Hello ceph-users,
I need to prevent the use of public objects in some Ceph S3 clusters
where clients access directly via haproxy as balancer and backend on
radosgw.
I would like to know if anyone has found a solution to prevent entire
Buckets or even single objects from being made accessible without
authentication and that they can be exposed with a specific URL.
I tried to set the policies in 'deny' for
"s3:PutBucketPolicy",
"s3:PutObjectAcl"
and the objects uploaded to the bucket after the policy is applied
cannot be made public.
However, I would need to have a way to set the Deny on all buckets when
they are created by clients because otherwise I have to iterate on all
existing buckets and apply the policy, but in this way if the client
creates a bucket, uploads some objects and makes them public before the
Deny is applied I no longer have control.
I should then also execute a policy on all objects but it becomes a very
long operation.
If anyone has any ideas on this it would be greatly appreciated.
Thank you very much.
Andrea
_______________________________________________
ceph-users mailing list -- ceph-users@ceph.io
To unsubscribe send an email to ceph-users-le...@ceph.io
