Closed oberai07 closed 6 months ago
Could you be more specific about your use case? Are you embedding S3Proxy into another Java app? If so you should look at S3ProxyHandler.setBlobStoreLocator
which allows dynamic authentication.
No, we are not using with Java app. We are using it to store the DB backups in the k8s(Kubernetes) environment and we don't want anybody to access the buckets and objects(Db backups) without authentication. We are using OpenStack Swift object storage as underneath storage. Here is the below config sample we used:
s3proxy.endpoint=http://127.0.0.1:8080
s3proxy.authorization=none
s3proxy.identity=local-identity
s3proxy.credential=local-credential
jclouds.provider=openstack-swift
jclouds.endpoint=$OS_AUTH_URL (e.g. https://keystone.example.com/v3/)
jclouds.regions=$OS_REGION_NAME (e.g. paris1)
jclouds.region=$OS_REGION_NAME (e.g. paris1)
jclouds.identity=$OS_USER_DOMAIN_NAME:$OS_USERNAME (e.g. domain1:user1)
jclouds.keystone.version=3
jclouds.keystone.scope=project:$OS_PROJECT_NAME (e.g. project:project1)
jclouds.keystone.project_domain_name=$OS_PROJECT_DOMAIN_NAME (e.g. domain2 - only needed if user and project domains differ)
jclouds.credential=$OS_PASSWORD (e.g. password)
If you set s3proxy.authorization
to aws-v4
then S3Proxy will operate as AWS does, enforcing the correct s3proxy.identity
and s3proxy.credential
values. Currently you set it to none
which ignores authorization entirely.
If I sets3proxy.authorization
to aws-v4
then it will throw me an access denied error. Please refer my another issue that I opened with you guys already. Could you please let me know, how we can enforce the correct s3porxy.identity
and s3proxy. credential
and what should be the values of both keys?
Duplicate of #581.
Currently, we don't have any authentication mechanism to access the s3proxy or APIs. We need a way to set the authentication for s3proxy. How we can design/implement the same?