Bucket Policies - Allowing limited access to an owned bucket

kube-object-storage / lib-bucket-provisioner

Library for the dynamic provisioning of object store buckets to be used by object store providers.

Apache License 2.0

20 stars 22 forks source link

Bucket Policies - Allowing limited access to an owned bucket #112

Open copejon opened 5 years ago

copejon commented 5 years ago

When an OBC is fulfilled, the user will have full access to the dynamically generated bucket. In practical use however, the owner should be capable of requesting keys with defined limited permissions (RO, WO, RW, etc). This differs from ACLs, which define public access.

The purpose for this feature would be to allow users to limit access to their buckets to only what the connecting app requires. An app that only servers data from the bucket should not have write access, for instance.

jeffvance commented 5 years ago

As an additional thought, perhaps the Storage Class can define the max access that an OBC author can grant to her bucket?

jeffvance commented 5 years ago