Project

General

Profile

Actions
Copy link

Feature #6568

open

ceph-rest-api authentication

Added by Matt Thompson over 10 years ago. Updated over 10 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
% Done:

0%

Source:
other
Tags:
Backport:
Reviewed:
Affected Versions:
Pull request ID:

Description

Hi All,

When using the radosgw admin API, I have to provide an AWS authorization header to requests and also ensure that the user I've built the header with has the necessary capabilities. Using the ceph-rest-api on the other hand, I am able to make requests without providing an authorization header.

Whilst I can run ceph-rest-api through Apache (or similar) and have that perform authentication, it would be nice to use the same user database that exists for radosgw. Also, the ceph-rest-api exposes a lot of destructive capabilities, so having it locked down by default would probably be advantageous.

Are there any existing plans to include authorization into the ceph-rest-api, and if not can we get this added to your feature backlog?

Thank you in advance for your assistance.

Regards,
Matt

Actions
Copy link
 #1

Updated by Dan Mick over 10 years ago

I'm not aware of any such plans, no, Matt; we sort of look at the ceph-rest-api as
a way of allowing internal-net access to the cluster, where you have the same rights
and permissions as someone running a CLI command (which is equally as dangerous).

Certainly more authentication could be provided with middleware too; as ceph-rest-api
is a WSGI app, assembling a middleware stack, and providing a real web service (say,
uwsgi/nginx, or mod_wsgi/Apache) is doable. Flask itself provides the possibility
of adding middleware directly to to code too.

Actions
Copy link

Also available in: Atom PDF