Skip to content

Instantly share code, notes, and snippets.

@yuvalif

yuvalif/cross-tenant-topics.md

Created September 10, 2023 10:52
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save yuvalif/166b554a36c023ebc0d4a787d18ff66e to your computer and use it in GitHub Desktop.
Save yuvalif/166b554a36c023ebc0d4a787d18ff66e to your computer and use it in GitHub Desktop.
Download ZIP
Raw
cross-tenant-topics.md

Setup

  • start the cluster
MON=1 OSD=1 MDS=0 MGR=0 RGW=1 ../src/vstart.sh -n -d
  • create 2 tenanted users:
bin/radosgw-admin user create --display-name "Hello World" --tenant world --uid hello --access_key hello --secret_key world
bin/radosgw-admin user create --display-name "Ka Boom" --tenant boom --uid ka --access_key ka --secret_key boom

Topics

  • create the same http topic in both tenants:
AWS_ACCESS_KEY_ID=hello AWS_SECRET_ACCESS_KEY=world aws --endpoint-url http://localhost:8000 sns create-topic --name=fishtopic \
  --attributes='{"push-endpoint": "http://localhost:10900"}'
  
AWS_ACCESS_KEY_ID=ka AWS_SECRET_ACCESS_KEY=boom aws --endpoint-url http://localhost:8000 sns create-topic --name=fishtopic \
  --attributes='{"push-endpoint": "http://localhost:10900"}'
  • topic access cross tenant:
AWS_ACCESS_KEY_ID=hello AWS_SECRET_ACCESS_KEY=world aws --endpoint-url http://localhost:8000 sns get-topic-attributes \
  --topic-arn arn:aws:sns:default:boom:fishtopic

AWS_ACCESS_KEY_ID=ka AWS_SECRET_ACCESS_KEY=boom aws --endpoint-url http://localhost:8000 sns get-topic-attributes \
  --topic-arn arn:aws:sns:default:world:fishtopic
  • create a topic that exists only for one of the tenants:
AWS_ACCESS_KEY_ID=hello AWS_SECRET_ACCESS_KEY=world aws --endpoint-url http://localhost:8000 sns create-topic --name=dogtopic \
  --attributes='{"push-endpoint": "http://localhost:10900"}'
  • try to access it from the other tenent:
AWS_ACCESS_KEY_ID=ka AWS_SECRET_ACCESS_KEY=boom aws --endpoint-url http://localhost:8000 sns get-topic-attributes \
  --debug --topic-arn arn:aws:sns:default:world:dogtopic

Notifications

  • create a bucket for 2nd tenant:
AWS_ACCESS_KEY_ID=ka AWS_SECRET_ACCESS_KEY=boom aws --endpoint-url http://localhost:8000 s3 mb s3://cat
  • 2nd tenant create a notification on the bucket using the 1st tenant's topic:
AWS_ACCESS_KEY_ID=ka AWS_SECRET_ACCESS_KEY=boom aws --endpoint-url http://localhost:8000 s3api put-bucket-notification-configuration \
  --bucket cat --notification-configuration='{"TopicConfigurations": [{"Id": "notif1", "TopicArn": "arn:aws:sns:default:world:dogtopic", "Events": []}]}'
  • 1st tenant create a notification on the 2nd tenet's bucket:
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment