Arbutus object storage
Rados Gateway Bucket Management
We create the project for the users when we are generating the users for the project.
The users are responsible for operations inside of the 'tenant'. As such, the buckets and management of those buckets are up to the user.
In the interest of helping out the users below are some simple bucket operations.
The assumption is that the user will use the tool "s3cmd" which is available in Linux (see: Ceph Relevant Links Document)
Some Interesting Information
- Buckets are owned to the user that creates them and no other users can manipulate them
- You can make a bucket world accessible which then gives you a URL to post that will serve content in the bucket
- Bucket policies are managed via json files
Example Bucket operations
Making a bucket public so that it is web accessible:
s3cmd setacl s3://testbucket --acl-publicMake the bucket private again:
s3cmd setacl s3://testbucket --acl-privateExample bucket policy:
You need to first create a policy json file:
"testbucket.policy": { "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Principal": {"AWS": [ "arn:aws:iam::rrg_cjhuofw:user/parsa7", "arn:aws:iam::rrg_cjhuofw:user/dilbar" ]}, "Action": [ "s3:ListBucket", "s3:PutObject", "s3:DeleteObject", "s3:GetObject" ], "Resource": [ "arn:aws:s3:::testbucket/*", "arn:aws:s3:::testbucket" ] }] }This file allows you to set specific permissions for any number of users of that bucket.
You can even specify users from another tenant if there is a user from another project working with you.
Now that you have your policy file, you can implement that policy on the bucket:
s3cmd setpolicy testbucket.policy s3://testbucketMore extensive examples and actions can be found here: https://www.linode.com/docs/platform/object-storage/how-to-use-object-storage-acls-and-bucket-policies/