On 03/11/2017, Simon Leinen wrote: [snip] > Is this supported by the Luminous version of RadosGW? Yes! There's a few bugfixes in master that are making their way into Luminous, but Luminous has all the features at present. > (Or even Jewel?) No! > Does this work with Keystone integration, i.e. can we refer to Keystone > users as principals? In principle probably. I haven't tried it and I don't really know much about Keystone at present. It is hooked into the various IdentityApplier classes and if RGW thinks a Keystone user is a 'user' and you supply whatever RGW thinks its username is, then it should work fine. I haven't tried it, though. > Let's say there are many read-only users rather than just one. Would we > simply add a new clause under "Statement" for each such user, or is > there a better way? (I understand that RadosGW doesn't support groups, > which could solve this elegantly and efficiently.) If you want to give a large number of users the same permissions, just put them all in the Principal array. -- Senior Software Engineer Red Hat Storage, Ann Arbor, MI, US IRC: Aemerson@OFTC, Actinic@Freenode 0x80F7544B90EDBFB9 E707 86BA 0C1B 62CC 152C 7C12 80F7 544B 90ED BFB9 _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
 |