MON=1 OSD=1 MDS=0 MGR=0 RGW=1 ../src/vstart.sh -n -d
bin/radosgw-admin user create --display-name "Hello World" --tenant world --uid hello --access_key hello --secret_key world
bin/radosgw-admin user create --display-name "Ka Boom" --tenant boom --uid ka --access_key ka --secret_key boom
AWS_ACCESS_KEY_ID=ka AWS_SECRET_ACCESS_KEY=boom aws --endpoint-url http://localhost:8000 sns create-topic --name=fishtopic \
--attributes='{"push-endpoint": "http://localhost:10900"}'
- create bucket and notification for user 2:
AWS_ACCESS_KEY_ID=ka AWS_SECRET_ACCESS_KEY=boom aws --endpoint-url http://localhost:8000 s3 mb s3://fish
AWS_ACCESS_KEY_ID=ka AWS_SECRET_ACCESS_KEY=boom aws --endpoint-url http://localhost:8000 s3api put-bucket-notification-configuration \
--bucket fish --notification-configuration='{"TopicConfigurations": [{"Id": "notif1", "TopicArn": "arn:aws:sns:default:boom:fishtopic", "Events": []}]}'
- verify that user 2 can access the notification:
AWS_ACCESS_KEY_ID=ka AWS_SECRET_ACCESS_KEY=boom aws --endpoint-url http://localhost:8000 s3api get-bucket-notification-configuration \
--bucket fish
- 2nd user sets bucket policy to allow 1st user to access notifications on the bucket:
AWS_ACCESS_KEY_ID=ka AWS_SECRET_ACCESS_KEY=boom aws --endpoint-url http://localhost:8000 s3api put-bucket-policy --bucket fish --policy \
'{"Version": "2012-10-17", "Statement": [{"Sid": "Statement", "Effect": "Allow", "Principal": "*", "Action": ["s3:GetBucketNotification", "s3:PutBucketNotification"], "Resource": "arn:aws:s3::boom:fish"}]}'
- try to get the notification fro mthe 1st user passing bucket name in the format "tenant:bucket". this is done via the following script:
import boto3
from botocore.handlers import validate_bucket_name
tenant='boom'
bucket='fish'
client = boto3.client('s3',
region_name='default',
use_ssl=False,
endpoint_url='http://localhost:8000',
aws_access_key_id='hello',
aws_secret_access_key='world')
# disabling bucket name validation to allow for the "tenant:bucket" format
client.meta.events.unregister("before-parameter-build.s3", validate_bucket_name)
response = client.get_bucket_notification_configuration(Bucket=f"{tenant}:{bucket}")
print(response)
- to verify deletion works, use the above, with:
response = client.put_bucket_notification_configuration(Bucket=f"{tenant}:{bucket}", NotificationConfiguration={})
print(response)