Feature #62775
open
rgw: add support external iam authorization
Added by Seena Fallah 8 months ago.
Updated 8 months ago.
Description
Implement a protocol to call an external service to authorize the incoming requests alongside the available policies by the cluster like bucket policy and...
The reason for such a feature is usually cloud provider companies have a central IAM system to authorize every product against it (like AWS User Policy which is not limited to S3) and Ceph as an S3 provider would be needed to be part of.
Current External Auth implementations (keystone, ldap) don't offer any authorization (IAM policy doc-like).
Having a free protocol to send the IAM info to an external service and do the authorization for the request was always a missing feature in Ceph (RGW).
- Assignee set to Seena Fallah
- Source set to Community (user)
- Pull request ID set to 53345
Also available in: Atom
PDF