rgw用戶中的caps指的是什么

發(fā)布時間：2022-01-05 14:27:52 來源：億速云閱讀：147 作者：柒染欄目：云計算

這期內(nèi)容當中小編將會給大家?guī)碛嘘Prgw用戶中的caps指的是什么，文章內(nèi)容豐富且以專業(yè)的角度為大家分析和敘述，閱讀完這篇文章希望大家可以有所收獲。

可以用以下命令為用戶添加所有的caps，擁有對應的cap的用戶可以操作不僅限與屬于用戶自己的桶和對象和其他用戶，可以看作擁有管理員的某種權限

radosgw-admin caps add --uid=admin --caps="users=*;buckets=*;metadata=*;usage=*;zone=*"

*代表read和write

可以按照以下方式為不同的用戶添加不同的caps，但是不建議給普通用戶開啟任何caps

testcaps1用戶
radosgw-admin caps add --uid=testcaps1 --caps="users=*" 

testcaps2用戶
radosgw-admin caps add --uid=testcaps2 --caps="buckets=*"

testcaps3用戶
radosgw-admin caps add --uid=testcaps3 --caps="metadata=*" 

testcaps4用戶
radosgw-admin caps add --uid=testcaps4 --caps="usage=*"

testcaps5用戶
radosgw-admin caps add --uid=testcaps5 --caps="zone=*"

對照http://docs.ceph.com/docs/jewel/radosgw/adminops/的介紹

cap為usage=read

用戶擁有 usage=read 的可以查看調用admin rest api 的 usage 接口

于是只有testcaps4是可以

GET /admin/usage?format=json&start=2016-07-26%2013:00:00&show-entries=True&show-summary=True HTTP/1.1
Host: yuliyangdebugweb68.tunnel.qydev.com
User-Agent: python-requests/2.10.0
Accept: */*
Accept-Encoding: gzip, deflate
Authorization: AWS testcaps4:Hk5gPweXZKBNraDK8/1XvHv8Umw=
Connection: keep-alive
Date: Tue, 26 Jul 2016 05:51:21 GMT

HTTP/1.1 200 OK
Content-Length: 27
Connection: Keep-Alive
Date: Tue, 26 Jul 2016 05:48:50 GMT
X-Amz-Request-Id: tx000000000000000000145-005796f9c2-a8f9f-default

{"entries":[],"summary":[]}

其他用戶則無權限獲取usage的統(tǒng)計信息

GET /admin/usage?format=json&start=2016-07-26%2013:00:00&show-entries=True&show-summary=True HTTP/1.1
Host: yuliyangdebugweb68.tunnel.qydev.com
User-Agent: python-requests/2.10.0
Accept: */*
Accept-Encoding: gzip, deflate
Authorization: AWS testcaps5:fJZkl8WezcmVz9/aekKsjbq0DrE=
Connection: keep-alive
Date: Tue, 26 Jul 2016 05:51:15 GMT


HTTP/1.1 403 Forbidden
Content-Length: 119
Accept-Ranges: bytes
Connection: Keep-Alive
Content-Type: application/json
Date: Tue, 26 Jul 2016 05:48:44 GMT
X-Amz-Request-Id: tx000000000000000000144-005796f9bc-a8f9f-default

{"Code":"AccessDenied","RequestId":"tx000000000000000000144-005796f9bc-a8f9f-default","HostId":"a8f9f-default-default"}

cap為usage=write

擁有該cap的用戶可以刪除usage的統(tǒng)計信息

DELETE /{admin}/usage?format=json HTTP/1.1

#cap為users=read 該cap的用戶可以獲取用戶信息 display_name user_id suspended max_buckets subusers keys swift_keys caps，獲取配額信息

GET /{admin}/user?format=json HTTP/1.1

cap為users=write

該cap的用戶可以創(chuàng)建或修改或刪除其他用戶或子用戶,添加用戶的cap，刪除用戶cap,創(chuàng)建key，刪除key，修改key，修改配額

PUT /{admin}/user?format=json HTTP/1.1
Host: {fqdn}

PUT /{admin}/user?caps&format=json HTTP/1.1
Host {fqdn}

cap為buckets=read

該cap的用戶可獲取bucket信息,對象或Bucket的acl

GET /{admin}/bucket?format=json HTTP/1.1
Host {fqdn}

GET /{admin}/bucket?policy&format=json HTTP/1.1
Host {fqdn}

cap為buckets=write

該cap的用戶可以check bucket index，刪除bucket，unlink bucket，link bucket,刪除對象(不論桶還是對象是不是屬于該用戶)

GET /{admin}/bucket?index&format=json HTTP/1.1
Host {fqdn}

DELETE /{admin}/bucket?format=json HTTP/1.1
Host {fqdn}

POST /{admin}/bucket?format=json HTTP/1.1
Host {fqdn}

PUT /{admin}/bucket?format=json HTTP/1.1
Host {fqdn}

DELETE /{admin}/bucket?object&format=json HTTP/1.1
Host {fqdn}

cap為metadata=read

該cap的用戶可以讀取user 和 bucket的metadata

radosgw-admin metadata get user:admin

{
    "key": "user:admin",
    "ver": {
        "tag": "_cz1Iiuv69GdQbVsCAoagBik",
        "ver": 15
    },
    "mtime": "2016-07-25 04:28:35.014334Z",
    "data": {
        "user_id": "admin",
        "display_name": "admin",
        "email": "admin@cmss.com",
        "suspended": 0,
        "max_buckets": 1000,
        "auid": 0,
        "subusers": [
            {
                "id": "admin:swift",
                "permissions": "full-control"
            }
        ],
        "keys": [
            {
                "user": "admin",
                "access_key": "F3ZKGR2Q6M8QJA5AVBAB",
                "secret_key": "sQzliizcmlSJg1BL6nOpL41hYRvg7dLXTxFtOZb2"
            },
            {
                "user": "admin",
                "access_key": "H3085SM4LQUT5IVNC39D",
                "secret_key": "2z3Bw09EDyhtO11rH7DyZBioyaHozZDM4mZCOi9r"
            },
            {
                "user": "admin:yuliyangtests3002",
                "access_key": "VCFIBX41YJQ9U4NB9F6A",
                "secret_key": "GoUcvNUe52KoZJux24V2mMFkkaN1Bh2TGdTOkxUD"
            },
            {
                "user": "admin",
                "access_key": "admin",
                "secret_key": "admin"
            },
            {
                "user": "admin:admin-subuser3",
                "access_key": "admin-subuser3",
                "secret_key": "admin-subuser3"
            },
            {
                "user": "admin:admin-subuser4",
                "access_key": "admin-subuser4",
                "secret_key": "admin-subuser4"
            }
        ],
        "swift_keys": [
            {
                "user": "admin:swift",
                "secret_key": "FlC7XZuiLjdTjSC1wZ9S2KnIlccrQkSGm0P0vHvl"
            },
            {
                "user": "admin:yuliyangswift1",
                "secret_key": "作s為俄"
            }
        ],
        "caps": [
            {
                "type": "buckets",
                "perm": "*"
            },
            {
                "type": "metadata",
                "perm": "*"
            },
            {
                "type": "usage",
                "perm": "*"
            },
            {
                "type": "users",
                "perm": "*"
            },
            {
                "type": "zone",
                "perm": "*"
            }
        ],
        "op_mask": "read, write, delete",
        "default_placement": "",
        "placement_tags": [],
        "bucket_quota": {
            "enabled": false,
            "max_size_kb": -1,
            "max_objects": -1
        },
        "user_quota": {
            "enabled": false,
            "max_size_kb": -1,
            "max_objects": -1
        },
        "temp_url_keys": [],
        "attrs": [
            {
                "key": "user.rgw.idtag",
                "val": ""
            },
            {
                "key": "user.rgw.manifest",
                "val": ""
            }
        ]
    }
}



radosgw-admin metadata get bucket:bababa
{
    "key": "bucket:bababa",
    "ver": {
        "tag": "_8KAo6w6VPo5fhGtzTvxwRaE",
        "ver": 1
    },
    "mtime": "2016-07-24 23:43:19.214419Z",
    "data": {
        "bucket": {
            "name": "bababa",
            "pool": "default.rgw.buckets.data",
            "data_extra_pool": "default.rgw.buckets.non-ec",
            "index_pool": "default.rgw.buckets.index",
            "marker": "b74b128b-eac1-4f3a-a5ca-60536d190664.694099.2",
            "bucket_id": "b74b128b-eac1-4f3a-a5ca-60536d190664.694099.2"
        },
        "owner": "date2",
        "creation_time": "0.000000",
        "linked": "true",
        "has_bucket_info": "false"
    }
}

user的metadata

GET /admin/metadata/user?format=json&key=admin HTTP/1.1
Host: yuliyangdebugweb68.tunnel.qydev.com
User-Agent: python-requests/2.10.0
Accept: */*
Accept-Encoding: gzip, deflate
Authorization: AWS testcaps3:qSnsnWOB9hljBBZz+wumQKm/qfM=
Connection: keep-alive
Date: Wed, 27 Jul 2016 02:17:35 GMT



HTTP/1.1 200 OK
Content-Length: 1497
Connection: Keep-Alive
Content-Type: application/json
Date: Wed, 27 Jul 2016 02:15:02 GMT
X-Amz-Request-Id: tx00000000000000000033e-0057981926-a8f9f-default

{"key":"user:admin","ver":{"tag":"_cz1Iiuv69GdQbVsCAoagBik","ver":15},"mtime":"2016-07-25 04:28:35.014334Z","data":{"user_id":"admin","display_name":"admin","email":"admin@cmss.com","suspended":0,"max_buckets":1000,"auid":0,"subusers":[{"id":"admin:swift","permissions":"full-control"}],"keys":[{"user":"admin","access_key":"F3ZKGR2Q6M8QJA5AVBAB","secret_key":"sQzliizcmlSJg1BL6nOpL41hYRvg7dLXTxFtOZb2"},{"user":"admin","access_key":"H3085SM4LQUT5IVNC39D","secret_key":"2z3Bw09EDyhtO11rH7DyZBioyaHozZDM4mZCOi9r"},{"user":"admin:yuliyangtests3002","access_key":"VCFIBX41YJQ9U4NB9F6A","secret_key":"GoUcvNUe52KoZJux24V2mMFkkaN1Bh2TGdTOkxUD"},{"user":"admin","access_key":"admin","secret_key":"admin"},{"user":"admin:admin-subuser3","access_key":"admin-subuser3","secret_key":"admin-subuser3"},{"user":"admin:admin-subuser4","access_key":"admin-subuser4","secret_key":"admin-subuser4"}],"swift_keys":[{"user":"admin:swift","secret_key":"FlC7XZuiLjdTjSC1wZ9S2KnIlccrQkSGm0P0vHvl"},{"user":"admin:yuliyangswift1","secret_key":"作s為俄"}],"caps":[{"type":"buckets","perm":"*"},{"type":"metadata","perm":"*"},{"type":"usage","perm":"*"},{"type":"users","perm":"*"},{"type":"zone","perm":"*"}],"op_mask":"read, write, delete","default_placement":"","placement_tags":[],"bucket_quota":{"enabled":false,"max_size_kb":-1,"max_objects":-1},"user_quota":{"enabled":false,"max_size_kb":-1,"max_objects":-1},"temp_url_keys":[],"attrs":[{"key":"user.rgw.idtag","val":""},{"key":"user.rgw.manifest","val":""}]}}

bucket的metadata

GET /admin/metadata/bucket?format=json&key=bababa HTTP/1.1
Host: yuliyangdebugweb68.tunnel.qydev.com
User-Agent: python-requests/2.10.0
Accept: */*
Accept-Encoding: gzip, deflate
Authorization: AWS testcaps3:YrRXMsS6SRDJ2QeGSGyT+UBNkNU=
Connection: keep-alive
Date: Wed, 27 Jul 2016 02:38:33 GMT


HTTP/1.1 200 OK
Content-Length: 470
Connection: Keep-Alive
Content-Type: application/json
Date: Wed, 27 Jul 2016 02:35:59 GMT
X-Amz-Request-Id: tx000000000000000000343-0057981e0f-a8f9f-default

{"key":"bucket:bababa","ver":{"tag":"_8KAo6w6VPo5fhGtzTvxwRaE","ver":1},"mtime":"2016-07-24 23:43:19.214419Z","data":{"bucket":{"name":"bababa","pool":"default.rgw.buckets.data","data_extra_pool":"default.rgw.buckets.non-ec","index_pool":"default.rgw.buckets.index","marker":"b74b128b-eac1-4f3a-a5ca-60536d190664.694099.2","bucket_id":"b74b128b-eac1-4f3a-a5ca-60536d190664.694099.2"},"owner":"date2","creation_time":"0.000000","linked":"true","has_bucket_info":"false"}}

cap為metadata=write

該cap的用戶可以設置user 和 bucket的metadata

$ radosgw-admin metadata put bucket.instance:widodh:default.20111.1 < bucket.json

PUT /admin/metadata/bucket?key=bababa HTTP/1.1
Host: yuliyangdebugweb68.tunnel.qydev.com
User-Agent: python-requests/2.10.0
Content-Length: 454
Accept: */*
Accept-Encoding: gzip, deflate
Authorization: AWS testcaps3:6EjaVjvYDQlOpFA4qK1wnazXy4A=
Connection: keep-alive
Content-Type: application/json
Date: Wed, 27 Jul 2016 02:45:39 GMT

{"key":"bucket:bababa","ver":{"tag":"_8KAo6w6VPo5fhGtzTvxwRaE","ver":1},"mtime":"2016-07-24 23:43:19.214419Z","data":{"bucket":{"name":"bababa","pool":"yuliyang","data_extra_pool":"default.rgw.buckets.non-ec","index_pool":"default.rgw.buckets.index","marker":"b74b128b-eac1-4f3a-a5ca-60536d190664.694099.2","bucket_id":"b74b128b-eac1-4f3a-a5ca-60536d190664.694099.2"},"owner":"date2","creation_time":"0.000000","linked":"true","has_bucket_info":"false"}}

[root@ceph03 ~]# radosgw-admin metadata get bucket:bababa
{
    "key": "bucket:bababa",
    "ver": {
        "tag": "_8KAo6w6VPo5fhGtzTvxwRaE",
        "ver": 1
    },
    "mtime": "2016-07-24 23:43:19.214419Z",
    "data": {
        "bucket": {
            "name": "bababa",
            "pool": "yuliyang",
            "data_extra_pool": "default.rgw.buckets.non-ec",
            "index_pool": "default.rgw.buckets.index",
            "marker": "b74b128b-eac1-4f3a-a5ca-60536d190664.694099.2",
            "bucket_id": "b74b128b-eac1-4f3a-a5ca-60536d190664.694099.2"
        },
        "owner": "date2",
        "creation_time": "0.000000",
        "linked": "true",
        "has_bucket_info": "false"
    }
}

cap為zone=read

有該cap的用戶何以通ADMIN REST API 過獲取zone信息

獲取zone
[root@ceph03 ~]# radosgw-admin zone get  --rgw-zone=default 
{
    "id": "b74b128b-eac1-4f3a-a5ca-60536d190664",
    "name": "default",
    "domain_root": "default.rgw.data.root",
    "control_pool": "default.rgw.control",
    "gc_pool": "default.rgw.gc",
    "log_pool": "default.rgw.log",
    "intent_log_pool": "default.rgw.intent-log",
    "usage_log_pool": "default.rgw.usage",
    "user_keys_pool": "default.rgw.users.keys",
    "user_email_pool": "default.rgw.users.email",
    "user_swift_pool": "default.rgw.users.swift",
    "user_uid_pool": "default.rgw.users.uid",
    "system_key": {
        "access_key": "",
        "secret_key": ""
    },
    "placement_pools": [
        {
            "key": "default-placement",
            "val": {
                "index_pool": "default.rgw.buckets.index",
                "data_pool": "default.rgw.buckets.data",
                "data_extra_pool": "default.rgw.buckets.non-ec",
                "index_type": 0
            }
        }
    ],
    "metadata_heap": "default.rgw.meta",
    "realm_id": ""
}

獲取zonegroup
[root@node1 ~]# radosgw-admin zonegroup-map get   --rgw-zonegroup=de              
{
    "zonegroups": [
        {
            "key": "b47af7c7-e2d8-4b62-8966-b5b6de0bddc3",
            "val": {
                "id": "b47af7c7-e2d8-4b62-8966-b5b6de0bddc3",
                "name": "de",
                "api_name": "de",
                "is_master": "true",
                "endpoints": [
                    "http:\/\/192.168.10.10:7480"
                ],
                "hostnames": [],
                "hostnames_s3website": [],
                "master_zone": "426f76bd-bb22-4098-b064-ae28b8357bb0",
                "zones": [
                    {
                        "id": "426f76bd-bb22-4098-b064-ae28b8357bb0",
                        "name": "nue",
                        "endpoints": [],
                        "log_meta": "true",
                        "log_data": "false",
                        "bucket_index_max_shards": 0,
                        "read_only": "false"
                    }
                ],
                "placement_targets": [
                    {
                        "name": "default-placement",
                        "tags": []
                    }
                ],
                "default_placement": "default-placement",
                "realm_id": "f1574551-03e7-4739-a136-9670c62b46c1"
            }
        }
    ],
    "master_zonegroup": "b47af7c7-e2d8-4b62-8966-b5b6de0bddc3",
    "bucket_quota": {
        "enabled": false,
        "max_size_kb": -1,
        "max_objects": -1
    },
    "user_quota": {
        "enabled": false,
        "max_size_kb": -1,
        "max_objects": -1
    }
}

+++++++++++++++++++++++++++++++請求URL++++++++++++++++++++++++++++++++
獲取zonegroup的url
< GET /admin/config HTTP/1.1
< Host: 192.168.10.10:7480
< Connection: keep-alive
< Accept-Encoding: gzip, deflate
< Accept: */*
< User-Agent: python-requests/2.10.0
< date: Wed, 27 Jul 2016 07:30:10 GMT
< Authorization: AWS admin:i1P7+FvmhMBlQ/gaUDtwe4QZ424=
< 

> HTTP/1.1 200 OK
> x-amz-request-id: tx000000000000000000005-00579862e5-d7d96-nue
> Content-Length: 803
> Date: Wed, 27 Jul 2016 07:29:41 GMT
> Connection: Keep-Alive
> 
{"regions":[{"key":"b47af7c7-e2d8-4b62-8966-b5b6de0bddc3","val":{"id":"b47af7c7-e2d8-4b62-8966-b5b6de0bddc3","name":"de","api_name":"de","is_master":"true","endpoints":["http:\/\/192.168.10.10:7480"],"hostnames":[],"hostnames_s3website":[],"master_zone":"426f76bd-bb22-4098-b064-ae28b8357bb0","zones":[{"id":"426f76bd-bb22-4098-b064-ae28b8357bb0","name":"nue","endpoints":[],"log_meta":"true","log_data":"false","bucket_index_max_shards":0,"read_only":"false"}],"placement_targets":[{"name":"default-placement","tags":[]}],"default_placement":"default-placement","realm_id":"f1574551-03e7-4739-a136-9670c62b46c1"}}],"master_region":"b47af7c7-e2d8-4b62-8966-b5b6de0bddc3","bucket_quota":{"enabled":false,"max_size_kb":-1,"max_objects":-1},"user_quota":{"enabled":false,"max_size_kb":-1,"max_objects":-1}}

cap為zone=write

有該cap權限的用戶可以修改zone相關的信息

PUT  /admin/config HTTP/1.1
body體內(nèi)容為json格式

注意：可以通過ADMIN REST API 修改zone等信息，實現(xiàn)bucket與pool的綁定，而不用命令行來進行bucket與pool的綁定操作

上述就是小編為大家分享的rgw用戶中的caps指的是什么了，如果剛好有類似的疑惑，不妨參照上述分析進行理解。如果想知道更多相關知識，歡迎關注億速云行業(yè)資訊頻道。

向AI問一下細節(jié)