Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
This project is now read‑only. Starting Monday, February 2, please use https://ibm-ceph.atlassian.net/ for all bug tracking management.

Bug 2394369

Summary: [RFE] RGW Account-scope Ratelimits
Product: [Red Hat Storage] Red Hat Ceph Storage Reporter: Vidushi Mishra <vimishra>
Component: RGWAssignee: Matt Benjamin (redhat) <mbenjamin>
Status: CLOSED UPSTREAM QA Contact: Madhavi Kasturi <mkasturi>
Severity: high Docs Contact:
Priority: unspecified    
Version: 8.1CC: ceph-eng-bugs, cephqe-warriors
Target Milestone: ---Keywords: FutureFeature
Target Release: 9.1   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2026-03-04 09:55:14 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Vidushi Mishra 2025-09-10 11:55:36 UTC 
Description of problem:

During testing of RGW rate limits in Ceph v8.0 and v8.1, it was observed that RGW only supports user-scope and bucket-scope rate limits. The radosgw-admin ratelimit set command requires either --uid (user) or --bucket.

By contrast, account-level quotas are supported, but equivalent account-level rate limits are missing. 


As per the discussion in the Slack thread https://ibm-systems-storage.slack.com/archives/C04S5K7H0F2/p1757342657579499?thread_ts=1755276251.608929&cid=C04S5K7H0F2

Introduce Account-scope rate limits, aligned with existing account quotas, with clear attribution rules.

The enhancement aims to bring account-scope rate limits into RGW, aligning them with the existing account quota model and ensuring consistency for administrators. The idea is to establish clear attribution rules so that rate limits are not only enforceable but also flexible enough to cover diverse real-world scenarios.

- The default behavior would be to attribute rate limits to the account that owns the role.

- Owning Account: By default, the account that owns the role would absorb the rate limits.

- Caller’s Account: In cross-account scenarios, it should be possible to charge usage to the calling account instead.

- Role itself: Rate limits could be applied directly at the role level, enabling finer granularity.

- Stable Session Tag (e.g., ExternalId): Rate limits could also be grouped and attributed based on session identifiers for consistency across assumptions.

- Requester Pays buckets: In cases where Requester Pays is enabled, rate limits should follow the requester’s account.

This approach would give administrators the control to apply limits in a way that matches their organizational policies while maintaining alignment with the quota framework.


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 Red Hat Bugzilla 2026-03-04 09:55:14 UTC 
This product has been discontinued or is no longer tracked in Red Hat Bugzilla.