Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Identity and Access Management (IAM) (Epic) #227

Open
3 tasks
jhmarina opened this issue Nov 22, 2022 · 0 comments
Open
3 tasks

Identity and Access Management (IAM) (Epic) #227

jhmarina opened this issue Nov 22, 2022 · 0 comments
Labels
area/docs Related with documentation in general area/rgw-sfs RGW & SFS related area/tests Related to tests and testing area/ui User Interface kind/epic Umbrella issue for a group of related issues kind/feature New functionality or support for something triage/next-candidate This could be moved to the next milestone

Comments

@jhmarina
Copy link
Contributor

jhmarina commented Nov 22, 2022
edited by jecluis

Description

Identity and Access Management (IAM) is a mechanism part of Amazon Web Services that allow "securely managing identities and access to AWS services and resources" (AWS docs).

With AIM it is possible which entities have access to which services and resources within AWS, with these finely-grained permissions being centrally managed for all AWS services.

In the context of s3gw, we will not rely on AWS's AIM service, but we intend to support being able to set AIM Policies the same way S3 would support.

To achieve this we will have to support creating and managing Roles, which can be associated with resources. In RGW this is achieved through the radosgw-admin tool (upstream docs); in our case, feature-specific endpoints will have to be created.

This effort also supports generation of temporary credentials for specific resources via Secure Token Service (STS), tracked in a different issue.

Some of these things may already be supported in RGW natively, and thus we may not have to add specific support to SFS. We will still have to add support in the UI, all bits in RGW that enable the UI, and efforts in testing and documentation.

Success criteria

  • Creating Roles, Policies, and limiting access to specific resources depending on AIM policies.
  • UI support for AIM Policies, Roles, etc.
  • The effort is accompanied with necessary tests.
  • The resulting features have been properly documented.

More information

Tasks
@jhmarina jhmarina added the kind/epic Umbrella issue for a group of related issues label Nov 22, 2022
@jhmarina jhmarina changed the title ⛰ Access Identity Management (AIM) (Epic) Access Identity Management (AIM) (Epic) May 8, 2023
@irq0 irq0 added the triage/needs-information Further information is requested label May 17, 2023
@jecluis jecluis changed the title Access Identity Management (AIM) (Epic) Identity and Access Management (IAM) (Epic) Oct 19, 2023
@jecluis jecluis added area/ui User Interface area/rgw-sfs RGW & SFS related area/tests Related to tests and testing kind/feature New functionality or support for something area/docs Related with documentation in general and removed triage/needs-information Further information is requested labels Oct 31, 2023
@jecluis jecluis added the triage/next-candidate This could be moved to the next milestone label Mar 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/docs Related with documentation in general area/rgw-sfs RGW & SFS related area/tests Related to tests and testing area/ui User Interface kind/epic Umbrella issue for a group of related issues kind/feature New functionality or support for something triage/next-candidate This could be moved to the next milestone
Projects
s3gw
Status: Backlog
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jecluis @irq0 @jhmarina