This is an internal documentation. There is a good chance you’re looking for something else. See Disclaimer.

S3 User for Developers

This document describes how to create a user account for a developer and how to set ACLs and policies properly.

Naming Convention for Developers

S3 user name

dev-${EMPLOYEE_SHORT_NAME} (see Employee Short Name)

Note

The prefix dev- is used by Ansible to recognize developers and grant permissions accordingly.

Create Account

Users can be created via REST API. $ACCESS_TOKEN correspond to cloudscale_write_api_token in secrets2.yml. Here an example using curl:

curl -i -H "Authorization: Bearer ${ACCESS_TOKEN}" -F display_name=${NEW_USERNAME} https://api.cloudscale.ch/v1/objects-users

Tip

API documentation can be found here

Remove Account

Get a list of all user accounts:

curl -i -H 'Authorization: Bearer ${ACCESS_TOKEN}' https://api.cloudscale.ch/v1/objects-users

Delete the specific user based on his id:

$ curl -i -H 'Authorization: Bearer ${ACCESS_TOKEN}' -X DELETE https://api.cloudscale.ch/v1/objects-users/${USER_ID}

Obtain the Access and Security Keys

The Access Key and Secret Key values correspond to the s3.main.accessKeyId and s3.main.secretAccessKey, respectively, within the s3.properties file.

See also S3 Storage Design Overview.

Set Permissions via Ansible

Permissions are set by Ansible automatically. It detects user accounts of developers based on the dev- prefix in their name:

$ cd ${ANSIBLE_GIT_REPO}/tocco
$ ansible-playbook playbook.yml -t s3

See also: Ansibile: Usage