leofs icon indicating copy to clipboard operation
leofs copied to clipboard
verified publisher icon leo-project

Multitenancy support in the future

Open pannon opened this issue 9 years ago • 6 comments

This is more or less just a theoretical question touching on future plans and whether multitenancy is on the roadmap. Also as of now, could this be implemented by a relatively low touch code addition or would this require major refactoring of LeoFS?

This could be something a lot of potential (large) adopters are looking for.

Thanks in advance.

pannon avatar Dec 26 '16 04:12 pannon

@pannon You're able to separately manage user's objects with a bucket, and which already realizes access control.

LeoFS' Commands

  • Create a user
$ leofs-adm create-user test_account password
access-key-id: be8111173c8218aaf1c3
secret-access-key: 929b09f9b794832142c59218f2907cd1c35ac163
  • Get users
$ leofs-adm get-users
user_id     | access_key_id          | created_at
------------+------------------------+---------------------------
_test_leofs | 05236                  | 2012-12-07 10:27:39 +0900
leo         | 39bbad4f3b837ed209fb   | 2012-12-07 10:27:39 +0900
  • Update ACL of a user
$ leofs-adm update-acl photo 05236 private
ok
$ leofs-adm update-acl photo 05236 public-read
ok
$ leofs-adm update-acl photo 05236 public-read-write
ok

yosukehara avatar Dec 27 '16 00:12 yosukehara

@pannon let us clarify that what multi-tenancy exactly means? as @yosukehara said at the above comment, we've provided only bucket-level multi-tenancy but maybe what you call multi-tenancy is like Riak S2 provides (more high level features

  • User Creation
  • Credential Management
  • Dedicated Storage (physically separated from others
  • and much more!

right? if so, it's definitely attractive especially for kinda cloud players. so it would be great if you tell us which features you actually want.

mocchira avatar Dec 27 '16 03:12 mocchira

@mocchira, sorry I wasn't clear enough previously - yes I meant multitenancy similar to Riak S2.

@yosukehara we use bucket/user level separation already, but in some cases it would be more desirable to have some form of an organisation/department/environment separation with sub-users.

Right now the only way to somewhat achieve this is to set up multiple separated clusters.

pannon avatar Dec 27 '16 05:12 pannon

@pannon I've understood your request totally. We'll consider that at beginning of the next month, then I'll share the plan on here.

yosukehara avatar Dec 27 '16 07:12 yosukehara

@pannon We're going to consider again this issue from next week since v1.3.5 was released.

yosukehara avatar Aug 17 '17 07:08 yosukehara

Have there been any recent changes relating to multi-tenancy? Is this possible yet?

OldhamMade avatar Dec 02 '20 12:12 OldhamMade