Actions
Feature #62775
openrgw: add support external iam authorization
% Done:
0%
Source:
Community (user)
Tags:
Backport:
reef, quincy
Description
Implement a protocol to call an external service to authorize the incoming requests alongside the available policies by the cluster like bucket policy and...
Updated by Seena Fallah 8 months ago
The reason for such a feature is usually cloud provider companies have a central IAM system to authorize every product against it (like AWS User Policy which is not limited to S3) and Ceph as an S3 provider would be needed to be part of.
Current External Auth implementations (keystone, ldap) don't offer any authorization (IAM policy doc-like).
Having a free protocol to send the IAM info to an external service and do the authorization for the request was always a missing feature in Ceph (RGW).
Updated by Konstantin Shalygin 8 months ago
- Assignee set to Seena Fallah
- Source set to Community (user)
- Pull request ID set to 53345
Actions