Hi all. In OPA integration from Ceph there is no integration for bucket policy.
When user is setting bucket policy to his/her bucket the OPA server won't get who get's access to that bucket so after that if the request is coming from the user (that gets access to that bucket via bucket policy) to access that bucket (PUT, GET,...), OPA will reject that because of no data in database.
I have create a pull request for this problem so if user creates a bucket policy for his/her bucket, the policy data will send to OPA server to be update on the database.
I think the main idea of having OPA is to have all authorization in OPA and Ceph don't authorize any request by it self.
Here is the pull request and I would be thankful to hear about your comments.