Ceph » rgw

Using release 15.2.2 on CentOS 8.1

At: https://docs.ceph.com/docs/mimic/radosgw/multitenancy/

There is a suggestion on some code that to address s3 buckets in a different tenant (your AWS creds are for a user in tenant t1, but the bucket you want to address is in tenant t2) you should use a ':' to separate the two, i.e. tenant2:bucketname.

This does not work. UJisng the AWS CLI (boto3), when doing

aws s3 ls s3://tenant2:bucketname

I get an error:

Invalid bucket name "tenant2:bucketname": Bucket name must match the regex "^[a-zA-Z0-9.\-_]{1,255}$" or be an ARN matching the regex "^arn:(aws).*:s3:[a-z\-0-9]+:[0-9]{12}:accesspoint[/:][a-zA-Z0-9\-]{1,63}$"

(Again this is CentOS 8.1):

In /usr/share/awscli/python/site-packages/botocore/handlers.py, there is a line:

VALID_BUCKET = re.compile(r'^[a-zA-Z0-9.\-_]{1,255}$')

If I change this regex appropriately to include a ':', then I can address the bucket with both the awscli as well as with boto3 code directly.

It should be noted that in the document I mentioned above, the code shown is boto code, NOT boto3. Apparently with boto as opposed to boto3 there is not a problem.

Without patching the regex as I show, there does not appear to be a way to address buckets in other tenants using python boto3 code which includes the awscli.

AWS and the Ceph team need to coordinate a proper fix