Creating accounts with NamespaceStore file system configuration

Before you begin

Download the Multicloud Object Gateway (MCG) command-line interface:

subscription-manager repos --enable=rh-odf-4-for-rhel-8-x86_64-rpms
yum install mcg

About this task

You can either create a new account with NamespaceStore file system configuration or convert an existing normal account into a NamespaceStore file system account by editing the YAML.
Note: You cannot remove a NamespaceStore file system configuration from an account.

Procedure

Create a new account with NamespaceStore file system configuration by using the MCG command-line interface.
noobaa account create <noobaa-account-name> [flags]

For example:

noobaa account create testaccount --full_permission --nsfs_account_config --gid 10001 --uid 10001 –default_resource fs_namespacestore
allow_bucket_create Indicates whether the account is allowed to create new buckets. Supported values are true or false. Default value is true.
allowed_buckets A comma-separated list of bucket names to which the user is allowed to have access and management rights.
default_resource The NamespaceStore resource on which the new buckets will be created when using the S3 CreateBucket operation. The NamespaceStore must be backed by a rwx (ReadWriteMany) persistent volume claim (PVC).
full_permission Indicates whether the account should be allowed full permission or not. Supported values are true or false. Default value is false.
new_buckets_path The file system path where directories corresponding to new buckets will be created. The path is inside the file system of NamespaceStore file system PVCs where new directories are created to act as the file system mapping of newly created object bucket classes.
nsfs_account_config A mandatory field that indicates if the account is used for NamespaceStore file system.
nsfs_only Indicates whether the account is used only for NamespaceStore file system or not. Supported values are true or false. Default value is false. If it is set to 'true', it limits you from accessing other types of buckets.
uid The user ID of the file system to which the MCG account will be mapped and it is used to access and manage data on the file system.
gid The group ID of the file system to which the MCG account will be mapped and it is used to access and manage data on the file system.
The MCG system sends a response with the account configuration and its S3 credentials:
NooBaaAccount spec:
allow_bucket_creation: true
Allowed_buckets:
  full_permission: true
  permission_list: []
default_resource: noobaa-default-namespace-store
Nsfs_account_config:
  gid: 10001
  new_buckets_path: /
  nsfs_only: true
  uid: 10001
INFO[0006] ✅ Exists: Secret "noobaa-account-testaccount"
Connection info:
  AWS_ACCESS_KEY_ID      : <aws-access-key-id>
  AWS_SECRET_ACCESS_KEY  : <aws-secret-access-key>

What to do next

You can list all the custom resource definition (CRD) based accounts by using the following command:
noobaa account list
NAME          ALLOWED_BUCKETS   DEFAULT_RESOURCE               PHASE   AGE
testaccount   [*]               noobaa-default-backing-store   Ready   1m17s
If you are interested in a particular account, you can read its custom resource definition (CRD) directly by the account name:
oc get noobaaaccount/testaccount -o yaml
spec:
  allow_bucket_creation: true
  allowed_buckets:
    full_permission: true
    permission_list: []
  default_resource: noobaa-default-namespace-store
  nsfs_account_config:
    gid: 10001
    new_buckets_path: /
    nsfs_only: true
    uid: 10001