-
Notifications
You must be signed in to change notification settings - Fork 5.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[DNM] rgw: REST APIs for AWS Groups. #20383
[DNM] rgw: REST APIs for AWS Groups. #20383
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks good so far.
Make sure to replace uses of ::encode/::decode with encode/decode so as not to break namespace stuff.
You may wish to rebase and compact things a bit since this goes over a relatively long timespan it would be easier to keep track of if older commits that were later changed were consolidated, but that's purely optional.
This is excellent so far.
One minor nit, why do we have the ARN stored explicitly as part of the group? That /should/ (I'd think) be derivable from the tenant and group name, unless I'm missing something.
Signed-off-by: Pritha Srivastava <prsrivas@redhat.com>
Signed-off-by: Pritha Srivastava <prsrivas@redhat.com>
Signed-off-by: Pritha Srivastava <prsrivas@redhat.com>
Signed-off-by: Pritha Srivastava <prsrivas@redhat.com>
Signed-off-by: Pritha Srivastava <prsrivas@redhat.com>
Signed-off-by: Pritha Srivastava <prsrivas@redhat.com>
Signed-off-by: Pritha Srivastava <prsrivas@redhat.com>
95decf5
to
7a8617c
Compare
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. |
@pritha-srivastava @adamemerson is this still in holding pattern? |
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. |
This pull request has been automatically closed because there has been no activity for 90 days. Please feel free to reopen this pull request (or open a new one) if the proposed change is still appropriate. Thank you for your contribution! |
unstale for review |
reopening for discussion |
This pull request can no longer be automatically merged: a rebase is needed and changes have to be manually resolved |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I approve of this PR!
|
||
An example of a Bucket Policy to list a bucket and its contents with Principal | ||
set to a Group ARN is below:: | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should probably note that this is NOT valid on AWS even if it is for us. Otherwise it might bite people doing multicloud.
(We /may/ want to consider having a 'compatibility' mode that rejects behaviors like this that we support that AWS doesn't, but I'm not sure how important that is.)
Limitations | ||
=========== | ||
|
||
Currently, we do not support the REST APIs for Group operations. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is no longer the case as of 7a8617c ?
@@ -474,6 +474,7 @@ void RGWUserInfo::dump(Formatter *f) const | |||
break; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Things aren't going in rgw_json_enc.cc any more since 2414c75 . They should just go in the corresponding .cc files for their headers.
(I think this will result in linker errors if left unmodified.)
|
||
class RGWRestGroup : public RGWRESTOp { | ||
protected: | ||
string group_name; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We don't have using namespace std
in headers any more, so this should be std::
/** | ||
* Add group name to user info | ||
*/ | ||
extern bool rgw_add_group_to_user(RGWUserInfo& info, const string& group_name); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should probably stop sticking extern
on function prototypes since it's the default.
Does this have tests that can exercise it already in s3tests that we just have to enable? Or does it need tests? |
This pull request has been automatically marked as stale because it has not had any activity for 60 days. It will be closed if no further activity occurs for another 30 days. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I left some formatting and wording requests, and Adam entered some unresolved notes as well.
Groups | ||
=============== | ||
|
||
Ceph Object Gateway provides support for Amazon Groups. A group is a collection |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The Ceph Object Gateway (RGW) provides support for Amazon S3 groups. A group is a collection of users.
Below, what does ARN
mean?
Group Management | ||
==================== | ||
|
||
A group can be created/ deleted/ updated and users can be added to /removed |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A group may be created, deleted, or updated and users added or removed from a group with radosgw-admin
commands.
Update a Group | ||
-------------- | ||
|
||
To update the name/ path of a group, execute the following:: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The name or path of a group
--path path to the group | ||
--path-prefix path prefix for filtering groups | ||
--new-group-name new name of an existing group | ||
--new-path new path of an existing group |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/of/for/ ?
This pull request has been automatically marked as stale because it has not had any activity for 60 days. It will be closed if no further activity occurs for another 30 days. |
un-stahl |
This pull request has been automatically marked as stale because it has not had any activity for 60 days. It will be closed if no further activity occurs for another 30 days. |
This pull request has been automatically closed because there has been no activity for 90 days. Please feel free to reopen this pull request (or open a new one) if the proposed change is still appropriate. Thank you for your contribution! |
Added code for REST APIs for manipulation of AWS Groups.
This PR is a continuation of PR 16077.
Currently admin users in rgw are allowed to create/ delete/ update groups. (User Policies for the same is not in place)