Skip to content
Snippets Groups Projects
Select Git revision
  • development
  • master default protected
  • manual
  • access-pipeline
  • prototype
  • 1.1.0
  • 1.0.2
  • 1.0.1
  • 1.0.0
9 results
Compare
Name Last commit Last update
app
figures
scripts
.dockerignore
.gitignore
.gitlab-ci.yml
.pre-commit-config.yaml
CHANGELOG.md
Dockerfile
Dockerfile-Gunicorn
LICENSE
README.md
gunicorn_conf.py
pyproject.toml
requirements-dev.txt
requirements.txt
start_service_gunicorn.sh
start_service_uvicorn.sh
README.md

CloWM S3Proxy Service

Description

Openstack is shipping with an integrated UI to access the Object Store provided by Ceph. Unfortunately, this UI does not allow fine-grained control who can access a bucket or object. You can either make it accessible for everyone or nobody, but Ceph can do this and much more. 👎 This is the backend for a new UI which can leverage the additional powerful functionality provided by Ceph in a user-friendly manner. 👍

Feature Openstack Integration New UI
Create / Delete Buckets UI
Create / Delete Buckets CLI
Upload / Download Objects
Fine-grained Access Control

Concept

Visualization of Concept

Environment Variables

Mandatory / Recommended Variables

Variable Default Value Description
DB_HOST unset <db hostname / IP> IP or Hostname Address of DB
DB_PORT 3306 Number Port of the database
DB_USER unset <db username> Username of the database user
DB_PASSWORD unset <db password> Password of the database user
DB_DATABASE unset <db name> Name of the database
OBJECT_GATEWAY_URI unset HTTP URL HTTP URL of the Ceph Object Gateway
BUCKET_CEPH_ACCESS_KEY unset <access key> Access key for the Ceph Object Gateway user with unlimited buckets.
BUCKET_CEPH_SECRET_KEY unset <secret key> Secret key for the Ceph Object Gateway user with unlimited buckets.
BUCKET_CEPH_USERNAME unset <ceph username> ID of the user in ceph who owns all the buckets. Owner of BUCKET_CEPH_ACCESS_KEY
USER_CEPH_ACCESS_KEY unset <access key> Access key for the Ceph Object Gateway user with user:* privileges
USER_CEPH_SECRET_KEY unset <secret key> Secret key for the Ceph Object Gateway user with user:* privileges.
PUBLIC_KEY_VALUE / PUBLIC_KEY_FILE randomly generated Public Key / Path to Public Key Public part of RSA Key in PEM format to verify JWTs
OPA_URI unset HTTP URL HTTP URL of the OPA service
CLOWM_URL http://localhost:8080 HTTP URL HTTP URL of the CloWM website

Optional Variables

Variable Default Value Description
API_PREFIX /api URL path Prefix before every URL path
SQLALCHEMY_VERBOSE_LOGGER false <"true"&#x7c;"false"> Enables verbose SQL output.
Should be false in production
OPA_POLICY_PATH /clowm/authz/allow URL path Path to the OPA Policy for Authorization
OTLP_GRPC_ENDPOINT unset <hostname / IP> OTLP compatible endpoint to send traces via gRPC, e.g. Jaeger

License

The API is licensed under the Apache 2.0 license. See the License file for more information.