to avoid fetching information for all buckets and
filtering in the application layer.
Looks like --tenant in CLI would be ideal, but at the moment it expects
--uid also be provided.
Is there any way to achieve that at the moment?
I'm on Ceph 16.2.7
Regards
Daniel Iwan
d, Jun 23, 2021 at 11:58 AM Daniel Iwan
> wrote:
>
>> Hi Yuval
>>
>> Thank you very much for the link
>> This gave me some useful info from
>> https://github.com/ceph/ceph/tree/master/examples/boto3#aws-cli
>>
>> Regards
>> Daniel
>>
>
Thanks for clarification
> according to what i tested, this is not the case. deletion of a topic only
> prevents the creation of new notifications with that topic.
> it does not effect the deletion of notifications with that topic, not the
> actual sending of these notifications.
>
> note that
>
> this looks like a bug, the topic should be created in the right tenant.
> please submit a tracker for that.
>
Thank you for confirming.
Created here https://tracker.ceph.com/issues/51331
> yes. topics are owned by the tenant. previously, they were owned by the
> user but since the same
Hi
I'm using Ceph Pacific 16.2.1
I'm creating a topic as a user which belongs to a non-default tenant.
I'm using AWS CLI 2 with v3 authentication enabled
aws --profile=ceph-myprofile --endpoint=$HOST_S3_API --region="" sns
create-topic --name=fishtopic --attributes='{"push-endpoint": "
topic management.
> (tracked here: https://tracker.ceph.com/issues/50039)
> It should be fixed soon but may take some time before it is backported to
> Pacific (will keep the list posted).
>
> Best Regards,
>
> Yuval
>
>
> On Tue, Jun 22, 2021 at 7:18 PM Daniel Iwan wrote:
Hi
I'm on Pacific 16.2.1
Documentation states that topic operations should be created using
REST with application/x-www-form-urlencoded
See
https://docs.ceph.com/en/latest/radosgw/notifications/#topics
However when attempting to create one using Postman (auth v4) operation
fails.
racker issue for the same, and I'll fix it when I can.
>
> Thanks,
> Pritha
>
> On Thu, Jun 10, 2021 at 5:09 PM Daniel Iwan wrote:
>
>> Hi Pritha
>>
>> y answers inline.
>> Forgot to add I'm on Ceph 1.2.1
>>
>>
>>> How did you check whet
Hi Pritha
y answers inline.
Forgot to add I'm on Ceph 1.2.1
> How did you check whether the role was created in tenant1 or tenant2?
> It shouldn't be created in tenant2, if it is, then it's a bug, please open
> a tracker issue for it.
>
I checked that with
radosgw-admin role list --tenant
Hi
It seems that with command like this
aws --profile=my-user-tenant1 --endpoint=$HOST_S3_API --region="" iam
create-role --role-name="tenant2\$TemporaryRole"
--assume-role-policy-document file://json/trust-policy-assume-role.json
I can create a role in another tenant.
Executing user have
ps://github.com/ceph/ceph/pull/41288
>
> Daniel
>
> On 5/12/21 7:00 AM, Daniel Iwan wrote:
> > Hi
> > I have started to see segfaults during multiplart upload to one of the
> > buckets
> > File is about 60MB in size
> > Upload of the same file to a brand n
Thanks, that explains it.
This is in combination with permissions given via bucket policies of course?
Daniel
___
ceph-users mailing list -- ceph-users@ceph.io
To unsubscribe send an email to ceph-users-le...@ceph.io
> separator for a tenant which is empty here, and ARN for a user is of the
> format: arn:aws:iam:::user/, and hence the ARN here will
> be arn:aws:iam:::user/oidc$7f71c7c5-c24f-418e-87ac-aa8fe271289b
> Thanks,
> Pritha
>
> On Wed, May 12, 2021 at 4:02 PM Daniel Iwan wrote:
&
Hi
I have started to see segfaults during multiplart upload to one of the
buckets
File is about 60MB in size
Upload of the same file to a brand new bucket works OK
Command used
aws --profile=tester --endpoint=$HOST_S3_API --region="" s3 cp
./pack-a9201afb4682b74c7c5a5d6070e661662bdfea1a.pack
Hi all
Scenario is as follows
Federated user assumes a role via AssumeRoleWithWebIdentity, which gives
permission to create a bucket.
User creates a bucket and becomes an owner (this is visible in Ceph's web
ui as Owner $oidc$7f71c7c5-c24f-418e-87ac-aa8fe271289b).
User cannot list the content of
Hi all
I'm working on the following scenario
User is authenticated with OIDC and tries to access a bucket which it does
not own.
How to specify user ID etc. to give access to such a user?
By trial and error I found out that principal can be specified as
"Principal":
16 matches
Mail list logo