thanks Giada, i see that you created https://tracker.ceph.com/issues/64547 for this unfortunately, this topic metadata doesn't really have a permission model at all. topics are shared across the entire tenant, and all users have access to read/overwrite those topics a lot of work was done for https://tracker.ceph.com/issues/62727 to add topic ownership and permission policy, and those changes will be in the squid release i've cc'ed Yuval and Krunal who worked on that - could these changes be reasonably backported to quincy and reef? On Fri, Feb 23, 2024 at 9:59 AM Giada Malatesta <giada.malatesta@xxxxxxxxxxxx> wrote: > > Hello everyone, > > we are facing a problem regarding the topic operations to send > notification, particularly when using amqp protocol. > > We are using Ceph version 18.2.1. We have created a topic by giving as > attributes all needed information and so the push-endpoint (in our case > a rabbit endpoint that is used to collect notification messages). Then > we have configured all the buckets in our cluster Ceph so that it is > possible to send notification when some changes occur. > > The problem regards particularly the list_topic operation: we noticed > that any authenticated user is able to get a full list of the created > topics and with them to get all the information, including endpoint, > and so username and password and IP and port, when using the > boto3.set_stream_logger(), which is not good for our goal since we do > not want the users to know implementation details. > > There is the possibility to solve this problem? Any help would be useful. > > Thanks and best regards. > > GM. > _______________________________________________ > ceph-users mailing list -- ceph-users@xxxxxxx > To unsubscribe send an email to ceph-users-leave@xxxxxxx _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx
 |