Skip to content
Snippets Groups Projects
Select Git revision
  • main default protected
  • v1.1.1 protected
  • v1.1.0 protected
  • v1.0.0 protected
4 results
Compare
Daniel Göbel's avatar
Merge branch 'development' into 'main'
Daniel Göbel authored 
First working version

See merge request denbi/object-storage-access!6
97e8ee85
History
Daniel Göbel's avatar 97e8ee85
History
Name Last commit Last update
alembic
app
ceph
figures
oidc_dev_example
scripts
traefik_dev
.dockerignore
.flake8
.gitignore
.gitlab-ci.yml
.pre-commit-config.yaml
DEVELOPING.md
Dockerfile
README.md
alembic.ini
pyproject.toml
requirements-dev.txt
requirements.txt
start_service.sh
tests-start.sh
README.md

S3 Proxy API

Description

Openstack is shipping with an integrated UI to access the Object Store provided by ceph. Unfortunately, this UI does not allow fine-grained control who can access a bucket or object. You can either make it accessible for everyone or nobody, but Ceph can do this and much more. 👎 This is the backend for a new UI which can leverage the additional powerful functionality provided by Ceph in a user-friendly manner. 👍

Feature Openstack Integration New UI
Create / Delete Buckets UI
Create / Delete Buckets CLI
Upload / Download Objects
Fine-grained Access Control

Concept

Visualization of Concept

Environment Variables

Mandatory / Recommended Variables

Variable Default Value Description
SECRET_KEY random <random key> Secret key to sign JWT
DB_HOST unset <db hostname / IP> IP or Hostname Adress of DB
DB_PORT 3306 Number Port of the database
DB_USER unset <db username> Username of the database user
DB_PASSWORD unset <db password> Password of the database user
DB_DATABASE unset <db name> Name of the database
OBJECT_GATEWAY_URI unset HTTP URL HTTP URL of the Ceph Object Gateway
CEPH_ACCESS_KEY unset <access key> Ceph access key with admin privileges
CEPH_SECRET_KEY unset <secret key> Ceph secret key with admin privileges
OIDC_CLIENT_ID unset <OIDC client id> Client ID from the OIDC provider
OIDC_CLIENT_SECRET unset <OIDC client secret> Client Secret from the OIDC provider
OIDC_BASE_URI unset HTTP URL HTTP URL of the OIDC Provider

Optional Variables

Variable Default Value Description
DOMAIN localhost string Domain under which the service will be hosted.
SSL_TERMINATION false <"true"&#x7c;"false"> Flag if the service runs behind a SSL termination proxy
API_PREFIX /api URL path Prefix before every URL path
JWT_TOKEN_EXPIRE_MINUTES 8 days number Minutes till a JWT expires
BACKEND_CORS_ORIGINS [] json formatted list of urls List of valid CORS origins
SQLALCHEMY_VERBOSE_LOGGER false <"true"&#x7c;"false"> Enables verbose SQL output.
Should be false in production
OIDC_META_INFO_PATH /.well-known/openid-configuration URL path Path to the OIDC configuration file
Will be concatenated with the OIDC_BASE_URI