From 7da45d65be36d36b880cc55c5036e96c24b53f00 Mon Sep 17 00:00:00 2001 From: Qiaowei Ren Date: Thu, 1 Mar 2018 14:38:11 +0800 Subject: remove ceph code This patch removes initial ceph code, due to license issue. Change-Id: I092d44f601cdf34aed92300fe13214925563081c Signed-off-by: Qiaowei Ren --- src/ceph/doc/radosgw/bucketpolicy.rst | 133 ---------------------------------- 1 file changed, 133 deletions(-) delete mode 100644 src/ceph/doc/radosgw/bucketpolicy.rst (limited to 'src/ceph/doc/radosgw/bucketpolicy.rst') diff --git a/src/ceph/doc/radosgw/bucketpolicy.rst b/src/ceph/doc/radosgw/bucketpolicy.rst deleted file mode 100644 index 85e7055..0000000 --- a/src/ceph/doc/radosgw/bucketpolicy.rst +++ /dev/null @@ -1,133 +0,0 @@ -=============== -Bucket Policies -=============== - -.. versionadded:: Luminous - -The Ceph Object Gateway supports a subset of the Amazon S3 policy -language applied to buckets. - - -Creation and Removal -==================== - -Bucket policies are managed through standard S3 operations rather than -radosgw-admin. - -For example, one may use s3cmd to set or delete a policy thus:: - - $ cat > examplepol - { - "Version": "2012-10-17", - "Statement": [{ - "Effect": "Allow", - "Principal": {"AWS": ["arn:aws:iam::usfolks:user/fred"]}, - "Action": "s3PutObjectAcl", - "Resource": [ - "arn:aws:s3:::happybucket/*" - ] - }] - } - - $ s3cmd setpolicy examplepol s3://happybucket - $ s3cmd delpolicy s3://happybucket - - -Limitations -=========== - -Currently, we support only the following actions: - -- s3:AbortMultipartUpload -- s3:CreateBucket -- s3:DeleteBucketPolicy -- s3:DeleteBucket -- s3:DeleteBucketWebsite -- s3:DeleteObject -- s3:DeleteObjectVersion -- s3:DeleteReplicationConfiguration -- s3:GetAccelerateConfiguration -- s3:GetBucketAcl -- s3:GetBucketCORS -- s3:GetBucketLocation -- s3:GetBucketLogging -- s3:GetBucketNotification -- s3:GetBucketPolicy -- s3:GetBucketRequestPayment -- s3:GetBucketTagging -- s3:GetBucketVersioning -- s3:GetBucketWebsite -- s3:GetLifecycleConfiguration -- s3:GetObjectAcl -- s3:GetObject -- s3:GetObjectTorrent -- s3:GetObjectVersionAcl -- s3:GetObjectVersion -- s3:GetObjectVersionTorrent -- s3:GetReplicationConfiguration -- s3:ListAllMyBuckets -- s3:ListBucketMultiPartUploads -- s3:ListBucket -- s3:ListBucketVersions -- s3:ListMultipartUploadParts -- s3:PutAccelerateConfiguration -- s3:PutBucketAcl -- s3:PutBucketCORS -- s3:PutBucketLogging -- s3:PutBucketNotification -- s3:PutBucketPolicy -- s3:PutBucketRequestPayment -- s3:PutBucketTagging -- s3:PutBucketVersioning -- s3:PutBucketWebsite -- s3:PutLifecycleConfiguration -- s3:PutObjectAcl -- s3:PutObject -- s3:PutObjectVersionAcl -- s3:PutReplicationConfiguration -- s3:RestoreObject - -We do not yet support setting policies on users, groups, or roles. - -We use the RGW ‘tenant’ identifier in place of the Amazon twelve-digit -account ID. In the future we may allow you to assign an account ID to -a tenant, but for now if you want to use policies between AWS S3 and -RGW S3 you will have to use the Amazon account ID as the tenant ID when -creating users. - -Under AWS, all tenants share a single namespace. RGW gives every -tenant its own namespace of buckets. There may be an option to enable -an AWS-like 'flat' bucket namespace in future versions. At present, to -access a bucket belonging to another tenant, address it as -"tenant:bucket" in the S3 request. - -In AWS, a bucket policy can grant access to another account, and that -account owner can then grant access to individual users with user -permissions. Since we do not yet support user, role, and group -permissions, account owners will currently need to grant access -directly to individual users, and granting an entire account access to -a bucket grants access to all users in that account. - -Bucket policies do not yet support string interpolation. - -Currently, the only condition keys we support are: -- aws:CurrentTime -- aws:EpochTime -- aws:PrincipalType -- aws:Referer -- aws:SecureTransport -- aws:SourceIp -- aws:UserAgent -- aws:username - -More may be supported soon as we integrate with the recently rewritten -Authentication/Authorization subsystem. - -Swift -===== - -There is no way to set bucket policies under Swift, but bucket -policies that have been set govern Swift as well as S3 operations. - -Swift credentials are matched against Principals specified in a policy -in a way specific to whatever backend is being used. -- cgit 1.2.3-korg