On Tue, May 15, 2018 at 6:27 AM, Jorge Pinilla López <jorpilo@xxxxxxxxx> wrote: > Hey, I would like to know if there is any way on luminous to set > imagen-level permissions per user instead of pool-level. If I only have > pool level, then I could have 1 not-secured pool with clients accession > any rbd or hundreds of little pools which are a mess. If you search the mailing list, there are some examples of per-image caps where a user is only granted access to "rbd_header.XYZ", "rbd_data.XYZ", and "rbd_id.IMAGENAME" objects using the object_prefix restriction (requires v2 image format -- as you should already be using). It's not really a scalable solution given the manual nature of generating the caps and the linear search nature in which objects are validated against a user's caps. > I have read than previously some people used object_prefix to allow the > user only to read and write the imagen objects, is that still possible? > > On the official master documentation about users permissions, namespaces > are mention but not object_prefix, I have also seen that namespaces on > rbd is a future feature, what is the current status of the feature?, is > there any release date or version? > > Until namespaces feature is implemented on rbd, I would like to know if > there is any work-around to achive the same functionality. Adding support for namespaces to librbd/krbd is currently one of our high-priority items for the next release (Nautilus). > Thanks > Jorge Pinilla López > > > _______________________________________________ > ceph-users mailing list > ceph-users@xxxxxxxxxxxxxx > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com -- Jason _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
 |