This is an internal documentation. There is a good chance you’re looking for something else. See Disclaimer.
S3 User for Developers¶
This document describes how to create a user account for a developer and how to set ACLs and policies properly.
Naming Convention for Developers¶
S3 user name |
dev-${EMPLOYEE_SHORT_NAME} (see Employee Short Name) |
Note
The prefix dev-
is used by Ansible to recognize developers and grant
permissions accordingly.
Create Account¶
Users can be created via REST API. $ACCESS_TOKEN correspond to
cloudscale_write_api_token in secrets2.yml. Here an example using curl
:
curl -i -H "Authorization: Bearer ${ACCESS_TOKEN}" -F display_name=${NEW_USERNAME} https://api.cloudscale.ch/v1/objects-users
Tip
API documentation can be found here
Remove Account¶
Get a list of all user accounts:
curl -i -H 'Authorization: Bearer ${ACCESS_TOKEN}' https://api.cloudscale.ch/v1/objects-users
Delete the specific user based on his id:
$ curl -i -H 'Authorization: Bearer ${ACCESS_TOKEN}' -X DELETE https://api.cloudscale.ch/v1/objects-users/${USER_ID}
Obtain the Access and Security Keys¶
The Access Key and Secret Key values correspond to the s3.main.accessKeyId
and
s3.main.secretAccessKey
, respectively, within the s3.properties
file.
See also S3 Storage Design Overview.
Set Permissions via Ansible¶
Permissions are set by Ansible automatically. It detects user accounts of developers
based on the dev-
prefix in their name:
$ cd ${ANSIBLE_GIT_REPO}/tocco
$ ansible-playbook playbook.yml -t s3
See also: Ansibile: Usage