Skip to content
Snippets Groups Projects
Select Git revision
  • main default protected
  • v1.1.1 protected
  • v1.1.0 protected
  • v1.0.0 protected
4 results
Compare
Daniel Göbel's avatar
Set CORS rules for created buckets
Daniel Göbel authored 
When creating a bucket for a user, a CORS rule is set
to allow access to the bucket from the website

#59
5c4e550c
History
Daniel Göbel's avatar 5c4e550c
History
Name Last commit Last update
app
figures
scripts
.dockerignore
.flake8
.gitignore
.gitlab-ci.yml
.pre-commit-config.yaml
CHANGELOG.md
Dockerfile
Dockerfile-Gunicorn
README.md
pyproject.toml
requirements-dev.txt
requirements.txt
start_service.sh
README.md

CloWM S3Proxy Service

Description

Openstack is shipping with an integrated UI to access the Object Store provided by Ceph. Unfortunately, this UI does not allow fine-grained control who can access a bucket or object. You can either make it accessible for everyone or nobody, but Ceph can do this and much more. 👎 This is the backend for a new UI which can leverage the additional powerful functionality provided by Ceph in a user-friendly manner. 👍

Feature Openstack Integration New UI
Create / Delete Buckets UI
Create / Delete Buckets CLI
Upload / Download Objects
Fine-grained Access Control

Concept

Visualization of Concept

Environment Variables

Mandatory / Recommended Variables

Variable Default Value Description
DB_HOST unset <db hostname / IP> IP or Hostname Address of DB
DB_PORT 3306 Number Port of the database
DB_USER unset <db username> Username of the database user
DB_PASSWORD unset <db password> Password of the database user
DB_DATABASE unset <db name> Name of the database
OBJECT_GATEWAY_URI unset HTTP URL HTTP URL of the Ceph Object Gateway
BUCKET_CEPH_ACCESS_KEY unset <access key> Access key for the Ceph Object Gateway user with unlimited buckets.
BUCKET_CEPH_SECRET_KEY unset <secret key> Secret key for the Ceph Object Gateway user with unlimited buckets.
BUCKET_CEPH_USERNAME unset <ceph username> ID of the user in ceph who owns all the buckets. Owner of BUCKET_CEPH_ACCESS_KEY
USER_CEPH_ACCESS_KEY unset <access key> Access key for the Ceph Object Gateway user with user:* privileges
USER_CEPH_SECRET_KEY unset <secret key> Secret key for the Ceph Object Gateway user with user:* privileges.
PUBLIC_KEY_VALUE / PUBLIC_KEY_FILE randomly generated Public Key / Path to Public Key Public part of RSA Key in PEM format to verify JWTs
OPA_URI unset HTTP URL HTTP URL of the OPA service
CLOWM_URL http://localhost:8080 HTTP URL HTTP URL of the CloWM website

Optional Variables

Variable Default Value Description
API_PREFIX /api URL path Prefix before every URL path
BACKEND_CORS_ORIGINS [] json formatted list of urls List of valid CORS origins
SQLALCHEMY_VERBOSE_LOGGER false <"true"&#x7c;"false"> Enables verbose SQL output.
Should be false in production
OPA_POLICY_PATH /clowm/authz/allow URL path Path to the OPA Policy for Authorization