Hi Valery Tschopp writes: > Hi guys, > > We have integrated our radosgw (v0.80.7) with our OpenStack Keystone > server (icehouse) successfully. > > The "normal" S3 operations can be executed with the Keystone user's EC2 > credentials (EC2_ACCESS_KEY, EC2_SECRET_KEY). The radosgw correctly > handles these user credentials, ask keystone to validate them, and the > resulting objects belong to the Keystone tenant/project or the user > (user is member of the tenant/project). > > But for the "Browser-based upload POST" [1] it doesn't work! The user is > not correctly resolved, and the radosgw returns a 403 code! > > It looks like the s3 keystone integration doesn't work correctly when a > S3 browser-based upload POST is used. > > See the attached log file (radosgw.log), you can clearly see the user > lookup failing, and the status being set to 403: > > > 2015-01-29 15:11:30.151157 7f25616fa700 0 User lookup failed! > 2015-01-29 15:11:30.151171 7f25616fa700 15 Read > RGWCORSConfiguration<CORSConfiguration><CORSRule><AllowedMethod>POST</AllowedMethod><AllowedOrigin>https://staging.tube.switch.ch</AllowedOrigin><AllowedHeader>*</AllowedHeader></CORSRule></CORSConfiguration> > 2015-01-29 15:11:30.151184 7f25616fa700 10 Method POST is supported > 2015-01-29 15:11:30.151195 7f25616fa700 2 req 1123:0.013204:s3:POST > /:post_obj:http status=403 > > > Is this a bug? Or did we miss something else? Looks like you may be hitting http://tracker.ceph.com/issues/10062, where s3 POST requests were failing with keystone. There is a patch that is merged in master[1] that addresses this. We would also love to see this ported back to firefly/giant. [1] https://github.com/ceph/ceph/pull/3251 Regards -- Abhishek
Attachment:
signature.asc
Description: PGP signature
