[DNM] rgw: REST APIs for AWS Groups. #20383
Conversation
There was a problem hiding this comment.
This looks good so far.
Make sure to replace uses of ::encode/::decode with encode/decode so as not to break namespace stuff.
You may wish to rebase and compact things a bit since this goes over a relatively long timespan it would be easier to keep track of if older commits that were later changed were consolidated, but that's purely optional.
This is excellent so far.
One minor nit, why do we have the ARN stored explicitly as part of the group? That /should/ (I'd think) be derivable from the tenant and group name, unless I'm missing something.
Signed-off-by: Pritha Srivastava <prsrivas@redhat.com>
Signed-off-by: Pritha Srivastava <prsrivas@redhat.com>
Signed-off-by: Pritha Srivastava <prsrivas@redhat.com>
Signed-off-by: Pritha Srivastava <prsrivas@redhat.com>
Signed-off-by: Pritha Srivastava <prsrivas@redhat.com>
Signed-off-by: Pritha Srivastava <prsrivas@redhat.com>
Signed-off-by: Pritha Srivastava <prsrivas@redhat.com>
pritha-srivastava
force-pushed
the
wip-rgw-groups-rest-api
branch
from
95decf5
to
7a8617c
Compare
|
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. |
|
@pritha-srivastava @adamemerson is this still in holding pattern? |
|
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. |
|
This pull request has been automatically closed because there has been no activity for 90 days. Please feel free to reopen this pull request (or open a new one) if the proposed change is still appropriate. Thank you for your contribution! |
|
unstale for review |
|
reopening for discussion |
|
This pull request can no longer be automatically merged: a rebase is needed and changes have to be manually resolved |
|
|
||
| An example of a Bucket Policy to list a bucket and its contents with Principal | ||
| set to a Group ARN is below:: | ||
|
|
There was a problem hiding this comment.
We should probably note that this is NOT valid on AWS even if it is for us. Otherwise it might bite people doing multicloud.
(We /may/ want to consider having a 'compatibility' mode that rejects behaviors like this that we support that AWS doesn't, but I'm not sure how important that is.)
| Limitations | ||
| =========== | ||
|
|
||
| Currently, we do not support the REST APIs for Group operations. |
There was a problem hiding this comment.
This is no longer the case as of 7a8617c ?
| @@ -474,6 +474,7 @@ void RGWUserInfo::dump(Formatter *f) const | |||
| break; | |||
There was a problem hiding this comment.
Things aren't going in rgw_json_enc.cc any more since 2414c75 . They should just go in the corresponding .cc files for their headers.
(I think this will result in linker errors if left unmodified.)
|
|
||
| class RGWRestGroup : public RGWRESTOp { | ||
| protected: | ||
| string group_name; |
There was a problem hiding this comment.
We don't have using namespace std in headers any more, so this should be std::
| /** | ||
| * Add group name to user info | ||
| */ | ||
| extern bool rgw_add_group_to_user(RGWUserInfo& info, const string& group_name); |
There was a problem hiding this comment.
We should probably stop sticking extern on function prototypes since it's the default.
|
Does this have tests that can exercise it already in s3tests that we just have to enable? Or does it need tests? |
|
This pull request has been automatically marked as stale because it has not had any activity for 60 days. It will be closed if no further activity occurs for another 30 days. |
| Groups | ||
| =============== | ||
|
|
||
| Ceph Object Gateway provides support for Amazon Groups. A group is a collection |
There was a problem hiding this comment.
The Ceph Object Gateway (RGW) provides support for Amazon S3 groups. A group is a collection of users.
Below, what does ARN mean?
| Group Management | ||
| ==================== | ||
|
|
||
| A group can be created/ deleted/ updated and users can be added to /removed |
There was a problem hiding this comment.
A group may be created, deleted, or updated and users added or removed from a group with radosgw-admin commands.
| Update a Group | ||
| -------------- | ||
|
|
||
| To update the name/ path of a group, execute the following:: |
There was a problem hiding this comment.
The name or path of a group
| --path path to the group | ||
| --path-prefix path prefix for filtering groups | ||
| --new-group-name new name of an existing group | ||
| --new-path new path of an existing group |
|
This pull request has been automatically marked as stale because it has not had any activity for 60 days. It will be closed if no further activity occurs for another 30 days. |
|
un-stahl |
|
This pull request has been automatically marked as stale because it has not had any activity for 60 days. It will be closed if no further activity occurs for another 30 days. |
|
This pull request has been automatically closed because there has been no activity for 90 days. Please feel free to reopen this pull request (or open a new one) if the proposed change is still appropriate. Thank you for your contribution! |
Added code for REST APIs for manipulation of AWS Groups.
This PR is a continuation of PR 16077.
Currently admin users in rgw are allowed to create/ delete/ update groups. (User Policies for the same is not in place)