[ceph-users] RGW topic created in wrong (default) tenant

Wed, 23 Jun 2021 04:22:06 -0700 

Hi

I'm using Ceph Pacific 16.2.1

I'm creating a topic as a user which belongs to a non-default tenant.
I'm using AWS CLI 2 with v3 authentication enabled

aws --profile=ceph-myprofile --endpoint=$HOST_S3_API --region="" sns
create-topic --name=fishtopic --attributes='{"push-endpoint": "
http://my-ceph-source-svc.default.svc.cluster.local"}'
{
    "TopicArn": "arn:aws:sns:default::fishtopic"
}

topic is created in default tenant though.
User can list topics but see topics from the default tenant.

aws --profile=ceph-myprofile --endpoint=$HOST_S3_API --region="" sns
list-topics
{
    "Topics": [
        {
            "TopicArn": "arn:aws:sns:default::fishtopic"
        }
    ]
}

Topic is in default tenant

# radosgw-admin topic list --uid none
{
    "topics": [
        {
            "topic": {
                "user": "",
                "name": "fishtopic",
                "dest": {
                    "bucket_name": "",
                    "oid_prefix": "",
                    "push_endpoint": "
http://my-ceph-source-svc.default.svc.cluster.local";,
                    "push_endpoint_args":
"Attributes.entry.1.key=push-endpoint&Attributes.entry.1.value=
http://my-ceph-source-svc.default.svc.cluster.local
&Version=2010-03-31&push-endpoint=
http://my-ceph-source-svc.default.svc.cluster.local";,
                    "push_endpoint_topic": "fishtopic",
                    "stored_secret": "false",
                    "persistent": "false"
                },
                "arn": "arn:aws:sns:default::fishtopic",
                "opaqueData": ""
            },
            "subs": []
        }
    ]
}


When I create a topic over HTTP with a federated user, the topic is created
in the correct (user's) tenant.
For some reason the "user" below is "marvel", which is actually the name of
the tenant.
Possibly the topic is not owned by the user but rather the tenant.

radosgw-admin topic list --tenant marvel --uid none
{
    "topics": [
        {
            "topic": {
                "user": "marvel",
                "name": "MyTopic",
                "dest": {
                    "bucket_name": "",
                    "oid_prefix": "",
                    "push_endpoint": "amqp://127.0.0.1",
                    "push_endpoint_args":
"amqp-exchange=rgw-exchange&push-endpoint=amqp://127.0.0.1
&use-ssl=false&verify-ssl=false",
                    "push_endpoint_topic": "MyTopic",
                    "stored_secret": "false",
                    "persistent": "false"
                },
                "arn": "arn:aws:sns:default:marvel:MyTopic",
                "opaqueData": ""
            },
            "subs": []
        }
    ]
}

Also, what permissions are checked when creating a topic?
It seems so far I can create a topic without granting any special
permissions?

Regards
Daniel
_______________________________________________
ceph-users mailing list -- ceph-users@ceph.io
To unsubscribe send an email to ceph-users-le...@ceph.io

Reply via email to