The Ceph S3 has feature to assign tags—custom key-value pairs—to various resources such as objects, buckets, and roles. This tagging feature allows users to organize resources according to their needs. Once tagged, attribute-based access control (ABAC) can control access to these resources.
Before you begin, ensure you have the following tools installed:
s3cmd
awscli
To create a new bucket, use the following command:
root@client-01:~# s3cmd mb s3://my-test-bucket
Upload your objects to the newly created bucket using:
root@client-01:~# s3cmd put file-01.txt s3://my-test-bucket
upload: 'file-01.txt' -> 's3://my-test-bucket/file-01.txt' [1 of 1]
1048576 of 1048576 100% in 0s 24.81 MB/s done
Substitute path/to/your/file with the path to your local file and your-bucket-name
with the name of your bucket.
root@client-01:~# aws s3api get-object-tagging --bucket my-test-bucket --key file-01.txt --endpoint-url http://192.168.1.32:8001
{
"TagSet": []
}
Replace your-bucket-name
with your bucket name and your-object-key
with the key of the object.
To assign a tag to an object, use the following command:
root@client-01:~# aws s3api put-object-tagging --bucket my-test-bucket --key file-01.txt --tagging '{"TagSet": [{ "Key": "designation", "Value": "confidential" }]}' --endpoint-url http://192.168.1.32:8001
To verify that the object has been tagged, use:
root@client-01:~# aws s3api get-object-tagging --bucket my-test-bucket --key file-01.txt --endpoint-url http://192.168.1.32:8001
{
"TagSet": [
{
"Key": "designation",
"Value": "confidential"
}
]
}
This command will display the tags associated with the object.