Re: GetRole Error:405 Method Not Allowed

Pritha Srivastava <prsrivas@xxxxxxxxxx> · Thu, 7 Mar 2019 13:43:30 +0530

A separate 'iam' namespace is still not supported in RGW, hence the REST APIs for Roles using boto will not work. The REST APIs have been tested using another client (s3curl) for the time being.

On Thu, Mar 7, 2019 at 12:00 PM myxingkong <admin@xxxxxxxxxxx> wrote:

I created a role and attached a permission policy to it.

radosgw-admin role create --role-name=S3Access --path=/application_abc/component_xyz/ --assume-role-policy-doc=\{\"Version\":\"2012-10-17\",\"Statement\":\[\{\"Effect\":\"Allow\",\"Principal\":\{\"AWS\":\[\"arn:aws:iam:::user/TESTER\"\]\},\"Action\":\[\"sts:*\"\]\}\]\}

radosgw-admin role-policy put --role-name=S3Access --policy-name=Policy1 --policy-doc=\{\"Version\":\"2012-10-17\",\"Statement\":\[\{\"Effect\":\"Allow\",\"Action\":\[\"s3:*\"\],\"Principal\":\{\"AWS\":\[\"arn:aws:iam:::user/TESTER\"\]\}\}\]\}

I then created a user with administrator privileges.

radosgw-admin user create --uid=admin --display-name="admin" --admin

radosgw-admin caps add --uid=admin --caps="roles=*"

When I use the REST admin APIs to get the Role, it returns an HTTP 405 error.

Request:

POST / HTTP/1.1
Host: 192.168.199.81:7480
Accept-Encoding: identity
Content-Length: 51
Content-Type: application/x-www-form-urlencoded; charset=utf-8
X-Amz-Date: 20190307T062057Z
Authorization: AWS4-HMAC-SHA256 Credential=PW6NM2ITY1U7AZDD23LR/20190307//iam/aws4_request, SignedHeaders=content-type;host;x-amz-date, Signature=af5f820f898a856f3a624a47b37d7577bd0bf1b23b4100070a03d910b64717db
User-Agent: Boto3/1.9.107 Python/2.7.15 Windows/7 Botocore/1.12.107

Action="">

Response:

HTTP/1.1 405 Method Not Allowed
Content-Length: 191
x-amz-request-id: tx000000000000000000004-005c80b848-1b028-default
Accept-Ranges: bytes
Content-Type: application/xml
Date: Thu, 07 Mar 2019 06:20:56 GMT
Connection: keep-alive

<?xml version="1.0" encoding="UTF-8"?><Error><Code>MethodNotAllowed</Code><RequestId>tx000000000000000000004-005c80b848-1b028-default</RequestId><HostId>1b028-default-default</HostId></Error>

This is my test code:

import os
import sys
import boto3
import traceback

try:
    host = 'http://192.168.199.81:7480'
    access_key = 'PW6NM2ITY1U7AZDD23LR'
    secret_key = 'o0Td78FhgxUMJ6qZuv5OcmntLEYpyavVUuZE5TGM'

    client = boto3.client('iam',
                          aws_access_key_id = access_key,
                          aws_secret_access_key = secret_key,
                          endpoint_url = host,
                          region_name="")

    response = client.get_role(
        RoleName='S3Access'
    )
    print response
except:
    print traceback.format_exc()

This is my ceph.conf:

[global]
fsid = adf809ab-6534-469d-afe6-a7677d8a490c
mon_initial_members = admin, node1, node2, node3
mon_host = 192.168.199.81,192.168.199.82,192.168.199.83,192.168.199.84
auth_cluster_required = cephx
auth_service_required = cephx
auth_client_required = cephx
osd pool default size = 2

[client.rgw.admin]
rgw sts key = "abcdefghijklmnopq"
rgw s3 auth use sts = true

Can someone tell me if my configuration is incorrect?
Or does the version I tested not provide a rest admin API?

My version of ceph is: ceph version 14.1.0 (adfd524c32325562f61c055a81dba4cb1b117e84) nautilus (dev)

Thanks,
myxingkong

_______________________________________________

ceph-users mailing list

ceph-users@xxxxxxxxxxxxxx

http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com

_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com