Project

General

Profile

Actions
Copy link

Feature #62775

open

rgw: add support external iam authorization

Added by Seena Fallah 8 months ago. Updated 8 months ago.

Status:
New
Priority:
Normal
Assignee:
Seena Fallah
Target version:
-
% Done:

0%

Source:
Community (user)
Tags:
Backport:
reef, quincy
Reviewed:
Affected Versions:
Pull request ID:
53345

Description

Implement a protocol to call an external service to authorize the incoming requests alongside the available policies by the cluster like bucket policy and...

Actions
Copy link
 #2

Updated by Seena Fallah 8 months ago

The reason for such a feature is usually cloud provider companies have a central IAM system to authorize every product against it (like AWS User Policy which is not limited to S3) and Ceph as an S3 provider would be needed to be part of.
Current External Auth implementations (keystone, ldap) don't offer any authorization (IAM policy doc-like).
Having a free protocol to send the IAM info to an external service and do the authorization for the request was always a missing feature in Ceph (RGW).

Actions
Copy link
 #3

Updated by Konstantin Shalygin 8 months ago

  • Assignee set to Seena Fallah
  • Source set to Community (user)
  • Pull request ID set to 53345
Actions
Copy link

Also available in: Atom PDF