On Mon, Oct 9, 2023 at 9:16 AM Gilles Mocellin <gilles.mocellin@xxxxxxxxxxxxxx> wrote: > > Hello Cephers, > > I was using Ceph with OpenStack, and users could add, remove credentials > with `openstack ec2 credentials` commands. > But, we are moving our Object Storage service to a new cluster, and > didn't want to tie it with OpenStack. > > Is there a way to have a bit of self service for Rados Gateway, at leas > for creating, deleting, changing S3 keys ? > > It does not seem to be part of S3 APIs. right, user/role/key management is part of the IAM service in AWS, not S3. IAM exposes APIs like https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateAccessKey.html, etc radosgw supports some of the IAM APIs related to roles and role/user policy, but not the ones for self-service user/key management. i'd love to add those eventually once we have an s3 'account' feature to base them on, but development there has been slow (https://github.com/ceph/ceph/pull/46373 tracks the most recent progress) i'd agree that the radosgw admin APIs aren't a great fit because they're targeted at admins, rather than delegating self-service features to end users > It's certainly doable with Ceph RGW admin API, but with which tool that > a standard user can use ? > > The Ceph Dashboard does not seem a good idea. Roles are global, nothing > that can be scoped to a tenant. > > Some S3 browsers exist (https://github.com/nimbis/s3commander), but > never with some management like changing S3 keys. > Certainly because it's not in the "standard" S3 API. > > Perhaps Ceph can provide a client-side dashboard, which can be exposed > externally, aside the actual admin dashboard, which will stay inside ? > > Regards, > -- > Gilles > _______________________________________________ > ceph-users mailing list -- ceph-users@xxxxxxx > To unsubscribe send an email to ceph-users-leave@xxxxxxx > _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx
 |