The Ceph Admin REST API is producing SignatureDoesNotMatch access denied errors when attempting to make a request for the user's key sub-resource. Both PUT and DELETE actions for the /admin/user?key resource are failing even though the string to sign on the client and the one returned by the server are identical.
###
# Requesting: GET /admin/user?uid=C1
###
### START String To Sign from Request ###
GET
application/x-www-form-urlencoded
Fri, 10 Jul 2015 17:42:47 GMT
/admin/user
### END String to Sign ###
### START CURL VERBOSE ###
* Trying 1.2.3.4...
* Connected to s3.example.com (1.2.3.4) port 443 (#0)
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* Server certificate:
* subject: OU=Domain Control Validated; OU=COMODO SSL Wildcard; CN=*.s3.example.com
* start date: 2015-06-22 00:00:00 GMT
* expire date: 2016-06-21 23:59:59 GMT
* issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO RSA Domain Validation Secure Ser
ver CA
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
> GET /admin/user?uid=C1 HTTP/1.1
User-Agent: aws-sdk-php/1.6.2 PHP/5.6.8 curl/7.40.0 openssl/1.0.1m
Host: s3.example.com
Accept: */*
Accept-Encoding: gzip, deflate
Referer: https://s3.example.com/admin/user?uid=C1
Content-Type: application/x-www-form-urlencoded
Date: Fri, 10 Jul 2015 17:42:47 GMT
Authorization: AWS 27K8RGLQBN8K6G5PV3RS:Y8hxsK3lsVsXIBVsECY6iiMXQok=
Content-Length: 0
< HTTP/1.1 200 OK
< Server: Tengine/2.1.0
< Date: Fri, 10 Jul 2015 17:42:44 GMT
< Content-Type: application/json
< Transfer-Encoding: chunked
< Connection: keep-alive
<
* Connection #0 to host s3.example.com left intact
### END CURL VERBOSE ###
### START Response Dump ###
CFResponse Object
(
[header] => Array
(
[server] => Tengine/2.1.0
[date] => Fri, 10 Jul 2015 17:42:44 GMT
[content-type] => application/json
[transfer-encoding] => chunked
[connection] => keep-alive
[_info] => Array
(
[url] => https://s3.example.com/admin/user?uid=C1
[content_type] => application/json
[http_code] => 200
[header_size] => 163
[request_size] => 422
[filetime] => -1
[ssl_verify_result] => 20
[redirect_count] => 0
[total_time] => 1.341
[namelookup_time] => 0
[connect_time] => 0.046
[pretransfer_time] => 1.279
[size_upload] => 0
[size_download] => 341
[speed_download] => 254
[speed_upload] => 0
[download_content_length] => -1
[upload_content_length] => 0
[starttransfer_time] => 1.341
[redirect_time] => 0
[redirect_url] =>
[primary_ip] => 1.2.3.4
[certinfo] => Array
(
)
[primary_port] => 443
[local_ip] => 192.168.2.12
[local_port] => 64078
[method] => GET
)
[x-aws-request-url] => https://s3.example.com/admin/user?uid=C1
[x-aws-redirects] => 0
[x-aws-stringtosign] => GET
application/x-www-form-urlencoded
Fri, 10 Jul 2015 17:42:47 GMT
/admin/user
[x-aws-requestheaders] => Array
(
[Content-Type] => application/x-www-form-urlencoded
[Date] => Fri, 10 Jul 2015 17:42:47 GMT
[Authorization] => AWS 27K8RGLQBN8K6G5PV3RS:Y8hxsK3lsVsXIBVsECY6iiMXQok=
[Expect] =>
)
)
[body] => CFSimpleXML Object
(
[user_id] => C1
[display_name] => C1
[email] => CFSimpleXML Object
(
)
[suspended] => 0
[max_buckets] => 1000
[subusers] => CFSimpleXML Object
(
)
[keys] => Array
(
[0] => CFSimpleXML Object
(
[user] => C1
[access_key] => ANNMJKDEZ2RN60I03GI9
[secret_key] => E5ACgu28+AP1u7z4+qbKeIfEtsaAFVrBKSgTAupE
)
[1] => CFSimpleXML Object
(
[user] => C1
[access_key] => IQAEY8F8CFIR7XG4CAGB
[secret_key] => hfr89xH5C01VCNNwv3wkMT5+JmsXrSwjXnB55ttS
)
)
[swift_keys] => CFSimpleXML Object
(
)
[caps] => CFSimpleXML Object
(
)
)
[status] => 200
)
### END Response Dump ###
#####################################################################################################
###
# Requesting: DELETE /admin/user?key&uid=C1&access-key=ANNMJKDEZ2RN60I03GI9
###
### START String To Sign from Request ###
DELETE
application/x-www-form-urlencoded
Fri, 10 Jul 2015 17:42:48 GMT
/admin/user?key
### END String to Sign ###
### START CURL VERBOSE ###
* Hostname s3.example.com was found in DNS cache
* Trying 1.2.3.4...
* Connected to s3.example.com (1.2.3.4) port 443 (#0)
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* Server certificate:
* subject: OU=Domain Control Validated; OU=COMODO SSL Wildcard; CN=*.s3.example.com
* start date: 2015-06-22 00:00:00 GMT
* expire date: 2016-06-21 23:59:59 GMT
* issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO RSA Domain Validation Secure Ser
ver CA
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
> DELETE /admin/user?key&uid=C1&access-key=ANNMJKDEZ2RN60I03GI9 HTTP/1.1
User-Agent: aws-sdk-php/1.6.2 PHP/5.6.8 curl/7.40.0 openssl/1.0.1m
Host: s3.example.com
Accept: */*
Accept-Encoding: gzip, deflate
Referer: https://s3.example.com/admin/user?key&uid=C1&access-key=ANNMJKDEZ2RN60I03GI9
Content-Type: application/x-www-form-urlencoded
Date: Fri, 10 Jul 2015 17:42:48 GMT
Authorization: AWS 27K8RGLQBN8K6G5PV3RS:vojakYdp1RqR3JYX5g5P6ny0vMc=
Content-Length: 0
< HTTP/1.1 403 Forbidden
< Server: Tengine/2.1.0
< Date: Fri, 10 Jul 2015 17:42:44 GMT
< Content-Type: application/json
< Content-Length: 32
< Connection: keep-alive
< Accept-Ranges: bytes
* HTTP error before end of send, stop sending
<
* Closing connection 0
### END CURL VERBOSE ###
### START Response Dump ###
CFResponse Object
(
[header] => Array
(
[server] => Tengine/2.1.0
[date] => Fri, 10 Jul 2015 17:42:44 GMT
[content-type] => application/json
[content-length] => 32
[connection] => keep-alive
[accept-ranges] => bytes
[_info] => Array
(
[url] => https://s3.example.com/admin/user?key&uid=C1&access-key=ANNMJKDEZ2RN60I03GI9
[content_type] => application/json
[http_code] => 403
[header_size] => 184
[request_size] => 497
[filetime] => -1
[ssl_verify_result] => 20
[redirect_count] => 0
[total_time] => 0.312
[namelookup_time] => 0
[connect_time] => 0.062
[pretransfer_time] => 0.234
[size_upload] => 0
[size_download] => 32
[speed_download] => 102
[speed_upload] => 0
[download_content_length] => 32
[upload_content_length] => 0
[starttransfer_time] => 0.312
[redirect_time] => 0
[redirect_url] =>
[primary_ip] => 1.2.3.4
[certinfo] => Array
(
)
[primary_port] => 443
[local_ip] => 192.168.2.12
[local_port] => 64079
[method] => DELETE
)
[x-aws-request-url] => https://s3.example.com/admin/user?key&uid=C1&access-key=ANNMJKDEZ2RN60I03GI9
[x-aws-redirects] => 0
[x-aws-stringtosign] => DELETE
application/x-www-form-urlencoded
Fri, 10 Jul 2015 17:42:48 GMT
/admin/user?key
[x-aws-requestheaders] => Array
(
[Content-Type] => application/x-www-form-urlencoded
[Date] => Fri, 10 Jul 2015 17:42:48 GMT
[Authorization] => AWS 27K8RGLQBN8K6G5PV3RS:vojakYdp1RqR3JYX5g5P6ny0vMc=
[Expect] =>
)
)
[body] => CFSimpleXML Object
(
[Code] => SignatureDoesNotMatch
)
[status] => 403
)
### END Response Dump ###
# Requesting: GET /admin/user?uid=C1
###
### START String To Sign from Request ###
GET
application/x-www-form-urlencoded
Fri, 10 Jul 2015 17:42:47 GMT
/admin/user
### END String to Sign ###
### START CURL VERBOSE ###
* Trying 1.2.3.4...
* Connected to s3.example.com (1.2.3.4) port 443 (#0)
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* Server certificate:
* subject: OU=Domain Control Validated; OU=COMODO SSL Wildcard; CN=*.s3.example.com
* start date: 2015-06-22 00:00:00 GMT
* expire date: 2016-06-21 23:59:59 GMT
* issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO RSA Domain Validation Secure Ser
ver CA
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
> GET /admin/user?uid=C1 HTTP/1.1
User-Agent: aws-sdk-php/1.6.2 PHP/5.6.8 curl/7.40.0 openssl/1.0.1m
Host: s3.example.com
Accept: */*
Accept-Encoding: gzip, deflate
Referer: https://s3.example.com/admin/user?uid=C1
Content-Type: application/x-www-form-urlencoded
Date: Fri, 10 Jul 2015 17:42:47 GMT
Authorization: AWS 27K8RGLQBN8K6G5PV3RS:Y8hxsK3lsVsXIBVsECY6iiMXQok=
Content-Length: 0
< HTTP/1.1 200 OK
< Server: Tengine/2.1.0
< Date: Fri, 10 Jul 2015 17:42:44 GMT
< Content-Type: application/json
< Transfer-Encoding: chunked
< Connection: keep-alive
<
* Connection #0 to host s3.example.com left intact
### END CURL VERBOSE ###
### START Response Dump ###
CFResponse Object
(
[header] => Array
(
[server] => Tengine/2.1.0
[date] => Fri, 10 Jul 2015 17:42:44 GMT
[content-type] => application/json
[transfer-encoding] => chunked
[connection] => keep-alive
[_info] => Array
(
[url] => https://s3.example.com/admin/user?uid=C1
[content_type] => application/json
[http_code] => 200
[header_size] => 163
[request_size] => 422
[filetime] => -1
[ssl_verify_result] => 20
[redirect_count] => 0
[total_time] => 1.341
[namelookup_time] => 0
[connect_time] => 0.046
[pretransfer_time] => 1.279
[size_upload] => 0
[size_download] => 341
[speed_download] => 254
[speed_upload] => 0
[download_content_length] => -1
[upload_content_length] => 0
[starttransfer_time] => 1.341
[redirect_time] => 0
[redirect_url] =>
[primary_ip] => 1.2.3.4
[certinfo] => Array
(
)
[primary_port] => 443
[local_ip] => 192.168.2.12
[local_port] => 64078
[method] => GET
)
[x-aws-request-url] => https://s3.example.com/admin/user?uid=C1
[x-aws-redirects] => 0
[x-aws-stringtosign] => GET
application/x-www-form-urlencoded
Fri, 10 Jul 2015 17:42:47 GMT
/admin/user
[x-aws-requestheaders] => Array
(
[Content-Type] => application/x-www-form-urlencoded
[Date] => Fri, 10 Jul 2015 17:42:47 GMT
[Authorization] => AWS 27K8RGLQBN8K6G5PV3RS:Y8hxsK3lsVsXIBVsECY6iiMXQok=
[Expect] =>
)
)
[body] => CFSimpleXML Object
(
[user_id] => C1
[display_name] => C1
[email] => CFSimpleXML Object
(
)
[suspended] => 0
[max_buckets] => 1000
[subusers] => CFSimpleXML Object
(
)
[keys] => Array
(
[0] => CFSimpleXML Object
(
[user] => C1
[access_key] => ANNMJKDEZ2RN60I03GI9
[secret_key] => E5ACgu28+AP1u7z4+qbKeIfEtsaAFVrBKSgTAupE
)
[1] => CFSimpleXML Object
(
[user] => C1
[access_key] => IQAEY8F8CFIR7XG4CAGB
[secret_key] => hfr89xH5C01VCNNwv3wkMT5+JmsXrSwjXnB55ttS
)
)
[swift_keys] => CFSimpleXML Object
(
)
[caps] => CFSimpleXML Object
(
)
)
[status] => 200
)
### END Response Dump ###
#####################################################################################################
###
# Requesting: DELETE /admin/user?key&uid=C1&access-key=ANNMJKDEZ2RN60I03GI9
###
### START String To Sign from Request ###
DELETE
application/x-www-form-urlencoded
Fri, 10 Jul 2015 17:42:48 GMT
/admin/user?key
### END String to Sign ###
### START CURL VERBOSE ###
* Hostname s3.example.com was found in DNS cache
* Trying 1.2.3.4...
* Connected to s3.example.com (1.2.3.4) port 443 (#0)
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* Server certificate:
* subject: OU=Domain Control Validated; OU=COMODO SSL Wildcard; CN=*.s3.example.com
* start date: 2015-06-22 00:00:00 GMT
* expire date: 2016-06-21 23:59:59 GMT
* issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO RSA Domain Validation Secure Ser
ver CA
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
> DELETE /admin/user?key&uid=C1&access-key=ANNMJKDEZ2RN60I03GI9 HTTP/1.1
User-Agent: aws-sdk-php/1.6.2 PHP/5.6.8 curl/7.40.0 openssl/1.0.1m
Host: s3.example.com
Accept: */*
Accept-Encoding: gzip, deflate
Referer: https://s3.example.com/admin/user?key&uid=C1&access-key=ANNMJKDEZ2RN60I03GI9
Content-Type: application/x-www-form-urlencoded
Date: Fri, 10 Jul 2015 17:42:48 GMT
Authorization: AWS 27K8RGLQBN8K6G5PV3RS:vojakYdp1RqR3JYX5g5P6ny0vMc=
Content-Length: 0
< HTTP/1.1 403 Forbidden
< Server: Tengine/2.1.0
< Date: Fri, 10 Jul 2015 17:42:44 GMT
< Content-Type: application/json
< Content-Length: 32
< Connection: keep-alive
< Accept-Ranges: bytes
* HTTP error before end of send, stop sending
<
* Closing connection 0
### END CURL VERBOSE ###
### START Response Dump ###
CFResponse Object
(
[header] => Array
(
[server] => Tengine/2.1.0
[date] => Fri, 10 Jul 2015 17:42:44 GMT
[content-type] => application/json
[content-length] => 32
[connection] => keep-alive
[accept-ranges] => bytes
[_info] => Array
(
[url] => https://s3.example.com/admin/user?key&uid=C1&access-key=ANNMJKDEZ2RN60I03GI9
[content_type] => application/json
[http_code] => 403
[header_size] => 184
[request_size] => 497
[filetime] => -1
[ssl_verify_result] => 20
[redirect_count] => 0
[total_time] => 0.312
[namelookup_time] => 0
[connect_time] => 0.062
[pretransfer_time] => 0.234
[size_upload] => 0
[size_download] => 32
[speed_download] => 102
[speed_upload] => 0
[download_content_length] => 32
[upload_content_length] => 0
[starttransfer_time] => 0.312
[redirect_time] => 0
[redirect_url] =>
[primary_ip] => 1.2.3.4
[certinfo] => Array
(
)
[primary_port] => 443
[local_ip] => 192.168.2.12
[local_port] => 64079
[method] => DELETE
)
[x-aws-request-url] => https://s3.example.com/admin/user?key&uid=C1&access-key=ANNMJKDEZ2RN60I03GI9
[x-aws-redirects] => 0
[x-aws-stringtosign] => DELETE
application/x-www-form-urlencoded
Fri, 10 Jul 2015 17:42:48 GMT
/admin/user?key
[x-aws-requestheaders] => Array
(
[Content-Type] => application/x-www-form-urlencoded
[Date] => Fri, 10 Jul 2015 17:42:48 GMT
[Authorization] => AWS 27K8RGLQBN8K6G5PV3RS:vojakYdp1RqR3JYX5g5P6ny0vMc=
[Expect] =>
)
)
[body] => CFSimpleXML Object
(
[Code] => SignatureDoesNotMatch
)
[status] => 403
)
### END Response Dump ###
|
| ||
If you are not the intended recipient of this transmission you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. | |||
_______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
