
> Valery
> 
> 
> 
> -- 
> SWITCH
> --------------------------
> Valery Tschopp, Software Engineer, Peta Solutions
> Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
> email: valery.tschopp@xxxxxxxxx phone: +41 44 268 1544
> 
> 
> _______________________________________________
> ceph-users mailing list
> ceph-users@xxxxxxxxxxxxxx
> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com

_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com



[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]


  Powered by Linux