RGW topic created in wrong (default) tenant

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi

I'm using Ceph Pacific 16.2.1

I'm creating a topic as a user which belongs to a non-default tenant.
I'm using AWS CLI 2 with v3 authentication enabled

aws --profile=ceph-myprofile --endpoint=$HOST_S3_API --region="" sns
create-topic --name=fishtopic --attributes='{"push-endpoint": "
http://my-ceph-source-svc.default.svc.cluster.local"}'
{
    "TopicArn": "arn:aws:sns:default::fishtopic"
}

topic is created in default tenant though.
User can list topics but see topics from the default tenant.

aws --profile=ceph-myprofile --endpoint=$HOST_S3_API --region="" sns
list-topics
{
    "Topics": [
        {
            "TopicArn": "arn:aws:sns:default::fishtopic"
        }
    ]
}

Topic is in default tenant

# radosgw-admin topic list --uid none
{
    "topics": [
        {
            "topic": {
                "user": "",
                "name": "fishtopic",
                "dest": {
                    "bucket_name": "",
                    "oid_prefix": "",
                    "push_endpoint": "
http://my-ceph-source-svc.default.svc.cluster.local";,
                    "push_endpoint_args":
"Attributes.entry.1.key=push-endpoint&Attributes.entry.1.value=
http://my-ceph-source-svc.default.svc.cluster.local
&Version=2010-03-31&push-endpoint=
http://my-ceph-source-svc.default.svc.cluster.local";,
                    "push_endpoint_topic": "fishtopic",
                    "stored_secret": "false",
                    "persistent": "false"
                },
                "arn": "arn:aws:sns:default::fishtopic",
                "opaqueData": ""
            },
            "subs": []
        }
    ]
}


When I create a topic over HTTP with a federated user, the topic is created
in the correct (user's) tenant.
For some reason the "user" below is "marvel", which is actually the name of
the tenant.
Possibly the topic is not owned by the user but rather the tenant.

radosgw-admin topic list --tenant marvel --uid none
{
    "topics": [
        {
            "topic": {
                "user": "marvel",
                "name": "MyTopic",
                "dest": {
                    "bucket_name": "",
                    "oid_prefix": "",
                    "push_endpoint": "amqp://127.0.0.1",
                    "push_endpoint_args":
"amqp-exchange=rgw-exchange&push-endpoint=amqp://127.0.0.1
&use-ssl=false&verify-ssl=false",
                    "push_endpoint_topic": "MyTopic",
                    "stored_secret": "false",
                    "persistent": "false"
                },
                "arn": "arn:aws:sns:default:marvel:MyTopic",
                "opaqueData": ""
            },
            "subs": []
        }
    ]
}

Also, what permissions are checked when creating a topic?
It seems so far I can create a topic without granting any special
permissions?

Regards
Daniel
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx
[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]

  Powered by Linux