So when OPA integration is enabled the bucket policy from users will not
I think it’s about Ceph architecture not OPA because OPA is for authorizing
the requests and bucket policy is one of the authorizing methods that OPA
On Fri, Jan 17, 2020 at 5:56 PM Matt Benjamin <mbenjami(a)redhat.com> wrote:
As I wrote in a comment on your PR, my current intuition is that what
you're doing here isn't consistent with the original intent of the OPA
integration we currently have, nor with the OPA model in general.
That said, I'd really like some feedback from OPA architects, CC'd.
On Thu, Jan 16, 2020 at 5:04 AM Seena Fallah <seenafallah(a)gmail.com>
Hi all. In OPA integration from Ceph there is no integration for bucket
When user is setting bucket policy to his/her
bucket the OPA server
won't get who get's access to that bucket so after
that if the request is
coming from the user (that gets access to that bucket via bucket policy) to
access that bucket (PUT, GET,...), OPA will reject that because of no data
I have create a pull request for this problem so
if user creates a
bucket policy for his/her bucket, the policy data will send to
to be update on the database.
I think the main idea of having OPA is to have
all authorization in OPA
and Ceph don't authorize any request by it self.
Here is the pull request and I would be thankful
to hear about your
Dev mailing list -- dev(a)ceph.io
To unsubscribe send an email to dev-leave(a)ceph.io
Red Hat, Inc.
315 West Huron Street, Suite 140A
Ann Arbor, Michigan 48103