Re: admin user for the object gateway?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

nope, doesn't work...

I have an admin user... with the right caps.



{ "user_id": "admin2",
  "display_name": "Admin 2admin",
  "email": "",
  "suspended": 0,
  "max_buckets": 1000,
  "auid": 0,
  "subusers": [],
  "keys": [
        { "user": "admin2",
          "access_key": "1DNQ2FK80XQZJMB14W1C",
          "secret_key": "BJDKNhMnCc4Cib+3QIdSGMR4yOE0YVJVS9HCuAmW"},
        { "user": "admin2",
          "access_key": "KXH0BM1IQ9CP24IB9IP9",
          "secret_key": "wbtya+dX505X7zdfKKh926nbbRtBnLW8ghHAQo9j"}],
  "swift_keys": [],
  "caps": [
        { "type": "buckets",
          "perm": "*"},
        { "type": "usage",
          "perm": "*"},
        { "type": "users",
          "perm": "*"}],
  "op_mask": "read, write, delete",
  "default_placement": "",
  "placement_tags": [],
  "bucket_quota": { "enabled": false,
      "max_size_kb": -1,
      "max_objects": -1}}

but.... 

./s3curl.pl --id=admin -- http://162.243.33.180/admin/user

gives me 

{"Code":"AccessDenied"}

however... I CAN use 

./s3curl.pl --id=admin -- http://162.243.33.180/admin/bucket

and it gives me. 

["files.wyaeld.com","private.wyaeld.com"]

which are the 2 buckets in the system.

Any ideas on what is going on?


On Fri, Dec 20, 2013 at 7:47 PM, JuanJose Galvez <juanjose.galvez@xxxxxxxxxxx> wrote:
On 12/19/2013 2:02 PM, Blair Nilsson wrote:
How do find or create a user that can use the admin operations for the object gateway? 

The manual says "Some operations require that the user holds special administrative capabilities."

But I can't find if there is a pre setup user with these, or how to create one myself.
You would need to create the user. As an example I just created the following on my cluster:

radosgw-admin user create --uid=admin --display-name="JuanJose Galvez" --caps="usage=read, write; users=read, write; buckets=read, write;"

You'll notice in the output that it has the following capabilities which normal users do not have:

  "caps": [
        { "type": "buckets",
          "perm": "*"},
        { "type": "usage",
          "perm": "*"},
        { "type": "users",
          "perm": "*"}],

I hope that helps. If you need more information on the API and what caps are needed for which functions that is found over here: http://ceph.com/docs/master/radosgw/adminops/





_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com



-- 
JuanJose "JJ" Galvez
Professional Services
Inktank Storage, Inc.
LinkedIn: http://www.linkedin.com/in/jjgalvez

_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com


_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]

  Powered by Linux