Re: [ceph-users] bucket owner vs S3 ACL?

Wed, 01 Jul 2015 11:19:52 -0700 

Hi Valery,

With the old account did you try to give FULL access to the new one user ID ?

Process should be :
>From OLD account add FULL access to NEW account (S3 ACL with CloudBerry for 
>example) 
With radosgw admin update link from OLD account to NEW account (link allow user 
to see bucket with bucket list command)
>From NEW account remove FULL access to old account (S3 ACL with CloudBerry for 
>example)

Thanks


> On Jun 29, 2015, at 11:46 AM, Valery Tschopp <valery.tsch...@switch.ch> wrote:
> 
> Hi guys,
> 
> We use the radosgw (v0.80.9) with the Openstack Keystone integration.
> 
> One project have been deleted, so now I have to transfer the ownership of all 
> the buckets to another user/project.
> 
> Using radosgw-admin I have changed the owner:
> 
> radosgw-admin bucket link --uid <NEW_USER_ID> --bucket <BUCKET_NAME>
> 
> And the owner have been update:
> 
> radosgw-admin bucket stats --bucket <BUCKET_NAME>
> 
> { "bucket": "<BUCKET_NAME>",
>  "pool": ".rgw.buckets",
>  "index_pool": ".rgw.buckets.index",
>  "id": "default.4063334.17",
>  "marker": "default.4063334.17",
>  "owner": "<NEW_USER_ID>",
>  "ver": 66301,
>  "master_ver": 0,
>  "mtime": 1435583681,
>  "max_marker": "",
>  "usage": { "rgw.main": { "size_kb": 189433890,
>          "size_kb_actual": 189473684,
>          "num_objects": 19043},
>      "rgw.multimeta": { "size_kb": 0,
>          "size_kb_actual": 0,
>          "num_objects": 0}},
>  "bucket_quota": { "enabled": false,
>      "max_size_kb": -1,
>      "max_objects": -1}
> }
> 
> But the S3 ACL of this bucket is still referencing the old user/project (from 
> radosgw.log) when I try to access it with the new owner:
> 
> 2015-06-29 17:08:33.236265 7f40d8a76700 15 Read 
> AccessControlPolicy<AccessControlPolicy 
> xmlns="http://s3.amazonaws.com/doc/2006-03-01/";><Owner><ID>OLD_USER_ID</ID><DisplayName>OLD_PROJECT_NAME</DisplayName></Owner><AccessControlList><Grant><Grantee
>  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; 
> xsi:type="CanonicalUser"><ID>OLD_USER_ID</ID><DisplayName>OLD_PROJECT_NAME</DisplayName></Grantee><Permission>FULL_CONTROL</Permission></Grant></AccessControlList></AccessControlPolicy>
> 
> 
> Therefore I get a 403, because the S3 ACL still enforce the old owner, not 
> the new one.
> 
> How can I update these S3 ACL, and fully transfer the ownership to the new 
> owner/project???
> 
> Cheers,
> Valery
> 
> 
> 
> -- 
> SWITCH
> --------------------------
> Valery Tschopp, Software Engineer, Peta Solutions
> Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
> email: valery.tsch...@switch.ch phone: +41 44 268 1544
> 
> 
> _______________________________________________
> ceph-users mailing list
> ceph-users@lists.ceph.com
> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com

_______________________________________________
ceph-users mailing list
ceph-users@lists.ceph.com
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com

Reply via email to