[openstack-dev] [swift][swift3][s3] Keep containers unique among a cluster

Pete Zaitcev zaitcev at redhat.com
Mon May 14 20:43:38 UTC 2018

On Thu, 10 May 2018 20:07:03 +0800
Yuxin Wang <wang.yuxin at ostorage.com.cn> wrote:

> I'm working on a swift project. Our customer cares about S3 compatibility very much. I tested our swift cluster with ceph/s3-tests and analyzed the failed cases. It turns out that lots of the failed cases are related to unique container/bucket. But as we know, containers are just unique in a tenant/project.
> Do you have any ideas on how to do or maybe why not to do? I'd highly appreciate any suggestions.

I don't have a recipy, but here's a thought: try making all the accounts
that need the interoperability with S3 belong to the same Keystone tenant.
As long as you do not give those accounts the owner role (one of those
listed in operator_roles=), they will not be able to access each other's
buckets (Swift containers). Unfortunately, I think they will not be able
to create any buckets either, but perhaps it's something that can be
tweaked - for sure if you're willing to far enough to make new middleware.

-- Pete

More information about the OpenStack-dev mailing list