Identity and Access Management (IAM) (Epic) #227
Labels
area/docs
Related with documentation in general
area/rgw-sfs
RGW & SFS related
area/tests
Related to tests and testing
area/ui
User Interface
kind/epic
Umbrella issue for a group of related issues
kind/feature
New functionality or support for something
triage/next-candidate
This could be moved to the next milestone
Description
Identity and Access Management (IAM) is a mechanism part of Amazon Web Services that allow "securely managing identities and access to AWS services and resources" (AWS docs).
With AIM it is possible which entities have access to which services and resources within AWS, with these finely-grained permissions being centrally managed for all AWS services.
In the context of s3gw, we will not rely on AWS's AIM service, but we intend to support being able to set AIM Policies the same way S3 would support.
To achieve this we will have to support creating and managing Roles, which can be associated with resources. In RGW this is achieved through the
radosgw-admin
tool (upstream docs); in our case, feature-specific endpoints will have to be created.This effort also supports generation of temporary credentials for specific resources via Secure Token Service (STS), tracked in a different issue.
Some of these things may already be supported in RGW natively, and thus we may not have to add specific support to SFS. We will still have to add support in the UI, all bits in RGW that enable the UI, and efforts in testing and documentation.
Success criteria
More information
Tasks
The text was updated successfully, but these errors were encountered: