I want to use the STS service to generate temporary credentials for use by third-party clients.
This is my configuration file:
[global]
fsid = 42a7cae1-84d1-423e-93f4-04b0736c14aa
mon_initial_members = admin, node1, node2, node3
mon_host = 192.168.199.81,192.168.199.82,192.168.199.83,192.168.199.84
auth_cluster_required = cephx
auth_service_required = cephx
auth_client_required = cephx
osd pool default size = 2
[client.rgw.admin]
rgw sts key = "1234567890"
rgw s3 auth use sts = true
When I execute the getSessionToken method, return a 403 error:
<Error>
<Code>AccessDenied</Code>
<RequestId>tx00000000000000000000d-005c7d07ed-3a3c-default</RequestId>
<HostId>3a3c-default-default</HostId>
</Error>
try:
host = 'http://192.168.199.81:7480'
access_key = '2324YFZ7QDEOSRL18QHR'
secret_key = 'rL9FabxCOw5LDbrHtmykiGSCjzpKLmEs9WPiNjVJ'
client = boto3.client('sts',
aws_access_key_id = access_key,
aws_secret_access_key = secret_key,
endpoint_url = host)
response = client.assume_role(
RoleArn='arn:aws:iam:::role/application_abc/component_xyz/S3Access',
RoleSessionName='Bob',
DurationSeconds=3600
)
print response
except:
print traceback.format_exc()
Who can tell me if my configuration or code is wrong?
My version of ceph is: ceph version 14.1.0 (adfd524c32325562f61c055a81dba4cb1b117e84) nautilus (dev)
_______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com