Open arkpoah opened 1 year ago
Same issue, how to restrict to a single bucket always?
I think S3Proxy could add a middleware for this. The user would provide a configuration of the allowed buckets and S3Proxy would enforce that each operation consulted the allowlist. I guess listBuckets would also need to filter.
List bucket would then rather have to list the "folders" present inside a specific container as "buckets", rather than listing all the available "containers". You see in zenko cloudserver, the configuration was to create buckets inside a specific container only. For cloudserver, those were buckets, but for azure, those were "folders" inside a container.
I need to migrate from Zenko and I tried S3Proxy which seems to fit the need. In Zenko, each account has access to buckets we specify, but with S3Proxy I don't find how to limit access to an Azure container in a same storage account in a S3Proxy instance. Is there a way to do that or a S3Proxy instance with Azure in backend necessarily has access to all storage accounts's containers ?