Skip to content

Latest commit

 

History

History
37 lines (31 loc) · 2.01 KB

README.md

File metadata and controls

37 lines (31 loc) · 2.01 KB

Pion - Object Storage Service Gateway

Build Status

Features

  • Support S3 HTTP protocol.
  • Multi-tenancy: Pion supports multi-tenancy. Buckets in customer accounts are isolated. When logging in, users must provide the customer account they want to login to.
  • Unique bucket names among customers. It means if a customer already had a bucket name myawesomebucket, in the other customer account, you cannot create a bucket with that name anymore.
  • Default access/secret token lifetime is 90 days.

User management and Access Control

  • Customer account: is a group of users in one or multiple LDAP groups. Buckets among customers are isolated.
  • RBAC management: a user can be assigned to differet predefined roles in the account. For more detail, please see here.

Object Storage Service

The solution consists of following components:

  • Security Token Service: this service allows to create and verify tokens binding to authenticated users.
  • UI: the dashboard to manage user access keys and authorization policies (TBD). Users can login to the dashboard by their credentials.
  • Proxy: The proxy runs in front of the Minio cluster to authenticate (via STS) and authorize (via Authz service) incoming requests from clients (Minio client or AWS-CLI S3). Validated requests are forwarded to the upstream Minio cluster.
  • Authorization service: this service manages authorization policies for buckets. It has an authorization API endpoint serving request from the Proxy
  • Manager service: to manage public buckets, which can be accessed directly via URLs.

Deployment

Instructions for deploying Pion can be found here.

You can also find example deployment at k8s folder

Build

Requirements for building

  • Go (built with 1.12.4)
  • dep (v0.5.4) for dependency management.
  • UI: npm (v6.12.0), angular-cli (v7.0.3), Node (v11.14.0)

For detail, please find here.