Hi all
Scenario is as follows
Federated user assumes a role via AssumeRoleWithWebIdentity, which gives
permission to create a bucket.
User creates a bucket and becomes an owner (this is visible in Ceph's web
ui as Owner $oidc$7f71c7c5-c24f-418e-87ac-aa8fe271289b).
User cannot list the content of the bucket however, because role's policy
does not give access to the bucket.
Later on when user re-authenticates and assumes the same role again.
At this point user cannot access a bucket it owns for the reason as above
I'm assuming.
Bucket's ACL after creation
radosgw-admin policy --bucket my-bucket
{
"acl": {
"acl_user_map": [
{
"user": "$oidc$7f71c7c5-c24f-418e-87ac-aa8fe271289b",
"acl": 15
}
],
"acl_group_map": [],
"grant_map": [
{
"id": "$oidc$7f71c7c5-c24f-418e-87ac-aa8fe271289b",
"grant": {
"type": {
"type": 0
},
"id": "$oidc$7f71c7c5-c24f-418e-87ac-aa8fe271289b",
"email": "",
"permission": {
"flags": 15
},
"name": "",
"group": 0,
"url_spec": ""
}
}
]
},
"owner": {
"id": "$oidc$7f71c7c5-c24f-418e-87ac-aa8fe271289b",
"display_name": ""
}
}
This seems inconsistent with buckets created by regular users
Is this expected behaviour?
Regards
Daniel
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx
