Closed oberai07 closed 6 months ago
gaul
commented
6 months ago Could you be more specific about your use case? Are you embedding S3Proxy into another Java app? If so you should look at S3ProxyHandler.setBlobStoreLocator which allows dynamic authentication.
oberai07
commented
6 months ago No, we are not using with Java app. We are using it to store the DB backups in the k8s(Kubernetes) environment and we don't want anybody to access the buckets and objects(Db backups) without authentication. We are using OpenStack Swift object storage as underneath storage. Here is the below config sample we used:
s3proxy.endpoint=http://127.0.0.1:8080
s3proxy.authorization=none
s3proxy.identity=local-identity
s3proxy.credential=local-credential
jclouds.provider=openstack-swift
jclouds.endpoint=$OS_AUTH_URL (e.g. https://keystone.example.com/v3/)
jclouds.regions=$OS_REGION_NAME (e.g. paris1)
jclouds.region=$OS_REGION_NAME (e.g. paris1)
jclouds.identity=$OS_USER_DOMAIN_NAME:$OS_USERNAME (e.g. domain1:user1)
jclouds.keystone.version=3
jclouds.keystone.scope=project:$OS_PROJECT_NAME (e.g. project:project1)
jclouds.keystone.project_domain_name=$OS_PROJECT_DOMAIN_NAME (e.g. domain2 - only needed if user and project domains differ)
jclouds.credential=$OS_PASSWORD (e.g. password)If you set s3proxy.authorization to aws-v4 then S3Proxy will operate as AWS does, enforcing the correct s3proxy.identity and s3proxy.credential values. Currently you set it to none which ignores authorization entirely.
oberai07
commented
6 months ago If I sets3proxy.authorizationto aws-v4 then it will throw me an access denied error. Please refer my another issue that I opened with you guys already. Could you please let me know, how we can enforce the correct s3porxy.identityand s3proxy. credential and what should be the values of both keys?
gaul
commented
6 months ago Duplicate of #581.
Currently, we don't have any authentication mechanism to access the s3proxy or APIs. We need a way to set the authentication for s3proxy. How we can design/implement the same?