On Wed, Jan 27, 2016 at 4:18 PM, seapasulli@xxxxxxxxxxxx <seapasulli@xxxxxxxxxxxx> wrote: > if you set a RGW user to have abucket quota of 0 buckets you can still > create buckets. The only way I have found to prevent a user from being able > to create buckets is to set the op_mask to read. 1.) it looks like > bucket_policy is not enforced when you have it set to anything below 1. It > looks like the only way to prevent a user from creating buckets is to set > the op_mask but this is not documented. How would I set the op_mask via the > radosgw admin api? I keep getting a 200 success code but the op_mask of the > user stays the same. > > relavent pastebins: > http://pastebin.com/Rbzdy52c -- shows user info with bucket quota set but > shows ability to create buckets. > http://pastebin.com/J9K3dgdF -- shows inability to set op_mask from admin > api (that or I don't know how) > > > 1.) does anyone know how to set the op_mask via the admin api? 2.) why can I > create what seems like an infinite amount of buckets when my bucket quota is > set to 0 objects and 0 size? Shouldn't it be enforced for anything above -1? That's not bucket quota, that's the user's max_buckets param. When this value is set to '0' it means the user has no limit on the number of the buckets. Sadly due to backward compatibility issue, having 0 mean something else is a bit problematic. We can probably add a new bool param that will specify whether bucket creation is allowed at all. Yehuda _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
 |