Re: No Authentication/Authorization for creating topics on RGW?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Ulrich,
You are correct, there is no specific authorization needed for creating
topics. User authentication is done as with any other REST call, but there
are no restrictions and any user can create a topic.
Would probably make sense to limit that ability. Would appreciate if you
could open a tracker for that.

Thanks,

Yuval


On Mon, Dec 5, 2022 at 2:26 PM Ulrich Klein <Ulrich.Klein@xxxxxxxxxxxxxx>
wrote:

> Hi,
>
> I'm experimenting with notifications for S3 buckets.
> I got it working with notifications to HTTP(S) endpoints.
>
> What I did:
>
> Create a topic:
> # cat create_topic.data
> Action=CreateTopic
> &Name=topictest2
> &Attributes.entry.1.key=verify-ssl&Attributes.entry.1.value=false
> &Attributes.entry.2.key=use-ssl&Attributes.entry.2.value=false
> &Attributes.entry.3.key=OpaqueData&Attributes.entry.3.value=Hallodrio
> &Attributes.entry.4.key=push-endpoint&Attributes.entry.4.value=
> http://helper.example.com/cgi-bin/topictest
> &Attributes.entry.5.key=persistent&Attributes.entry.5.value=false
> &Attributes.entry.6.key=cloudevents&Attributes.entry.6.value=false
> <http://helper.example.com/cgi-bin/topictest&Attributes.entry.5.key=persistent&Attributes.entry.5.value=false&Attributes.entry.6.key=cloudevents&Attributes.entry.6.value=false>
>
> # curl --request POST 'https://rgw.example.com' --data @create_topic.data
> <CreateTopicResponse xmlns="https://sns.amazonaws.com/doc/2010-03-31/
> "><CreateTopicResult><TopicArn>arn:aws:sns:example::topictest2</TopicArn></CreateTopicResult><ResponseMetadata><RequestId>f0904533-f4ed-4d60-886c-4125fcbed97b.4944109.3169009808426767767</RequestId></ResponseMetadata></CreateTopicResponse>
>
>
> And then created a notification for some user, which I received ok via
> http.
>
>
> What I'm wondering:
> There was no authentication/authorization necessary at all to create the
> topic??
> Is that normal? Any <...> could create a million topics that way.
>
> Is there a way to prevent that from happening? I haven't found one in the
> docs.
>
> I guess - being new to the topic of notifications - that I'm missing
> something obvious?
>
> Ciao, Uli
> _______________________________________________
> ceph-users mailing list -- ceph-users@xxxxxxx
> To unsubscribe send an email to ceph-users-leave@xxxxxxx
>
>
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx
[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]

  Powered by Linux