Hi Seena, As I wrote in a comment on your PR, my current intuition is that what you're doing here isn't consistent with the original intent of the OPA integration we currently have, nor with the OPA model in general. That said, I'd really like some feedback from OPA architects, CC'd. regards, Matt On Thu, Jan 16, 2020 at 5:04 AM Seena Fallah <seenafallah@xxxxxxxxx> wrote: > > Hi all. In OPA integration from Ceph there is no integration for bucket policy. > When user is setting bucket policy to his/her bucket the OPA server won't get who get's access to that bucket so after that if the request is coming from the user (that gets access to that bucket via bucket policy) to access that bucket (PUT, GET,...), OPA will reject that because of no data in database. > I have create a pull request for this problem so if user creates a bucket policy for his/her bucket, the policy data will send to OPA server to be update on the database. > I think the main idea of having OPA is to have all authorization in OPA and Ceph don't authorize any request by it self. > Here is the pull request and I would be thankful to hear about your comments. > https://github.com/ceph/ceph/pull/32294 > Thanks. > _______________________________________________ > Dev mailing list -- dev@xxxxxxx > To unsubscribe send an email to dev-leave@xxxxxxx -- Matt Benjamin Red Hat, Inc. 315 West Huron Street, Suite 140A Ann Arbor, Michigan 48103 http://www.redhat.com/en/technologies/storage tel. 734-821-5101 fax. 734-769-8938 cel. 734-216-5309 _______________________________________________ Dev mailing list -- dev@xxxxxxx To unsubscribe send an email to dev-leave@xxxxxxx