We are starting to test out Ceph RGW and have run into a small issue with the aws-cli that amazon publishes. We have a set of developers who use the aws-cli heavily and it seems that this tool does not work with Ceph RGW tenancy.
Given user = test01$test01 with bucket buck01
Given user = test02$test02 with bucket buck02
I modify the default bucket acls such that test01$test01 has access to buck02 and test02$test02 has access to buck
Does anyone know how to use the aws-cli such that a user can access buckets in another tenant. I can not find any incarnation use “aws s3” or “aws s3api” that lets me use the colon: identifier to specify a tenant namespace for the bucket.
I have tried using an arn specifier for the bucket name but I keep getting the below error message. The arn I am trying is “arn:aws:s3::tenant:bucket'
Parameter validation failed:
Invalid bucket name "arn:aws:s3:::devops": Bucket name must match the regex "^[a-zA-Z0-9.\-_]{1,255}$" or be an ARN matching the regex "^arn:(aws).*:(s3|s3-object-lambda):[a-z\-0-9]*:[0-9]{12}:accesspoint[/:][a-zA-Z0-9\-.]{1,63}$|^arn:(aws).*:s3-outposts:[a-z\-0-9]+:[0-9]{12}:outpost[/:][a-zA-Z0-9\-]{1,63}[/:]accesspoint[/:][a-zA-Z0-9\-]{1,63}$"
Thanks!
--
Mark Selby
Sr Linux Administrator, The Voleon Group
mselby@xxxxxxxxxx
This email is subject to important conditions and disclosures that are listed on this web page: https://voleon.com/disclaimer/.
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx
