注意
本文档适用于 Ceph 的开发版本。
Ceph 对象网关 IAM API
Squid 版本新增。
Ceph 对象网关支持 Amazon IAM API 的一个子集,用于通过 RESTful 方式管理账户用户、角色和相关策略。
此 REST API 由与 Ceph 对象网关 S3 API 相同的 HTTP 端点提供服务。
功能支持
下表描述了当前支持的 IAM 操作。
用户
操作 |
备注 |
|---|---|
CreateUser |
|
GetUser |
|
UpdateUser |
|
DeleteUser |
|
ListUsers |
|
CreateAccessKey |
|
UpdateAccessKey |
|
DeleteAccessKey |
|
ListAccessKeys |
|
PutUserPolicy |
|
GetUserPolicy |
|
DeleteUserPolicy |
|
ListUserPolicies |
|
AttachUserPolicies |
|
DetachUserPolicy |
|
ListAttachedUserPolicies |
组
操作 |
备注 |
|---|---|
CreateGroup |
|
GetGroup |
|
UpdateGroup |
|
DeleteGroup |
|
ListGroups |
|
AddUserToGroup |
|
RemoveUserFromGroup |
|
ListGroupsForUser |
|
PutGroupPolicy |
|
GetGroupPolicy |
|
DeleteGroupPolicy |
|
ListGroupPolicies |
|
AttachGroupPolicies |
|
DetachGroupPolicy |
|
ListAttachedGroupPolicies |
角色
操作 |
备注 |
|---|---|
CreateRole |
|
GetRole |
|
UpdateRole |
|
UpdateAssumeRolePolicy |
|
DeleteRole |
|
ListRoles |
|
TagRole |
|
UntagRole |
|
ListRoleTags |
|
PutRolePolicy |
|
GetRolePolicy |
|
DeleteRolePolicy |
|
ListRolePolicies |
|
AttachRolePolicies |
|
DetachRolePolicy |
|
ListAttachedRolePolicies |
OpenIDConnectProvider
操作 |
备注 |
|---|---|
CreateOpenIDConnectProvider |
|
GetOpenIDConnectProvider |
|
DeleteOpenIDConnectProvider |
|
ListOpenIDConnectProviders |
账户
操作 |
备注 |
|---|---|
GetAccountSummary |
托管策略
以下托管策略可用于 AttachGroupPolicy、AttachRolePolicy 和 AttachUserPolicy
- IAMFullAccess
- Arn:
arn:aws:iam::aws:policy/IAMFullAccess- Version:
v2 (default)
- IAMReadOnlyAccess
- Arn:
arn:aws:iam::aws:policy/IAMReadOnlyAccess- Version:
v4 (default)
- AmazonSNSFullAccess
- Arn:
arn:aws:iam::aws:policy/AmazonSNSFullAccess- Version:
v1 (default)
- AmazonSNSReadOnlyAccess
- Arn:
arn:aws:iam::aws:policy/AmazonSNSReadOnlyAccess- Version:
v1 (default)
- AmazonS3FullAccess
- Arn:
arn:aws:iam::aws:policy/AmazonS3FullAccess- Version:
v2 (default)
- AmazonS3ReadOnlyAccess
- Arn:
arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess- Version:
v3 (default)