Project

General

Profile

RGW Multitenancy

Summary

Currently RGW follows the S3 scheme, in which users and buckets all reside in a single global tenant.
Swift, on the other hand has a distinct tenant entity. Note that the swift tenant is closer to the rgw user in functionality, whereas the swift users are closer to the rgw subusers.
All swift users within the same tenant share the same data (as with subusers under rgw user).
Buckets names don’t need to be unique across different tenants (unlike rgw).

Owners

  • Yehuda (Red Hat)

Interested Parties

  • Name (affiliation)

Current Status

Detailed Description

The suggested solution:
Basic
add ‘tenant’ property to rgw users
add ‘tenant’ property to rgw buckets
any bucket that a user creates will reside under the user’s tenant
buckets will not need to be unique across tenants
user could be referred to as <tenant>:<user>
bucket could be referred to as <tenant>#<bucket> or <tenant>/<bucket> (can’t use <tenant>:<bucket>)
for backward compatibility, the global tenant also exists, in which the tenant name is empty. Accessing a bucket through the virtual dns bucket naming scheme (e.g., bucket.dreamhost.com), will got to the bucket in the global region. A configurable will make it possible to change this scheme to be able to specify a tenant, e.g. <bucket>.<tenant>.<domain>.
when a user refers to a user or a bucket, if the tenant is not specified its own tenant will be used; when a user specifies permissions on object / bucket, each acl that specifies another user will refer to its own tenant by default. E.g.,
User sage under the redhat tenant (redhat:sage) gives greg permissions, sage could either specify redhat:greg <- READ_ONLY, or just greg <- READ_ONLY, as greg and sage are on the same tenant.
a tenant entity will also exist, and would have several optional configurables
default placement target (storage policy)
quota (per user in the tenant, for the entire tenant -- if implemented)
name[s] of dns entry point[s] for the tenant
Advanced functionality, not necessarily part of initial solution
ability to list users that belong to each tenant
tenant admin users that can administer their tenant
quota per tenant, statistics per tenant

Work items

Coding tasks

  1. Task 1
  2. Task 2
  3. Task 3

Build / release tasks

  1. Task 1
  2. Task 2
  3. Task 3

Documentation tasks

  1. Task 1
  2. Task 2
  3. Task 3

Deprecation tasks

  1. Task 1
  2. Task 2
  3. Task 3