GetRole Error:405 Method Not Allowed

["myxingkong" <admin@xxxxxxxxxxx>]

I created a role and attached a permission policy to it.

radosgw-admin role create --role-name=S3Access --path=/application_abc/component_xyz/ --assume-role-policy-doc=\{\"Version\":\"2012-10-17\",\"Statement\":\[\{\"Effect\":\"Allow\",\"Principal\":\{\"AWS\":\[\"arn:aws:iam:::user/TESTER\"\]\},\"Action\":\[\"sts:*\"\]\}\]\}

radosgw-admin role-policy put --role-name=S3Access --policy-name=Policy1 --policy-doc=\{\"Version\":\"2012-10-17\",\"Statement\":\[\{\"Effect\":\"Allow\",\"Action\":\[\"s3:*\"\],\"Principal\":\{\"AWS\":\[\"arn:aws:iam:::user/TESTER\"\]\}\}\]\}

I then created a user with administrator privileges.

radosgw-admin user create --uid=admin --display-name="admin" --admin

radosgw-admin caps add --uid=admin --caps="roles=*"

When I use the REST admin APIs to get the Role, it returns an HTTP 405 error.

Request:

POST / HTTP/1.1

Host: 192.168.199.81:7480

Accept-Encoding: identity

Content-Length: 51

Content-Type: application/x-www-form-urlencoded; charset=utf-8

X-Amz-Date: 20190307T062057Z

Authorization: AWS4-HMAC-SHA256 Credential=PW6NM2ITY1U7AZDD23LR/20190307//iam/aws4_request, SignedHeaders=content-type;host;x-amz-date, Signature=af5f820f898a856f3a624a47b37d7577bd0bf1b23b4100070a03d910b64717db

User-Agent: Boto3/1.9.107 Python/2.7.15 Windows/7 Botocore/1.12.107

Action="">

Response:

HTTP/1.1 405 Method Not Allowed

Content-Length: 191

x-amz-request-id: tx000000000000000000004-005c80b848-1b028-default

Accept-Ranges: bytes

Content-Type: application/xml

Date: Thu, 07 Mar 2019 06:20:56 GMT

Connection: keep-alive

<?xml version="1.0" encoding="UTF-8"?><Error><Code>MethodNotAllowed</Code><RequestId>tx000000000000000000004-005c80b848-1b028-default</RequestId><HostId>1b028-default-default</HostId></Error>

This is my test code:

import os

import sys

import boto3

import traceback

try:

    host = 'http://192.168.199.81:7480'

    access_key = 'PW6NM2ITY1U7AZDD23LR'

    secret_key = 'o0Td78FhgxUMJ6qZuv5OcmntLEYpyavVUuZE5TGM'

    client = boto3.client('iam',

                          aws_access_key_id = access_key,

                          aws_secret_access_key = secret_key,

                          endpoint_url = host,

                          region_name="")

    response = client.get_role(

        RoleName='S3Access'

    )

    print response

except:

    print traceback.format_exc()

This is my ceph.conf:

[global]

fsid = adf809ab-6534-469d-afe6-a7677d8a490c

mon_initial_members = admin, node1, node2, node3

mon_host = 192.168.199.81,192.168.199.82,192.168.199.83,192.168.199.84

auth_cluster_required = cephx

auth_service_required = cephx

auth_client_required = cephx

osd pool default size = 2

[client.rgw.admin]

rgw sts key = "abcdefghijklmnopq"

rgw s3 auth use sts = true

Can someone tell me if my configuration is incorrect?

Or does the version I tested not provide a rest admin API?

My version of ceph is: ceph version 14.1.0 (adfd524c32325562f61c055a81dba4cb1b117e84) nautilus (dev)

Thanks,

myxingkong

_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com