ok i am using Jewel vershion
when i try setting permissions using s3cmd or an php script using s3client
i get the error
<?xml version="1.0" encoding="UTF-8"?><Error><Code>InvalidArgument</Code><BucketName>test_bucket</BucketName><RequestId> (truncated...)
InvalidArgument (client): - <?xml version="1.0" encoding="UTF-8"?><Error><Code>InvalidArgument</Code><BucketName>test_bucket</BucketName><RequestId>tx00000000
000000000000a-005a005b91-109f-default</RequestId><HostId>109f-default-default</HostId></Error>
in the log on the s3 server i get
2017-11-06 12:54:41.987704 7f67a9feb700 0 failed to parse input: {
"Version": "2012-10-17",
"Statement": [
{
"Sid": "usr_upload_can_write",
"Effect": "Allow",
"Principal": {"AWS": ["arn:aws:iam:::user/test"]},
"Action": ["s3:ListBucket", "s3:PutObject"],
"Resource": ["arn:aws:s3:::test_bucket"]
}
2017-11-06 12:54:41.988219 7f67a9feb700 1 ====== req done req=0x7f67a9fe57e0 op status=-22 http_status=400 ======
Any advice on this one
On Fri, Nov 3, 2017 at 9:54 PM, Adam C. Emerson <aemerson@xxxxxxxxxx> wrote:
On 03/11/2017, Simon Leinen wrote:
[snip]
> Is this supported by the Luminous version of RadosGW?
Yes! There's a few bugfixes in master that are making their way into
Luminous, but Luminous has all the features at present.
> (Or even Jewel?)
No!
> Does this work with Keystone integration, i.e. can we refer to Keystone
> users as principals?
In principle probably. I haven't tried it and I don't really know much
about Keystone at present. It is hooked into the various
IdentityApplier classes and if RGW thinks a Keystone user is a 'user'
and you supply whatever RGW thinks its username is, then it should
work fine. I haven't tried it, though.
> Let's say there are many read-only users rather than just one. Would we
> simply add a new clause under "Statement" for each such user, or is
> there a better way? (I understand that RadosGW doesn't support groups,
> which could solve this elegantly and efficiently.)
If you want to give a large number of users the same permissions, just
put them all in the Principal array.
--
Senior Software Engineer Red Hat Storage, Ann Arbor, MI, US
IRC: Aemerson@OFTC, Actinic@Freenode
0x80F7544B90EDBFB9 E707 86BA 0C1B 62CC 152C 7C12 80F7 544B 90ED BFB9
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph. com
_______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
