Hi Pritha:
I added administrator quotas to users, but they didn't seem to work.
radosgw-admin user create --uid=ADMIN --display-name=ADMIN --admin --system
radosgw-admin caps add --uid="ADMIN" --caps="user-policy=*;roles=*;users=*;buckets=*;metadata=*;usage=*;zone=*"
{
"user_id": "ADMIN",
"display_name": "ADMIN",
"email": "",
"suspended": 0,
"max_buckets": 1000,
"subusers": [],
"keys": [
{
"user": "ADMIN",
"access_key": "HTRJ1HIKR4FB9A24ZG9C",
"secret_key": "Dfk7t5u4jvdyFMlEf8t4MTdBLEqVlru7tag1g8PE"
}
],
"swift_keys": [],
"caps": [
{
"type": "buckets",
"perm": "*"
},
{
"type": "metadata",
"perm": "*"
},
{
"type": "roles",
"perm": "*"
},
{
"type": "usage",
"perm": "*"
},
{
"type": "user-policy",
"perm": "*"
},
{
"type": "users",
"perm": "*"
},
{
"type": "zone",
"perm": "*"
}
],
"op_mask": "read, write, delete",
"system": "true",
"default_placement": "",
"default_storage_class": "",
"placement_tags": [],
"bucket_quota": {
"enabled": false,
"check_on_raw": false,
"max_size": -1,
"max_size_kb": 0,
"max_objects": -1
},
"user_quota": {
"enabled": false,
"check_on_raw": false,
"max_size": -1,
"max_size_kb": 0,
"max_objects": -1
},
"temp_url_keys": [],
"type": "rgw",
"mfa_ids": []
}
Thanks,
myxingkong
发件人: Pritha Srivastava
发送时间: 2019-03-12 12:23:24
收件人:
myxingkong
主题: Re: [ceph-users] How to attach permission policy to user?
PrithaThanks,radosgw-admin caps add --uid=<uid of user> --caps="user-policy=*"Hi Myxingkong,Did you add admin caps to the user (with access key id 'HTRJ1HIKR4FB9A24ZG9C'), which is trying to attach a user policy. using the command below:
On Tue, Mar 12, 2019 at 7:19 AM myxingkong <admin@xxxxxxxxxxx> wrote:
Hi Pritha:I was unable to attach the permission policy through S3curl, which returned an HTTP 403 error../s3curl.pl --id admin -- -s -v -X POST "http://192.168.199.81:7480/?Action="">"Request:> POST /?Action="" HTTP/1.1> User-Agent: curl/7.29.0> Host: 192.168.199.81:7480> Accept: */*> Date: Tue, 12 Mar 2019 01:39:55 GMT> Authorization: AWS HTRJ1HIKR4FB9A24ZG9C:FTMBoc7+sJf0K+cx+nYD7Sdj2Xg=Response:< HTTP/1.1 403 Forbidden< Content-Length: 187< x-amz-request-id: tx000000000000000000144-005c870deb-4a92d-default< Accept-Ranges: bytes< Content-Type: application/xml< Date: Tue, 12 Mar 2019 01:39:55 GMT<* Connection #0 to host 192.168.199.81 left intact<?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><RequestId>tx000000000000000000144-005c870deb-4a92d-default</RequestId><HostId>4a92d-default-default</HostId></Error>.s3curl%awsSecretAccessKeys = (admin => {id => 'HTRJ1HIKR4FB9A24ZG9C',key => 'Dfk7t5u4jvdyFMlEf8t4MTdBLEqVlru7tag1g8PE',},);Can you tell me what went wrong?Thanks,myxingkong
发件人: myxingkong发送时间: 2019-03-11 18:13:33收件人: prsrivas@xxxxxxxxxx主题: Re: [ceph-users] How to attach permission policy to user?Hi Pritha:This is the documentation for configuring restful modules:The command given according to the official documentation is to attach the permission policy through the REST API.This is the documentation for STS lite:My version of ceph is: ceph version 14.1.0 (adfd524c32325562f61c055a81dba4cb1b117e84) nautilus (dev)Thanks,myxingkongOn 3/11/2019 18:06,Pritha Srivastava<prsrivas@xxxxxxxxxx> wrote:PrithaThanks,Right now there is no other way to attach a permission policy to a user.Hi Myxingkong,Can you explain what you mean by 'enabling restful modules', particularly which document are you referring to?
There is work in progress for adding functionality to RGW using which such calls can be scripted using boto.
On Mon, Mar 11, 2019 at 3:21 PM myxingkong <admin@xxxxxxxxxxx> wrote:
_______________________________________________Hello:I want to use the GetSessionToken method to get the temporary credentials, but according to the answer given in the official documentation, I need to attach a permission policy to the user before I can use the GetSessionToken method.This is the command for the additional permission policy provided by the official documentation:s3curl.pl --debug --id admin -- -s -v -X POST "http://localhost:8000/?Action="">"Version\":\"2012-10-17\",\"Statement\":\[\{\"Effect\":\"Deny\",\"Action\":\"s3:*\",\"Resource\":\[\"*\"\],\"Condition\":\{\"BoolIfExists\":\{\"sts:authentication\":\"false\"\}\}\},\{\"Effect\":\"Allow\",\"Action\":\"sts:GetSessionToken\",\"Resource\":\"*\",\"Condition\":\{\"BoolIfExists\":\{\"sts:authentication\":\"false\"\}\}\}\]\}&Version=2010-05-08"This requires enabling restful modules to execute this command.I configured the restful module according to the documentation, but without success, I was unable to configure the SSL certificate.ceph config-key set mgr/restful/crt -i restful.crtWARNING: it looks like you might be trying to set a ceph-mgr module configuration key. Since Ceph 13.0.0 (Mimic), mgr module configuration is done with `config set`, and new values set using `config-key set` will be ignored.set mgr/restful/crtCan someone tell me if there is a way to configure a restful module's certificate, or if there is another way to attach permission policies to users?Thanks,myxingkong
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
_______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com