Adam C Emerson writes: > On 03/11/2017, Simon Leinen wrote: > [snip] >> Is this supported by the Luminous version of RadosGW? > Yes! There's a few bugfixes in master that are making their way into > Luminous, but Luminous has all the features at present. Does that mean it should basically work in 10.2.1? >> (Or even Jewel?) > No! I see; this will definitely motivate us to speed up our Luminous upgrade! >> Does this work with Keystone integration, i.e. can we refer to Keystone >> users as principals? > In principle probably. I haven't tried it and I don't really know > much about Keystone at present. It is hooked into the various > IdentityApplier classes and if RGW thinks a Keystone user is a > 'user' and you supply whatever RGW thinks its username is, then it > should work fine. I haven't tried it, though. Unless someone beats us to it, we'll try as soon as we have our cluster (with Keystone integration) in Luminous. >> Let's say there are many read-only users rather than just one. Would we >> simply add a new clause under "Statement" for each such user, or is >> there a better way? (I understand that RadosGW doesn't support groups, >> which could solve this elegantly and efficiently.) > If you want to give a large number of users the same permissions, just > put them all in the Principal array. Right, thanks for the tip! That makes it more compact. For our use case it won't be hundreds of users, I guess, more like dozens at most. -- Simon. _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
 |