> > this looks like a bug, the topic should be created in the right tenant. > please submit a tracker for that. > Thank you for confirming. Created here https://tracker.ceph.com/issues/51331 > yes. topics are owned by the tenant. previously, they were owned by the > user but since the same topic could be used among different buckets and > different users, this was causing issues (was fixed here: > https://github.com/ceph/ceph/pull/38136) > (documentation also mentioned that in the intro paragraph of the doc: > https://docs.ceph.com/en/latest/radosgw/notifications/) > I think it's this section ``` A user can create different topics. A topic entity is defined by its name and is per tenant. A user can only associate its topics (via notification configuration) with buckets it owns. ``` > no permissions are needed to create a topic. however, note that without > proper permissions on the bucket, you cannot create a notification that > associates this topic with the bucket. > Yes, I thought it would be similar to AWS, possibly not implemented/needed so far: https://docs.aws.amazon.com/sns/latest/dg/sns-using-identity-based-policies.html https://docs.aws.amazon.com/config/latest/developerguide/sns-topic-policy.html ``` { "Statement": [{ "Effect": "Allow", "Action": ["sns:CreateTopic", "sns:ListTopics", "sns:SetTopicAttributes", "sns:DeleteTopic"], "Resource": "*" }] } ``` Not having that sns:CreateTopic sns:DeleteTopic leaves room for abuse. User could potentially create many topics, delete all topics from tenant(s) maliciously or by accident (bugs) etc. On a deletion note, if I understand correctly, deletion of the topic without deletion of all notifications first creates the situation where notifications can no longer be deleted due to the topic missing. The only option is to re-create the topic and delete notifications first. Btw I enjoyed your FOSDEM presentation https://fosdem.org/2021/schedule/event/sds_ceph_rgw_serverless/ Any timeframe for native SQS coming to Ceph? Regards Daniel _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx
 |