>On 02/17/2017 06:25 PM,
Vincent Godin wrote:
>> I created 2 users : jack & bob inside a tenant_A
>> jack created a bucket named BUCKET_A and want to give read access to
the
>> user bob
>>
>> with s3cmd, i can grant a user without tenant easylly: s3cmd setacl
>> --acl-grant=read:user s3://BUCKET_A
>>
>> but with an explicit tenant, i tried :
>> --acl-grant=read:bob
>> --acl-grant=read:tenant_A$bob
>> --acl-grant=read:tenant_A\$bob
>> --acl-grant=read:"tenant_A:bob"
>>
>> each time, i got a s3 error : 400 (invalidArgument)
>>
>> Does someone know the solution ?
>
>Have you tried using email-address instead of tenant:UID?
I found this solution (but you’re right, it should work with email) :
s3cmd setacl s3://BUCKET_A --acl-grant=read:tenant_a\$bob
But i had to rename "tenant_A" in "tenant_a" because s3cmd convert all uppercases in lowercases before sending the request (why ???). In case of AWS there is no impact because user are case insensitive but for Radosgw it’s just blocking
So tenant and user have to be declared in radosgw in lowercase if you want to use such a product like s3cmd
_______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
